On 2010-03-05 15:58 PST, Wan-Teh Chang wrote:
On Wed, Mar 3, 2010 at 4:05 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
TLS depends on the cipher-suites, and fortunately it's not hard-coded.
Unfortunately, the first cipher suites using SHA256 are the one defined in
TLS1.2 (RFC5246), and I
On Wed, Mar 3, 2010 at 4:05 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
TLS depends on the cipher-suites, and fortunately it's not hard-coded.
Unfortunately, the first cipher suites using SHA256 are the one defined in
TLS1.2 (RFC5246), and I believe the support for this RFC is still not
Gregory BELLIER wrote:
Ok, so it's still sha1 by default for S/Mime ?
Is it also sha1 by default for TLS ?
TLS depends on the cipher-suites, and fortunately it's not hard-coded.
Unfortunately, the first cipher suites using SHA256 are the one defined
in TLS1.2 (RFC5246), and I believe the
Konstantin Andreev a écrit :
On Wen, 03 Jun 2009, Nelson B Bolyard wrote:
Finally, I will add that (IINM) Thunderbird 3 has support for AES.
I don't know about the SHA1 vs SHA2 issue.
No, it hasn't, TB hardcodes SHA1. No variations:
( begin cite )
nsresult
On 2009-12-25 08:28 PST, Konstantin Andreev wrote:
On Wen, 03 Jun 2009, Nelson B Bolyard wrote:
Finally, I will add that (IINM) Thunderbird 3 has support for AES.
I don't know about the SHA1 vs SHA2 issue.
No, it hasn't, TB hardcodes SHA1. No variations:
( begin cite )
On Wen, 03 Jun 2009, Nelson B Bolyard wrote:
Finally, I will add that (IINM) Thunderbird 3 has support for AES.
I don't know about the SHA1 vs SHA2 issue.
No, it hasn't, TB hardcodes SHA1. No variations:
( begin cite )
nsresult
nsMsgComposeSecure::MimeInitMultipartSigned()
{
Michael Ströder wrote:
- add a time-stamp and update the S/MIME capabilities
and timestamp whenever a new S/MIME message is received.
- use the cert extension solely when no signed S/MIME message was received
so far or the notBefore date of the e-mail cert is newer than the
timestamp of the last
2009/6/26 Michael Ströder mich...@stroeder.com:
Nelson B Bolyard wrote:
But only a small minority of mail users use MUAs
that reside on their own computers today. Webmail rules,
That might be true in the U.S. It's not true here in Germany.
and entrusting your private key to your free
Nelson Bolyard wrote:
I wrote:
If Microsoft has merely taken a DER-encoded object from another standard
and has incorporated it into a cert extension, that seems fine to me.
I hope they did it in such a way that existing BER/DER parsers of the
sMIMECapabilities attribute can just parse the
Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
Does this assume LDAP for acquiring the certificate without a signed
S/MIME message? (So it is only relevant in corporate setting?)
No. There are many ways to get a cert for an email correspondent.
There is only one way to get that
I wrote:
If Microsoft has merely taken a DER-encoded object from another standard
and has incorporated it into a cert extension, that seems fine to me.
I hope they did it in such a way that existing BER/DER parsers of the
sMIMECapabilities attribute can just parse the extension body directly.
Nelson B Bolyard wrote:
If Microsoft has merely taken a DER-encoded object from another standard
and has incorporated it into a cert extension, that seems fine to me.
I hope they did it in such a way that existing BER/DER parsers of the
sMIMECapabilities attribute can just parse the extension
Nelson B Bolyard wrote:
Does this assume LDAP for acquiring the certificate without a signed
S/MIME message? (So it is only relevant in corporate setting?)
No. There are many ways to get a cert for an email correspondent.
There is only one way to get that correspondent's email
On 2009-06-30 07:39 PDT, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
Does this assume LDAP for acquiring the certificate without a signed
S/MIME message? (So it is only relevant in corporate setting?)
No. There are many ways to get a cert for an email correspondent.
There is only
Ian G wrote:
Google's Wave will hopefully be the finale for S/MIME.
Hmmm, tell me more. It does look interesting!
How is it secured? I read some blurbs and things but I'm hoping someone
knows the answers.
