On Sun, Jan 29, 2017 at 10:53 PM, Peter Waltenberg
wrote:
>
> No one cares ?.
I was rather thinking the same thing. Pretty much the same deprecated
status for SHA1, too.
Want to talk about poly1305?
- M
--
openssl-dev mailing list
To unsubscribe:
On Fri, Sep 16, 2016 at 8:52 AM, Salz, Rich wrote:
...
That's because most people have not moved to OpenSSL 1.1.0 yet. I'm not
> joking, I think that's a major reason.
Well, you've provided them with a reason. ;-) Srsly, thanks for not making
the NIST curves the default.
-
I think you should revert to your earlier comment - that High, Medium, Low
are inherently awful. Maybe color codes? ;-)
I consider 3DES-EDE to be adequately strong. The block size is a problem,
speed in software is a problem, etc. but it has been remarkably resilient
against differential
On Sun, Jun 21, 2015 at 3:00 PM, Salz, Rich rs...@akamai.com wrote:
Your analysis is incorrect for servers over the Internet, where the only
thing that an attacker can measure is time. Power and radiation require
close proximity and, often, physical intervention. Those are reasonable
attacks
On Wed, Jul 2, 2014 at 11:23 AM, Loganaden Velvindron
logana...@gmail.com wrote:
If I'm interested in fixing OpenSSL, why shouldn't I have access to
coverity scans ?
I'm not a committer, and not a core member, but I am fully prepared to
answer your question. Because the policy of the project
On Tue, Jun 3, 2014 at 7:10 AM, Theodore Ts'o ty...@mit.edu wrote:
There's a very simple solution to that problem, especially since we
now have the support and attention of many hardware companies. The
rule should be very simple. If a company doesn't contribute either
(a) exclusive,
On Thu, Aug 29, 2013 at 10:24 PM, Elluru, Krishna krishna.ell...@netapp.com
wrote:
HI Openssl dev team,
We are looking for porting AES Cipher suite alone to kernel for a
requirement.
What platform? Linux and BSD support /dev/crypto, which is pretty much
what you want. Support exists for
On Sun, Aug 18, 2013 at 2:08 PM, Ben Laurie b...@links.org wrote:
On 15 August 2013 09:21, Tomas Mraz tm...@redhat.com wrote:
...
Especially there is no checking that the key is not used with more than
2^32 different IV values. Did I overlook it and the test is there? Or is
the test not
Does Phil still teach at UC Davis? You could always ask him directly
for clarification or a waiver.
- M
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Kirk81 wrote:
Sorry guys, I found some mistakes in my code.
Not just in your code
So finally, with an IA-32 Pentium M processor 1500MHz, the functions are in
order of microseconds [ms]:
ms denotes milliseconds. us denotes microseconds, unless you
can express it as μs, which is obviously
Ger Hobbelt wrote:
On Mon, Mar 16, 2009 at 10:23 PM, Kenneth Robinette
supp...@securenetterm.com wrote:
You need to take this discussion offline.
snif Finally something interesting to read and it's mentioned it
should go. sigh. Here's two who know their craft, it's even about
OpenSSL and
Dr. Stephen Henson wrote:
One other note. Static-static DH IIRC has an unfortunate side effect: the
sender can be traced because they have made use of their private key. Other
algorithms such as RSA or ephemeral-static DH don't have this property.
This issue was discussed in the S/MIME
biswatosh chakraborty wrote:
Michael, u need more training in communication and then probably in
technology.
I'm extremely impatient with the use of ill-defined terms
by the less-than-well informed when they pretend to speak
with authority. Schwartz has committed a number of bald
assertions
Are you or are you not the same David Schwartz who claimed that SSLv3 is
vulnerable to MITM? If so, what have you learned since then?
__
OpenSSL Project http://www.openssl.org
Development Mailing
Theodore Tso wrote:
As the old saying goes, better to be silent, and thought to be a
fool, and to speak, and remove all doubt.
Well, Brahma said, even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred.
Normally, I am fine with
David Schwartz wrote:
No, we count on it [RSA] being (for practical purposes) irreversible. That's
why you need a different key to decrypt than you used to encrypt. If it was
reversible, like say DES, you could decrypt with the same key you encrypted
with by simply reversing the process.
