=?iso-8859-1?Q?Kristian_Gj=F8steen?= writes:
>(For what it's worth, I discounted the press reports about a trapdoor in
>Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I
>was wrong.)
+1. It's the Vinny Gambini effect (from the film My Cousin Vinny):
Judge Haller: M
On 25/09/13 17:17, ianG wrote:
On 24/09/13 19:23 PM, Kelly John Rose wrote:
I have always approached that no encryption is better than bad
encryption, otherwise the end user will feel more secure than they
should and is more likely to share information or data they should not
be on that line.
ianG writes:
>Well, defaults being defaults, we can assume most people have left it in
>default mode. I suppose we could ask for research on this question, but I'm
>going to guess: most.
âSoftware Defaults as De Facto Regulation: The Case of Wireless APsâ, Rajiv
Shah and Christian Sandvig,
On 25/09/13 13:25, Adam Back wrote:
On Wed, Sep 25, 2013 at 11:59:50PM +1200, Peter Gutmann wrote:
Something that can "sign a new RSA-2048 sub-certificate" is called a
CA. For
a browser, it'll have to be a trusted CA. What I was asking you to
explain is
how the browsers are going to deal with
Adam Back writes:
>Is there a possibility with RSA-RSA ciphersuite to have a certified RSA
>signing key, but that key is used to sign an RS key negotiation?
Yes, but not in the way you want. This is what the 1990s-vintage RSA export
ciphersuites did, but they were designed so you couldn't use t
On 25/09/13 21:12 PM, Jerry Leichter wrote:
On Sep 25, 2013, at 12:31 PM, ianG wrote:
...
My conclusion is: avoid all USA, Inc, providers of cryptographic products.
In favor off ... who?
Ah well, that is the sticky question. If we accept the conclusion, I
see these options:
1. shift
On 26/09/13 02:24 AM, Peter Fairbrother wrote:
On 25/09/13 17:17, ianG wrote:
On 24/09/13 19:23 PM, Kelly John Rose wrote:
I have always approached that no encryption is better than bad
encryption, otherwise the end user will feel more secure than they
should and is more likely to share inform
On 26/09/13 02:32 AM, Peter Gutmann wrote:
ianG writes:
Well, defaults being defaults, we can assume most people have left it in
default mode. I suppose we could ask for research on this question, but I'm
going to guess: most.
“Software Defaults as De Facto Regulation: The Case of Wirele