Re: [mm] delegating SSL certificates

2008-03-17 Thread Dirk-Willem van Gulik
On Mar 16, 2008, at 7:52 PM, Ben Laurie wrote: Dirk-Willem van Gulik wrote: So I'd argue that while x509, its CA's and its CRL's are a serious pain to deal** with, and seem add little value if you assume avery diligent and experienced operational team -- they do provide a useful

Re: RNG for Padding

2008-03-17 Thread Hal Finney
Mr Pink writes: In Applied Crypto, the use of padding for CBC encryption is suggested to be met by ending the data block with a 1 and then all 0s to the end of the block size. Is this not introducing a risk as you are essentially introducing a large amount of guessable plaintext into the

Re: delegating SSL certificates

2008-03-17 Thread Leichter, Jerry
| So at the company I work for, most of the internal systems have | expired SSL certs, or self-signed certs. Obviously this is bad. | | You only think this is bad because you believe CAs add some value. | | Presumably the value they add is that they keep browsers from popping | up scary

Re: delegating SSL certificates

2008-03-17 Thread Bill Squier
On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote: | So at the company I work for, most of the internal systems have | expired SSL certs, or self-signed certs. Obviously this is bad. | | You only think this is bad because you believe CAs add some value. | | Presumably the value they add