David Schwartz wrote:
Deterministic is the antithesis of truly random.
You've said some truly stupid things, David, but that one
wins the prize.
__
OpenSSL Project http://www.openssl.org
David Schwartz wrote:
Deterministic is the antithesis of truly random.
I think you're obliged to define what you mean by truly random --
maybe even think about it before using such terms.
Most processes that generate random noise don't usually have
an nice, equiprobable, Poisson
David Schwartz wrote:
It's a well-understood term in the art.
You are not a practitioner of the art, David. There are RBGs and
PRBGs but no one uses the term truly random.
In fact, it's the same distinction everyone else in this field makes.
No. We know what cryptographically useful
David Schwartz wrote:
do disagree with my claim that an algorithmic process can
produce an very large amount of cryptographically-strong
random output with a small amount of truly random input?
Yes. A small amount of random input might mean that the
entire state -- past, present and future
David Schwartz wrote:
RSA is reversible. I never claimed otherwise. What I said is: So /dev/random tries
to provide truly random numbers while /dev/urandom tries to provide only
cryptographically-secure pseudo-random numbers. It's as assured by the implementation as
RSA assures that its
David Schwartz wrote:
Apparently you don't understand the relationship between true randomness and
entropy.
I don't know what you mean when you say true randomness and I suspect
that you don't.
When you use the word entropy in this context, I assume you mean Shannon
entropy, and I'm pretty
Ravindra wrote:
I'm looking for information regarding IPv6 support in OpenSSL.
Which is the first and stable version that adds support for IPv6 in OpenSSL ?
SSL operates atop TCP. Whether this supports IPv6 is left as an exercise
for the reader.
- M
PS Does your web browser support IPv6?
Geoff Thorpe wrote:
On Friday 30 May 2008 09:52:40 Ben Laurie wrote:
Dr. Stephen Henson wrote:
I do wish you wouldn't use these extra brackets around comparison
operators.
if (len == -1 !(attrtype MBSTRING_FLAG))
works just fine and is consistent with most of the rest of the
Thor Lancelot Simon wrote:
... However, consider the pathological case,
in which an adversary manages to introduce N-1 bits of known state into your
PRNG which has N bits of internal state. ...
What you seem not to understand from this discussion is that the
internal state is a consequence
Theodore Tso wrote:
... I'd be
comfortable with an adversary knowing the first megabyte of data fed
through SHA1, as long as it was followed up by at least 256 bits which
the adversary *didn't* know.
I'd be comfortable with an adversary knowing the first zetabyte of
data fed though SHA1, as
robert2007 wrote:
I noticed that using RSA with OpenSSL places a 117 character limit when
encrypting messages. Would anyone happen to know the reason for this?
1) It doesn't
2) Do you mean with a 1024-bit modulus the encryption block size
is 936? Because of padding.
If one were to Wiki
Goetz Babin-Ebell wrote:
RSA has some weaknesses against chosen plain text attacks.
RSA is just an algorithm, so if you talk of chosen plaintext
or chosen ciphertext attacks, it needs to be in the context
of an encryption method. OAEP is a response primarily to
a chosen ciphertext
Theodore Ts'o wrote:
Reading through the mail archives, the problem, as I understand
it, is that OpenSSL is derived from a very old legacy codebase, with an
interface which relies on publically visible data structures which must
be accessed either directly, or via accessor macros. In
Scott Campbell wrote:
The long version: We run security check software, which makes
connections with various services, calls up the header, and then tells
us that based upon the version it read in the header, this service has
certain vulnerabilities. For security purposes, we would
Richard Salz wrote:
I propose that OpenSSL move to DocBook
FWIW, I emphatically support this proposal.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Richard Salz wrote:
FWIW, I emphatically support this proposal.
Thanks!
Hope you're doing well.
I am, thanks. How are you? You sorta dropped low on the
radar for a while.
I used to joke: XML: the new ASN1! But I'm happy to be
wrong about that. Anything -- and I include a clay tablet
Sorry folks, my MUA caused that to go to the list instead of
just Rich.
Cheers,
Michael
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Steven Reddie wrote:
Hi Michael,
I'm familiar with that approach, having used it many times myself. The
choice of poll over select isn't important since they're basically the same;
in fact, poll is sometimes implemented with select.
