> I know I would be a lot more comfortable with a way to check the mail against
> a piece of paper I received directly from my bank.
I would say this puts you in the sub 1% of the populace. Most people want to
do things online because it is much easier and "gets rid of paper." Those are
the s
Bill said he wanted a piece of paper that could help verify his bank's
certificate. I claimed he's in the extreme minority who would do that and he
asked for proof.
I can only, vaguely, recall that one of the East Coast big banks (or perhaps
the only one that is left) at one point had a third-
> Experience suggests that asking a standards committee to do the encoding
> format is a disaster.
That's over-stating it. Sub-optimal, perhaps.
> Why can't we just designate some big player to do it, and follow suit?
Okay that data encoding scheme from Google protobufs or Facebook thrift. Do
> The ASN.1 compiler is open source. Google's compiler is not.
Hunh? Code http://code.google.com/p/protobuf Perhaps you are confused because
the compiler is also available separately for those that don't want the whole
distribution. Like the way Linux packages are often available as foo and
Last week, the American TV show Elementary (a TV who-done-it) was about the
murder of two mathematicians who were working on proof of P=NP. The
implications to crypto, and being able to "crack into servers" was covered. It
was mostly accurate, up until the deux ex machine of the of the NSA hidin
> TLS was designed to support multiple ciphersuites. Unfortunately this opened
> the door
> to downgrade attacks, and transitioning to protocol versions that wouldn't do
> this was nontrivial.
> The ciphersuites included all shared certain misfeatures, leading to the
> current situation.
On the
> The simple(-minded) idea is that everybody receives everybody's email, but
> can only read their own. Since everybody gets everything, the metadata is
> uninteresting and traffic analysis is largely fruitless.
Some traffic analysis is still possible based on just message originator. If I
se
➢ then maybe it's not such a "silly accusation" to think that root CAs are
routinely distributed to multinational secret
➢ services to perform MITM session decryption on any form of communication
that derives its security from the CA PKI.
How would this work, in practice? How would knowing a
> * NSA employees participted throughout, and occupied leadership roles
> in the committee and among the editors of the documents
> Slam dunk. If the NSA had wanted it, they would have designed it themselves.
> The only
> conclusion for their presence that is rational is to sabotage it
> Yesterday, Apple made the bold, unaudited claim that it will never save the
> fingerprint data outside of the A7 chip.
> Why should we trust Cook & Co.?
I'm not sure it matters. If I want your fingerprint, I'll lift it off your
phone.
--
Principal Security Engineer
Akamai Technology
Cambri
10 matches
Mail list logo