Re: Getting certificates.

2003-09-06 Thread James A. Donald
-- James A. Donald: > > > > SSH server public/private keys are widely deployed. > > > > PKI public keys are not. Reason is that each SSH > > > > server just whips up its own keys without asking > > > > anyone's permission, or getting any certificates. Eric Murray: > > > ..which means that it

SSH MITM (was Re: Getting certificates)

2003-09-05 Thread Eric Murray
On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote: > > On 4 Sep 2003 at 7:56, Eric Murray wrote: > > ..which means that it [ssh-- ericm] still requires an OOB authentication. > > (or blinding typing 'yes' and ignoring the consequences). But > > that's another subject. > > Not true

Re: Getting certificates.

2003-09-04 Thread Eric Murray
On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote: > -- > SSH server public/private keys are widely deployed. PKI public > keys are not. Reason is that each SSH server just whips up its > own keys without asking anyone's permission, or getting any > certificates. .which mean

Re: Getting certificates.

2003-09-04 Thread James A. Donald
-- James A. Donald: > > Outlook and outlook express support digital signing and > > encryption -- but one must first get a certificate. > > > > Now what I want is a certificate that merely asserts that > > the holder of the certificate can receive email at such and > > such an address, and tha

re: Getting certificates.

2003-09-04 Thread James A. Donald
-- 3 Sep 2003 at 20:16, Anonymous via the Cypherpunks wrote: > Here is an interesting post regarding the CA issue: > > http://lists.spack.org/pipermail/wordup/2003/000684.html > > You may want to look at http://www.cacert.org. It may do what > you want. Their free client certificates are no d

re: Getting certificates.

2003-09-03 Thread Anonymous via the Cypherpunks Tonga Remailer
On Wed, 3 Sep 2003, James A. Donald wrote: > -- > SSH server public/private keys are widely deployed. PKI public > keys are not. Reason is that each SSH server just whips up its > own keys without asking anyone's permission, or getting any > certificates. > > Outlook and outlook express supp

Re: Getting certificates.

2003-09-03 Thread Dave Howe
> Outlook and outlook express support digital signing and > encryption -- but one must first get a certificate. > > Now what I want is a certificate that merely asserts that the > holder of the certificate can receive email at such and such an > address, and that only one such certificate has been