On Mar 23, 2010, at 11:21 AM, Perry E. Metzger wrote:
>
> Ekr has an interesting blog post up on the question of whether protocol
> support for periodic rekeying is a good or a bad thing:
>
> http://www.educatedguesswork.org/2010/03/against_rekeying.html
>
> I'd be interested in hearing what p
--
From: "Perry E. Metzger"
Subject: "Against Rekeying"
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position, partially because I think we have too little
experience with real world attacks on cryptograp
"Perry E. Metzger" writes:
> Ekr has an interesting blog post up on the question of whether protocol
> support for periodic rekeying is a good or a bad thing:
>
> http://www.educatedguesswork.org/2010/03/against_rekeying.html
>
> I'd be interested in hearing what people think on the topic. I'm a
Seems people like bottom post around here.
On Tue, Mar 23, 2010 at 8:51 PM, Nicolas Williams
wrote:
> On Tue, Mar 23, 2010 at 10:42:38AM -0500, Nicolas Williams wrote:
>> On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
>> > Ekr has an interesting blog post up on the question of
On Mar 23, 2010, at 22:42, Jon Callas wrote:
> If you need to rekey, tear down the SSL connection and make a new one. There
> should be a higher level construct in the application that abstracts the two
> connections into one session.
... which will have its own subtleties and hence probabilit
On Mar 21, 2010, at 4:13 PM, Sergio Lerner wrote:
> I looking for a public-key cryptosystem that allows commutation of the
> operations of encription/decryption for different users keys
> ( Ek(Es(m)) = Es(Ek(m)) ).
> I haven't found a simple cryptosystem in Zp or Z/nZ.
>
> I think the solution
http://www.wired.com/threatlevel/2010/03/packet-forensics/
"At a recent wiretapping convention however, security researcher Chris Soghoian
discovered that a small company was marketing internet spying boxes to the feds
designed to intercept those communications, without breaking the encryption,
Daniel Bleichenbacher presented an implementation attack against DSA in
2001 titled "On the generation of DSS one-time keys". I think it made
the rounds as a preprint, but I don't know if it was ever officially
published. It's cited frequently (e.g. in the SEC1 doc
http://www.secg.org/download/ai
On 2010-03-22 11:22 PM, Sergio Lerner wrote:
Commutativity is a beautiful and powerful property. See "On the power
of Commutativity in Cryptography" by Adi Shamir.
Semantic security is great and has given a new provable sense of
security, but commutative building blocks can be combined to build
On Mar 24, 2010, at 2:07 AM, Stephan Neuhaus wrote:
>
> On Mar 23, 2010, at 22:42, Jon Callas wrote:
>
>> If you need to rekey, tear down the SSL connection and make a new one. There
>> should be a higher level construct in the application that abstracts the two
>> connections into one sessio
On 2010-03-23 1:09 AM, Sergio Lerner wrote:
I've read some papers, not that much. But I don't mind reinventing the
wheel, as long as the new protocol is simpler to explain.
Reading the literature, I couldn't find a e-cash protocol which :
- Hides the destination / source of payments.
- Hides t
I think the problem is more marketing and less technology. Some
marketoid somewhere decided to say that their product supports rekeying
(they usually call it "key agility"). Probably because they read
somewhere that you should change your password frequently (another
misconception, but that's f
From: coderman
Date: Wed, 24 Mar 2010 10:50:33 -0700
To: Morlock Elloi
Cc: cypherpu...@al-qaeda.net
Subject: Re: [vserver] Bought an entropykey - very happy
On Wed, Mar 24, 2010 at 8:43 AM, Morlock Elloi
wrote:
> While avalanche noise (hoping it doesn't start to tunnel - that current must
be a
March 24th, 2010 New Research Suggests That Governments May Fake SSL
Certificates
Technical Analysis by Seth Schoen
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
""Today two computer security researchers, Christopher Soghoian and Sid Stamm,
released a
Rui Paulo writes:
-+---
| http://www.wired.com/threatlevel/2010/03/packet-forensics/
|
| "At a recent wiretapping convention however, security researcher Chris =
| Soghoian discovered that a small company was marketing internet spying =
| boxes to the feds designed to intercept t
Matt has an interesting blog post up about the Soghoian & Stamm SSL
interception paper:
http://www.crypto.com/blog/spycerts
--
Perry E. Metzgerpmetz...@cis.upenn.edu
Department of Computer and Information Science, University of Pennsylvania
-
On 24/03/2010 08:28, Simon Josefsson wrote:
> "Perry E. Metzger" writes:
>
>> Ekr has an interesting blog post up on the question of whether protocol
>> support for periodic rekeying is a good or a bad thing:
>>
>> http://www.educatedguesswork.org/2010/03/against_rekeying.html
>>
>> I'd be intere
On Thu, Mar 25, 2010 at 01:24:16PM +, Ben Laurie wrote:
> Note, however, that one of the reasons the TLS renegotiation attack was
> so bad in combination with HTTP was that reauthentication did not result
> in use of the new channel to re-send the command that had resulted in a
> need for reaut
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
> Ekr has an interesting blog post up on the question of whether protocol
> support for periodic rekeying is a good or a bad thing:
>
> http://www.educatedguesswork.org/2010/03/against_rekeying.html
On Mar 23, 2010, at 4:23 PM, Ada
19 matches
Mail list logo