I must confess that I don't have detailed knowledge about Wave but
it appears to be
On 26/6/09 23:51, Anders Rundgren wrote:
Google's Wave will hopefully be the finale for S/MIME.
Hmmm, tell me more. It does look interesting!
How is it secured? I read some blurbs and things but I'm hoping someone
knows the answers.
iang
--
dev-tech-crypto mailing list
Anders Rundgren wrote:
Gervase Markham wrote:
The biggest impediment to secure email today is the existence and
popularity of webmail. In Mozilla terms, the biggest impediment to
Thunderbird today is Firefox.
It seems that people are happy to make the trade-off of privacy
against
Nelson B Bolyard wrote:
But only a small minority of mail users use MUAs
that reside on their own computers today. Webmail rules,
That might be true in the U.S. It's not true here in Germany.
and entrusting your private key to your free webmail provider makes
no sense at all.
Yupp.
Ciao,
On 06/26/2009 09:18 PM, Michael Ströder:
Nelson B Bolyard wrote:
But only a small minority of mail users use MUAs
that reside on their own computers today. Webmail rules,
That might be true in the U.S. It's not true here in Germany.
Webmail doesn't rule...otherwise somebody
Eddy Nigg wrote:
On 06/26/2009 09:18 PM, Michael Ströder:
But only a small minority of mail users use MUAs
that reside on their own computers today. Webmail rules,
That might be true in the U.S. It's not true here in Germany.
Webmail doesn't rule...otherwise somebody explain to me from what
On 24/06/09 23:49, Nelson B Bolyard wrote:
S/MIME's protection of message authenticity, integrity and confidentiality
are unbroken and unsurpassed. It is implemented in most Windows, Mac and
Linux email MUA's today. But only a small minority of mail users use MUAs
that reside on their own
Gervase Markham wrote:
The biggest impediment to secure email today is the existence and
popularity of webmail. In Mozilla terms, the biggest impediment to Thunderbird
today is Firefox.
It seems that people are happy to make the trade-off of privacy against
convenience here. I suspect it's
I really hate the licensing on that add-on, by the way -- it flies in the face of what
freedom is, and they call it the doubly-free license by removing the freedom
associated with the GPL?
-Kyle H
On Thu, Jun 25, 2009 at 2:31 AM, Gervase Markhamg...@mozilla.org wrote:
On 24/06/09 23:49,
On 2009-06-21 03:24 PDT, Ian G wrote:
On 19/6/09 15:36, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
if you send an encrypted message to someone from whom you have never
received a signed S/MIME message, you will use weak encryption.
Does this assume LDAP for acquiring the
On 19/6/09 15:36, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
if you send an encrypted message to
someone from whom you have never received a signed S/MIME message, you
will
use weak encryption.
Does this assume LDAP for acquiring the certificate without a signed
S/MIME message?
Ian G wrote:
On 19/6/09 15:36, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
if you send an encrypted message to
someone from whom you have never received a signed S/MIME message, you
will
use weak encryption.
Does this assume LDAP for acquiring the certificate without a signed
Nelson B Bolyard wrote:
if you send an encrypted message to
someone from whom you have never received a signed S/MIME message, you will
use weak encryption.
Thank you for this useful description.
I feel it would make sense to open a bug to change this default.
Rational : If someone went the
On Fri, Jun 19, 2009 at 03:36:08PM +0200, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
if you send an encrypted message to
someone from whom you have never received a signed S/MIME message, you will
use weak encryption.
huh, is this an official statement?
if this is true this means
No, it just means that Thunderbird needs to catch up with the times
and implement a newer version of the specifications, one that was
written after the US's draconian ITAR rules were changed.
-Kyle H
On Fri, Jun 19, 2009 at 6:48 AM, Georgi Guninskigunin...@guninski.com wrote:
On Fri, Jun 19,
2's S/MIME conforms to an old version of the specifications,
RFC 2630 and RFC 2633, written in 1999, which was before the export control
regulations were changed.
As specified there, when you send a signed S/MIME message, it contains a
record of your SMIME capabilities, the algorithms and key sizes
I'm not able to see what encryption algorithms Thunderbird 2.0.x is
using. From what I've been able to tell (through downloading the
encrypted message into Microsoft Outlook), Thunderbird is using 3DES
encryption with SHA-1 hashes.
I'm wondering if there's any way to change the encryption to
31 matches
Mail list logo
