Oh? How? All you are suggesting is that the role key is held by a CA -
well, who is that going to be, then?
Unh, no. The same way the ASF determines who gets commit access could
be teh same way the ASF determines who their CA will give
release-signing keys to. The same way the ASF takes away
What this does not address is the common situation where the
distribution gets signed by a different person each time (example:
Apache). I've put some pretty serious thought into this problem and come
to a few conclusions.
The obvious answer is use a role key.
All that work... when a
Nobody is gonna indemnify the world against infringement, but I thought
Stanford's SRP protocol comes as close as realistically possible to what
you're asking for.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.6f.tar.gz
openssl md5 openssl-engine-0.9.6f.tar.gz
Is there another md5/hash program that's readily available?
Cf: Thompson's reflections on trusting trust.
Marc Branchaud wrote:
Any thoughts on this device? At first glance, it doesn't seem
particularly impressive...
http://www.quizid.com/
Looks like hardware S/Key, doesn't it?
If I could fool the user into entering a quizcode, then it seems like I
could get the device and the admin database
Probably moving out of the domain of the crypto list.
volatile char *foo;
volatile, like const, is a storage-class modifier. As written, it
means a pointer to memory that is volatile; this means, in particular,
that you can't optimize away dereferences. If you wrote
char *
but the idea of putting everything you do online on the
same password or credential is just... stupid beyond belief.
Liberty is architected to be federated, unlike Passport.
/r$
-
The Cryptography Mailing List
Unsubscribe
The Liberty Alliance was stillborn to begin with. Not that it made any
practical difference, but the Liberty Alliance received an additional
bullet through the head the day that RSA Security, a key participant in
the Liberty Alliance, announced that they would also support Microsoft
Passport.
All video game
consoles are sold under cost today.
This is wrong. Cf, http://www.actsofgord.com/Proclamations/chapter02.html
/r$
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
Damien O'Rourke wrote:
I was wondering if anyone could list a number of cryptographic processors
that are compliant with the Federal information processing standard (FIPS)
140-2 Security Requirements for cryptographic modules.
NIST, the US Government Agency responsible for FIPS 140, maintains
I get the impression that we're talking at cross-purposes here,
with at least two different discussions.
I suspect that the discussion started from commercial motivations;
cf www.systemics.com
/r$
-
The Cryptography
For the last three years, I've operated a mail alias,
[EMAIL PROTECTED] ... It was
started on a whim, at the suggestion of someone on this
list, if I recall correctly.
That was me.
I think the openssl folks mention it and use it, so sending your posting
there is good idea.
Thanks for all the
12 matches
Mail list logo