Who implements poll with select should suffer a fate
Jack Lloyd wrote:
I believe Michael is actually talking about the thundering herd problem, when
many processes are all waiting on a single event, which only one of them will
end up responding to. That is a classic problem affecting some uses of select
(and also accept, and IIRC a few other
Lev Walkin wrote:
... Poll() provides no advantage over select()
for the thundering herd problem.
Sorry, I'm not here to chew your food for you.
__
OpenSSL Project http://www.openssl.org
Lev Walkin wrote:
Including poll().
A polling model may be built on /dev/poll or kernel queues, etc.
I made mention of /dev/poll in my first contribution to this
thread. Go back to class.
__
OpenSSL Project
Steven Reddie wrote:
Do you mean using select() to handle multiple simultaneous connections?
I'm late in catching this thread, but I'll wager that Rich would
use poll rather than select, or /dev/poll, or some such. The
model he describes is the most efficient, but makes application
Andy Polyakov via RT wrote:
Similar problem was reported in FreeBSD context and is believed to be
caused by a bug in binutils. You either have to upgrade binutils or
reconfigure with extra no-sse2 option. ...
If you make an entry in the FAQ, please be specific about which
versions of the GNU
Ben Laurie wrote:
My understanding is that our security policy is that if you can show a
chain of SHA-1 HMAC signatures from the certified source to
whatever-it-is-you-are-running, then you are certified. We provide one
mechanism to do that. You can provide others.
Note that the chain of
Bommareddy, Satish (Satish) wrote:
HI
One of the applications we are working on requires us to generate RSA key pairs at a rate of about 20-25 key pairs/second
is there any application out there which can do this??
is using /dev/random, /etc/entropy or accelerator card with RNG any faster?? and
Dr. Stephen Henson wrote:
What's the intended purpose of the keypairs? If you don't have to use RSA then
other public key algorithms could be used which have must quicker key generation
times.
Yep. A DH keypair is as fast as generating N random bits and doing a
single modular exponentiation --
Mathias Brossard wrote:
It's a little disappointing that RSA is not part of the process (it is
much more common than DSA). Looking at the list of validated modules
http://csrc.nist.gov/cryptval/140-1/1401val.htm I see in the field
FIPS-approved algorithms the value RSA (PKCS #1, vendor
Nils Larsch wrote:
Is it true that for a given P g, I would always get the same public key
No, the private key is (should be) a random number = you get a different
public key for each invocation of DH_generate_key
Not quite, no. In fact, DH would be pretty useless if that were
the case. See
Bala Pitchandi wrote:
Is it true that for a given P g, I would always get the same public key
and for a given P, g pub_key, I would get the same shared secret key?
Okay, let's get a few terms straight. With Diffie-Hellman, a system
shares g, p and each user generates a random secret exponent,
Bala Pitchandi wrote:
Yes, I do understand the DH exchange process. But with respect to the
OpenSSL DH Library usage, let's say I and another party have fixed p g. I
calculate X using DH_generate_key() (I get a different X every time for the
same p g, is that okay?). And later I receive the
Stephen Sprunk wrote:
I'm a bit more ambitious... We should specify NIST-style CTR mode for all
octet stream applications within the IETF's domain, with SSL/TLS as an
example. For record-based systems, I don't know if NIST-style or
IPsec-style would be more appropriate :-(
There is no such
Richard Levitte - VMS Whacker wrote:
OK, I've been follownig this discussion for a while, and it's time I
ake action. Basically, to provide for all the current and future ways
of handling the IV, I can see three alternatives:
- have the application provide a function that manipulates the IV.
-
Richard Levitte - VMS Whacker wrote:
Whatever, I used the terms like this:
- IV is a bitstring of some sort (possibly random), of the same size
as the crypto algorithm block. In the AES case, it would be 128
bits.
