Re: Has there been a change in US banking regulations recently?

2010-08-14 Thread Chris Palmer
Anne & Lynn Wheeler writes: > subset ... was based on computational load caused by SSL cryptography > in the online merchant scenario, it cut thruput by 90-95%; alternative to > handle the online merchant scenario for total user interaction would have > required increasing the number of serve

Re: Has there been a change in US banking regulations recently?

2010-08-14 Thread Jeff Simmons
On Friday 13 August 2010 11:33, eric.lengve...@wellsfargo.com wrote: > I'd like to clarify a bit. PCI-DSS wasn't developed by the big banks. It > isn't usually enforced by big banks except insofar as they are liable for > PCI-DSS compliance when outsourcing to or partnering with other companies. >

Re: new tech report on easy-to-use IPsec

2010-08-14 Thread Steven Bellovin
On Aug 11, 2010, at 12:21 47PM, Adam Aviv wrote: > I think the list may get a kick out of this. > > The tech-report was actually posted on the list previously, which is > where I found it. Link included for completeness. > > http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433 Thank

Re: Has there been a change in US banking regulations recently?

2010-08-14 Thread Anne & Lynn Wheeler
On 08/13/2010 03:16 PM, Chris Palmer wrote: When was this *ever* true? Seriously. re: http://www.garlic.com/~lynn/2010m.html#50 ... original design/implementation. The very first commerce server implementation by the small client/server startup (that had also invented "SSL") ... was mall para

Re: Has there been a change in US banking regulations recently?

2010-08-14 Thread The Fungi
On Fri, Aug 13, 2010 at 09:32:57AM -0700, Jeff Simmons wrote: > It wouldn't surprise me if there's been some blowback from the > adoption of PCI-DSS (Payment Card Industry Data Security > Standards). As someone who has had to help several small to medium > size businesses comply with these 'volunta

RE: Has there been a change in US banking regulations recently?

2010-08-14 Thread eric.lengvenis
>Ann & Lynn Wheeler wrote: > the original requirement for SSL deployment was that it was on from the > original URL entered by the user. The drop-back to using SSL for only small > subset ... was based on computational load caused by SSL cryptography in > the online merchant scenario, it cut

Re: Has there been a change in US banking regulations recently?

2010-08-14 Thread Thor Lancelot Simon
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote: > > The big drawback is that those who want to follow NIST's > recommendations to migrate to 2048-bit keys will be returning to > the 2005-era overhead. Dan Kaminsky provided some benchmarks in a > different thread on t