* Kyle Hamilton wrote on Tue, Jan 19, 2010 at 16:00 -0800:
On Tue, Jan 19, 2010 at 6:19 AM, Steffen wrote:
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 15:50 -0800:
(assuming, that a peers identity should not change within a
session - but as discussed later in this mail this could be
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 15:50 -0800:
On Wed, Jan 13, 2010 at 5:58 AM, Steffen DETTMER wrote:
There is currently no way for even an ideal TLS implementation to
detect this issue.
[...]
Yes. Please see SSL_CTX_set_info_callback(3ssl).
hum, now I'm confused, I
On Tue, Jan 19, 2010 at 6:19 AM, Steffen DETTMER
steffen.dett...@ingenico.com wrote:
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 15:50 -0800:
On Wed, Jan 13, 2010 at 5:58 AM, Steffen DETTMER wrote:
There is currently no way for even an ideal TLS implementation to
detect this issue.
[...]
On Wed, Jan 13, 2010 at 5:58 AM, Steffen DETTMER
steffen.dett...@ingenico.com wrote:
Hi,
thank you very much for all your explanation and to give me one
more free training :)
Hey, like I said, I believe this information needs to be free to all. :)
* Kyle Hamilton wrote on Tue, Jan 12, 2010
Hi,
thank you very much for all your explanation and to give me one
more free training :)
* Kyle Hamilton wrote on Tue, Jan 12, 2010 at 13:33 -0800:
Isn't it a bug in the application when it does not allow me (its
user) to configure it? As far as I know there is no way to tell
Firefox i.e.
Hi,
thank you for your detailed explanations.
The main thing I still not understood is whether TLS by design
enforces the `bad behavior', meaning TLS cannot be used securely
at all by anyone,
- or -
if TLS just does not enforce to use is securely, meaning that TLS
relies on application code
Responses inline, again. :)
On Tue, Jan 12, 2010 at 2:53 AM, Steffen DETTMER
steffen.dett...@ingenico.com wrote:
The main thing I still not understood is whether TLS by design
enforces the `bad behavior', meaning TLS cannot be used securely
at all by anyone,
- or -
if TLS just does not