The following is related to the S/MIME discussions.
One of the many [unsolvable] problems with S/MIME is the establishment of a
globally working user-level PKI infrastructure.
Although not perfect, I think it is fair to say that a globally working
domain-name-level PKI infrastructure actually
Hi Eddy,
On Nov 21, 10:37 pm, Eddy Nigg [EMAIL PROTECTED] wrote:
On 11/21/2008 10:12 PM, kgb:
Only validated and approved domain names can be included
in a cert, whether in the Subject DN or the SAN.
It is the default template, and best practice that the SAN
(e.g. RFC822, dnsName) to
Anders Rundgren wrote, On 2008-11-22 02:12:
The following is related to the S/MIME discussions.
Anders, here are your choices:
You may either have
a) encryption using authenticated keys or
b) encryption using unauthenticated keys.
Certificates are used for authenticated encryption. If you
On 11/22/2008 12:12 PM, Anders Rundgren:
Enrolment issues? Skype does this without the user having to know what a
certificate is.
LOL! And nobody knows what those keys are, nor if it's authentic and who
else can listen and decrypt. Who controls what exactly? Does the user
has control over
On 11/22/2008 12:32 PM, kgb:
Mandatory inclusion of the SAN extension in a certificate is a policy
we can apply and monitor in the future.
To my understanding NSS ignores the subject line according to the RFC.
DNS name constraints constrain subject alt name extensions, not CN=
attributes in
Nelson,
Thank you for your elaborate answer.
Naturally there is no problem to solve if everybody is connected to one of a
handful of IM providers. The purpose of my proposal was rather investigating
the possibility that each organization or ISP run their own secure messaging
server in about
Anders Rundgren wrote:
The following is related to the S/MIME discussions.
...
If we (security experts) want to create anything that could match closed
networks such as Skype, having 100M+ users enjoying full
end-2-end-security, I think we need to be a bit pragmatic and not hoping
that
Nelson B Bolyard wrote:
The paper I signed stated that the packages had been inspected and found
to be in good order, and released him and his employer from all liability
for damage to them. That signature on that paper ultimately cost my
employer about $6k (a lot of $$ in 1978), IIRC, and I
On 11/22/2008 05:39 PM, Ian G:
I see this as an interesting question. There are pros and cons. First
con; why would we want to do that? Just use Skype. Or, Nelson talked
about AIM having some form of crypto. Also Jabber has something.
Jabber doesn't just have something, but the XMPP
Ian,
I hope you don't mind but I limit my response to a single core topic.
snip
So from this, I gather you want: scalability + distribution.
Absolutely.
Do you want no center(s) at all?
I want each organization/domain entity that can afford an SSL certificate to
become a virtual CA and run
Ian,
For me at least secure messaging means authenticated messaging as well.
Here is the current Firefox solution to certificate distribution.
http://demo.webpki.org/mozkeygen
I don't know what Eddy and Jabber intends to do but it must be something
similar.
Anders
- Original Message -
On 11/22/2008 07:29 PM, Anders Rundgren:
Ian,
For me at least secure messaging means authenticated messaging as well.
Here is the current Firefox solution to certificate distribution.
http://demo.webpki.org/mozkeygen
This serves only for authentication. Hopefully you aren't including
email
This is a pretty basic question but I haven't seen an answer (or maybe
I'm just not googling the right thing). Can a single JVM have
multiple configured/initialized instances of CryptoManager?
Basically, I have an authentication service that supports PKI.
Unfortunately I have two different CAs
Ian G wrote, On 2008-11-22 07:39:
So an obvious thing is to add chat to Tbird. How to do this?
Are you aware of chatzilla? It's been around for a long time.
Protocols and architecture are defined in RFCs 2810-2813. Chatzilla
interoperates with many other chat clients that follow those RFCs.
Eddy Nigg wrote, On 2008-11-22 04:10:
On 11/22/2008 12:32 PM, kgb:
Mandatory inclusion of the SAN extension in a certificate is a policy
we can apply and monitor in the future.
To my understanding NSS ignores the subject line according to the RFC.
I think you mean subject NAME, not subject
Anders Rundgren wrote:
Ian,
For me at least secure messaging means authenticated messaging as well.
Sure, your choice. For me, security is an overall economic equation.
Sometimes this suggests security as unauthenticated, encrypted
messaging, sometimes not :)
Here is the current
16 matches
Mail list logo