Wildcard Certs

2003-06-16 Thread martin f krafft
I just ran across http://certs.centurywebdesign.co.uk/premiumssl-wildcard.html but there are many more sites like that: Secure multiple websites with a single PremiumSSL Certificate. For organisations hosting a single domain name but with different subdomains (e.g.

Re: Wildcard Certs

2003-06-16 Thread martin f krafft
also sprach Stefan Kelm [EMAIL PROTECTED] [2003.06.16.1652 +0200]: Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm the owner of that domain). I could then set up an SSL server with a hostname of something like

Re: The meat with multiple PGP subkeys

2003-06-18 Thread martin f krafft
also sprach David Shaw [EMAIL PROTECTED] [2003.06.18.0240 +0200]: The problem is that the PKS keyserver was not written to handle keys with multiple subkeys. [snip] Thanks for the explanation. I didn't know about subkeys.pgp.net yet. Moreover, I second the belief that the keyservers must be

authentication and ESP

2003-06-19 Thread martin f krafft
As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in: RFC 2406: 2.7 Authentication Data The Authentication Data is a variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication

DH: pubkeys for p and g

2003-06-25 Thread martin f krafft
The Check Point Firewall-1 Docs insist, that the public keys be used for p and g for the Oakley key exchange. I ask you: is this possible? - which of the two pubkeys will be p, which g? - are they both always primes? - are they both always suitable generators mod p? It just seems to me

Re: pubkeys for p and g

2003-06-30 Thread martin f krafft
also sprach Arnold G. Reinhold [EMAIL PROTECTED] [2003.06.29.0424 +0200]: I am not sure I understand. How does this relate to my question? Where does the other factor come from? I got the impression, and maybe I misunderstood, that you were viewing a product of two primes aA, where a was

Re: Voltage - Identity Based Encryption.

2003-07-08 Thread martin f krafft
also sprach C. Wegrzyn [EMAIL PROTECTED] [2003.07.08.2324 +0200]: This is the same approach used in the Authentica system but it is deployed in an enterprise environment. Sure, but this doesn't make it any more secure. I only know very little about Authentica, but it also doesn't strike my

quantum hype

2003-09-13 Thread martin f krafft
Dear Cryptoexperts, With http://www.magiqtech.com/press/navajounveiled.pdf and the general hype about quantum cryptography, I am bugged by a question that I can't really solve. I understand the quantum theory and how it makes it impossible for two parties to read the same stream. However,

Re: quantum hype

2003-09-13 Thread martin f krafft
also sprach David Wagner [EMAIL PROTECTED] [2003.09.13.2306 +0200]: You're absolutely right. Quantum cryptography *assumes* that you have an authentic, untamperable channel between sender and receiver. The standard quantum key-exchange protocols are only applicable when there is some other

Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread martin f krafft
also sprach Ian Grigg [EMAIL PROTECTED] [2003.09.25.2253 +0200]: I wouldn't put all of the blame on Microsoft, Schneier said, the problem is the monoculture. On the face of it, this is being too kind and not striking at the core of Microsoft's insecure OS. For example, viruses are almost

Re: Now Is the Time to Finally Kill Spam - A Call to Action

2003-10-13 Thread martin f krafft
also sprach R. A. Hettinga [EMAIL PROTECTED] [2003.10.13.0639 +0200]: The time to stop this nonsense is now, and there's a non-governmental, low-cost, low-effort way it could happen. Here's my plan of action, it's not original to me but I want to lay it out publicly as a battle plan: Of course

Fwd: New PGP Universal beta: PGP and S/MIME

2003-11-16 Thread martin f krafft
fyi - Forwarded message from Lucky Green [EMAIL PROTECTED] - Cpunks, I spent the last few months working at PGP on a nifty new solution to an old problem: how to get email encryption deployed more widely without requiring user education. Since ideas for solving this problem have been

A-B-a-b encryption

2003-11-16 Thread martin f krafft
it came up lately in a discussion, and I couldn't put a name to it: a means to use symmetric crypto without exchanging keys: - Alice encrypts M with key A and sends it to Bob - Bob encrypts A(M) with key B and sends it to Alice - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread martin f krafft
also sprach Ed Gerck [EMAIL PROTECTED] [2004.05.28.1853 +0200]: It's industry support. We know what it means: multiple, conflicting approaches, slow, fragmented adoption -- will not work. It would be better if the solution does NOT need industry support at all, only user support. It should use

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-31 Thread martin f krafft
also sprach Russell Nelson [EMAIL PROTECTED] [2004.05.30.0515 +0200]: - The infrastructure is not there. Two standards compete for email cryptography, and both need an infrastructure to back them up. Two standards? DomainKeys and what else? I meant PGP and S/MIME But there's

Re: Article on passwords in Wired News

2004-06-04 Thread martin f krafft
also sprach Peter Gutmann [EMAIL PROTECTED] [2004.06.03.1014 +0200]: One-time passwords (TANs) was another thing I covered in the Why isn't the Internet secure yet, dammit! talk I mentioned here a few days ago. From talking to assorted (non-European) banks, I haven't been able to find any