Re: Standard ways of PKCS #8 encryption without PKCS #5?

2005-12-24 Thread Peter Gutmann
Jack Lloyd [EMAIL PROTECTED] writes: Does anyone know of any 'standard' [*] ways of encrypting private keys in the usual PKCS #8 format without using password-based encryption? It is obviously not hard to do, as you can stick whatever you like into the encryptionAlgorithm field, so it would be

Re: A small editorial about recent events.

2005-12-24 Thread dan
Chris Palmer writes: -+-- | | [EMAIL PROTECTED] writes: | You know, as a security person, I say all the time that the greatest | threat is internal threat, not external threat. In my day job, I/we | make surveillance tools to prevent data threat from materializing, and

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-24 Thread Ben Laurie
Ian G wrote: BTW, illustrating points made here, the cert is for financialcryptography.com but your link was to www.financialcryptography.com. So of course Firefox generated a warning Indeed and even if that gets fixed we still have to contend with: * the blog software

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-24 Thread Ian G
Ben Laurie wrote: ... Hopefully over the next year, the webserver (Apache) will be capable of doing the TLS extension for sharing certs so then it will be reasonable to upgrade. In fact, I'm told (I'll dig up the reference) that there's an X509v3 extension that allows you to specify alternate

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-24 Thread Ben Laurie
Ian G wrote: Ben Laurie wrote: ... Hopefully over the next year, the webserver (Apache) will be capable of doing the TLS extension for sharing certs so then it will be reasonable to upgrade. In fact, I'm told (I'll dig up the reference) that there's an X509v3 extension that allows you to

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-24 Thread Anne Lynn Wheeler
Ben Laurie wrote: If they share an IP address (which they must, otherwise there's no problem), then they must share a webserver, which means they can share a cert, surely? this is a semantic nit ... certs are typically distributed openly and freely ... so potentially everybody in the world has

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-24 Thread Eric Rescorla
Ben Laurie [EMAIL PROTECTED] writes: Ian G wrote: Ben Laurie wrote: ... Hopefully over the next year, the webserver (Apache) will be capable of doing the TLS extension for sharing certs so then it will be reasonable to upgrade. In fact, I'm told (I'll dig up the reference) that there's