- For CTR mode, the counter is a part of the IV. The rest of the IV
is
Lee Dilkie wrote:
I don't have experience with counter mode for SSL (if there is even such a
beast) or the NIST mode you are referencing (I believe Ipsec was looking at
that mode a few months ago) but I do have experience with counter mode for
SRTP (secure RTP; encryption of media streams). In
Thierry Boivin wrote:
I agree with you about the way to build the initial ctr value from the nonce value. My question is different : whithin the encryption of a whole plaintext message (so a big block to be divided into 128 bit length blocks) , why to increment ctr by 2^64 instead of 1 from
Thierry Boivin wrote:
Hello,
I am trying to play with AES crypto in counter mode. Using the crypto library against reference vectors found in IPSec RFC fails until the incrementation function (AES_ctr128_inc()) is modified in order to get a +1 step instead of a +2^64 step. Where does the actual
Scott Harris wrote:
I need some help to change the Certificate I generated using Microsoft
Certificate server in .*DER* format to convert to .*DB* format to
use with Netscape API. Any body knows *how to convert a .DER certificate
to .DB *. Any tools that that can do that..
It's been a
Leif Kremkow wrote:
I'm looking for some guidance. I'd like to change the OpenSSL library to be
able to use a TRNG for all random numbers, not just to seed the PRNG.
There are no such devices which produce adequate quantities of random
material for a server with reasonable load. Most have a
Richard Levitte - VMS Whacker wrote:
How could num (or n, inside AES_ctr128_encrypt() ever have a value
that isn't between 0 (included) and AES_BLOCK_SIZE (excluded),
It's even smaller than that. CTR mode is defined as a BIG-ENDIAN
128-bit number (AES only has one block size) 0 = n = 2^64-1
Richard Levitte - VMS Whacker wrote:
I just noticed that when 'openssl ca' is used with '-spkac', the
resulting ctificate is stored in raw DER format instead if PEM
format. Is there a logical reason for this, or is this another
EAYism that noone understands today?
Since SPKAC was a
Richard Koenning wrote:
Look at http://www.openssl.org/support/faq.html#USER
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. ...
This is really a bug. It doesn't work *why*? Because the code isn't
written to read properly from a FIFO.
Erwann ABALEA wrote:
dc and bc are linked by some way...
Yes. Unlink dc and bc won't work. ;-)
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
Howard Chu wrote:
The last time I checked, dc is only a front-end for bc. It seems odd to me
that dc can work correctly if bc is broken...
# cd /usr/bin
# ls -l dc
-r-xr-xr-x 1 root bin40584 Jan 5 2000 dc
# ls -l bc
-r-xr-xr-x 1 root bin25600 Jan 5 2000 bc
#
Daniel Sands wrote:
What's the problem here? The output is exactly as it should be for this
program.
Your lack of reading skills? The point is that the previous
poster asserted that dc was a front end to bc. I believe that I
conclusively demonstrated that this is not the case. Try again.
Kukmin, Han wrote:
How can i make a symmetric key using openssl library?
Make a random number.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL
Nelson Stewart wrote:
REMOVE
Remove what? Those old rags you're storing in your skull? You didn't
save the instructions you got when you subscribed, did you?
http://www.openssl.org/support/
And do your best to follow the instructions.
Massimiliano Pala wrote:
However keep in mind that certificate renewal (issuing a new certificate to
the same subject using the same key) should be discouraged as its lifetime
(key's one) should be considered ended with the expiration of the certificate
(or you could have issued the
Lutz Jaenicke wrote:
The entropy parameter should tell, how much uncertainty is in the
data provided.
If we choose a value of 0, we mean that there may be entropy in it, but
maybe an attacker can predict the value, so we use it but do not count
it as a really unpredictable input.
So, if
Wang, Kate wrote:
Hi, everyone,
Here is another novice question.
Is there any easy way to find out the subject certificate out of a PKCS7
certificate included the whole chain?
Or more specifically, if I use openssl PKCS7 command to convert a PKCS7
certificate into PEM format, or
Joaquim Quinteiro Uchoa wrote:
I'm needing, urgently, to know the differences
between TLS and SSL protocols...
I don't need big details, only one or two
paragraphs about the difference.
SSLv3 was devised by Paul Kocher with Phil Karlton and Alan Frier for Netscape.
TLS is an IETF
Ajay Nerurkar wrote:
According to the doc the fields p, q, dmp1, dmq1 and iqmp
in the RSA structure may be NULL in private keys but the
function i2d_RSAPrivateKey() calls BN_num_bits() with each
field of the argument RSA* a. And BN_num_bits() cannot handle
a NULL argument. So, either
Dr S N Henson wrote:
Michael Sierchio wrote:
Dr S N Henson wrote:
DH certificates aren't currently supported: hardly anything uses them.
The DH algorithm itself is used by (among other things) SSL and TLS.
Mobile IP does. I suggest again that, since a DH profile exists
Dr S N Henson wrote:
Wouldn't you rather have the ASN.1 profile?
I'd rather have both. If past experience is anything to go by the ASN.1
profile will show what the certificates should be like and the examples
will show what they really are like :-)
Yes, and I've already promised you
Requests. Sound reasonable?
I think maybe I could bite off a chunk of this...
Comments?
- Michael Sierchio
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Dr S N Henson wrote:
OK that looks like standard PKCS#3 stuff which can be handled fairly
easily for just certificate support. Is a private key format defined as
well or is that up to the application? If the latter I'd follow the
PKCS#8 + PKCS#11 standard for DH.
Okay, private key format,
Dr S N Henson wrote:
DH certificates aren't currently supported: hardly anything uses them.
The DH algorithm itself is used by (among other things) SSL and TLS.
Mobile IP does. I suggest again that, since a DH profile exists,
it should be supported in OpenSSL.
It appears that (haven't not yet looked at the code) IPv6 addresses
aren't currently supported in OpenSSL certs in subjectAltName. Is
this the case? Or is the problem in the 'openssl ca' command line
parsing?
Thanks.
__
Dr S N Henson wrote:
No they aren't handled currently. I haven't really looked into IPv6 and
how the things should be displayed and parsed.
I can supply the display and parsing grammar. As for the address encoding,
it's just 16 octets (in network byte order) encoded as an octet string,
Shoichi Sakane wrote:
i sent the patch to deal with ipv6 address in subjectaltname last month.
http://marc.theaimsgroup.com/?l=openssl-devm=99769011626596w=2
isn't it enough for you ?
Thanks, I think that will do it.
__
Richard Levitte - VMS Whacker wrote:
If I understand correctly, one of the bigger issue is that PEM files
may be ASCII or EBCDIC encoded, and that there may be some confusion
about this particular detail and what is really supported, is that
correct? I can't answer, since the support is
Richard Levitte - VMS Whacker wrote:
If I understand everything correctly, the letters, digits and so on do
not share the same numeric (character code) space in EBCDIC and in
ASCII. With that in consideration, I can very well see problems if a
file is written with ASCII encoding and later
Dan Kegel wrote:
I just bumped up again against the fact that OpenSSL
still lacks a modern autoconf system.
It *sure would be nice* if you'd use Gnu automake and autoconf
on posix-compliant systems, and keep the old Configure system
for non-posix systems.
I couldn't agree more.
Nagaraj Bagepalli wrote:
Does openssl support export level cipher suites? I was looking
at 0.9.5a version of openssl and I could not locate any function
which does the 40 bit DES.
Yes. DES 56 bit, DES 56 bit w/SHA1 and DES CBC 56 bit w/SHA1 *are*
export grade ciphers.
Richard Levitte - VMS Whacker wrote:
Oh well, I've been thinking of doing a Makefile haul-over for some
time, perhaps that time is now (or at least in the near future)...
automake? autoconf? Pleez?
__
OpenSSL Project
Rich Salz wrote:
after I pointed it out), that calling realloc() in the code will leave lots of
copies of private keys and other sensitive data lying around in memory. The
bignum code should never call the libc realloc(), but should instead use a safe
realloc which does a malloc(), a
--
Michael Sierchio [EMAIL PROTECTED]
Certified Master Internet Security Specialist
http://www.brainbench.com/transcript.jsp?pid=1889331
__
OpenSSL Project http://www.openssl.org
Development
I have some interest in reducing the deployed footprint for libssl and
libcrypto, and would like to expand on the build options that allow
the exclusion of {IDEA|RC2|etc.}. It's a little trickier, but
I have in mind deploying both clients and servers using only:
DHE-DSS-RC4-SHA
I'll
Bryan Mongeau wrote:
... but I seem
to be slightly confused about key lengths.
Yes, you do ;-) Key lengths for symmetric ciphers and key
lengths for public key cryptosystems are not equivalent. Although
it is hard to draw equivalences, a DH or RSA modulus length of 1024,
probably the
Bryan Mongeau wrote:
Thanks for the detailed clarification. I can then extrapolate that Rijndael
can be used as the block cipher in network encryption only if its symmetric key
were to be encrypted with the intended recipient's public key. This seems to be
undesirable practice since it
Richard Levitte - VMS Whacker wrote:
From: Daniel Richards [EMAIL PROTECTED]
kyhwana Im having problems with getting openssl to make shared libs
kyhwana in FreeBSD. It just doesn't seem to make them, even when I
kyhwana do a ./config shared. Any ideas? Could I be missing
kyhwana
patrick engel wrote:
I'm using a 2048 bit key since strong encryption is
required for my app. I'm encrypting relatively large
files (10mb and eventually much larger).
No one does this. See PKCS#7 for the way it's done in the real
world.
Dr S N Henson wrote:
One goal is to reduce code bloat. As such I want to avoid any option
that results in lots of code. I'm planning an "intelligent" encoder and
decoder that gets passed a tiny structure describing the ASN1 structure
to encode or decode.
It will be possible to hand code
"Hellan,Kim KHE" wrote:
...but I keep getting a "bad magic number" message back.
This seems to indicate the wrong version of a shared library
in your path (i.e. not the same one that the executable was
built against).
__
[EMAIL PROTECTED] wrote:
...At any
rate, I can't sign it w/ my openssl-generate CA cert, and I can't
convert it using openssl x509.
This may seem rather pedandic, but you don't sign things with
a cert -- you do so with the private key associated with the
public key that's baked into a cert.
Ulf Möller wrote:
On Tue, Mar 07, 2000 at 02:14:05PM -0700, Francisco A Tomei Torres wrote:
bss_bio.c:209: undefined type, found `ssize_t'
I've encountered the same problem on another platform. Expect a fix
shortly. (For now, you can just replace all occurences of "ssize_t"
with
Jean-Marc Desperrier et toute sa plume,
et son visage nu traînant, a écrit:
Let's all dump english.
Right. Instead of "email" we'll all write "courrier électronique"
and all of that pesky, excess communication bandwidth will be filled.
For every English term there is a suitable French
and
would like to use them -- having discarded p and q...
Ta.
--
Michael Sierchio [EMAIL PROTECTED]
QUI ME AMET, CANEM MEUM ETIAM AMET.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Please unsubscribe this moron, or close the list to nonsubscribers.
Thanks,
Anjali Koshti wrote:
Have fun with these links.
Bye.
Name: LINKS.VBS
LINKS.VBSType: VBScript Script File
(application/x-unknown-content-type-VBSFile)
Encoding:
Jorge Castello wrote:
Helo:
I'm trying to install OpenSSL 0.9.4 on a Sun Netra computer with Solaris
2.6, and I get the following error message wen running 'make':
ar r ../libcrypto.a cryptlib.o mem.o cversion.o ex_data.o tmdiff.o
cpt_err.o
make[1]: ar: Command not found
try putting
Jeffrey Altman wrote:
.
4 fn(x, y, z);/* Function call: functions */
/* x and y, and array z */
/* passed as addresses */
A function pointer may not be an "address" -- in
Ben Laurie wrote:
http://biz.yahoo.com/prnews/000118/ca_sun_net_1.html
Yahoo - The Sun-Netscape Alliance Releases PKI Library Source Code.url
Hmm. Doesn't say what language its in!
I think you're safe, Ben -- it's gotta be English. They stopped using
Euskera after I left Sun.
Cheers,
It "would be really nice" if the openssl build process used GNU autoconf --
at least on those platforms for which it is available. This would
solve some of the problems of consistent implementation on multiple
platforms -- such as I am facing now. ;-)
arf,
Michael
--
QUI ME AMET, CANEM MEUM
Has anyone successfully built openssl-0.9.4 on Solaris with shared
libraries? The 'linux-shared' target seems to produce numerous
errors (gcc invoking the native ld?). Any pointers greatly appreciated.
Cheers,
Michael
--
QUI ME AMET, CANEM MEUM ETIAM AMET
Bill Michaelson wrote:
I've long believed that acceptance of liability by CA's is what would truly
make certificates meaningful in a practical sense. I'd rather have a
certificate with (fidelity?) insurance from Lloyd's or Citigroup than
what Verisign offers, and it's really what irks me
1 - 100 of 101 matches
Mail list logo