=?iso-8859-1?Q?Kristian_Gj=F8steen?= kristian.gjost...@math.ntnu.no writes:
(For what it's worth, I discounted the press reports about a trapdoor in
Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I
was wrong.)
+1. It's the Vinny Gambini effect (from the film My
On 25/09/13 17:17, ianG wrote:
On 24/09/13 19:23 PM, Kelly John Rose wrote:
I have always approached that no encryption is better than bad
encryption, otherwise the end user will feel more secure than they
should and is more likely to share information or data they should not
be on that line.
ianG i...@iang.org writes:
Well, defaults being defaults, we can assume most people have left it in
default mode. I suppose we could ask for research on this question, but I'm
going to guess: most.
âSoftware Defaults as De Facto Regulation: The Case of Wireless APsâ, Rajiv
Shah and
On 25/09/13 13:25, Adam Back wrote:
On Wed, Sep 25, 2013 at 11:59:50PM +1200, Peter Gutmann wrote:
Something that can sign a new RSA-2048 sub-certificate is called a
CA. For
a browser, it'll have to be a trusted CA. What I was asking you to
explain is
how the browsers are going to deal with
Adam Back a...@cypherspace.org writes:
Is there a possibility with RSA-RSA ciphersuite to have a certified RSA
signing key, but that key is used to sign an RS key negotiation?
Yes, but not in the way you want. This is what the 1990s-vintage RSA export
ciphersuites did, but they were designed so
On 25/09/13 21:12 PM, Jerry Leichter wrote:
On Sep 25, 2013, at 12:31 PM, ianG i...@iang.org wrote:
...
My conclusion is: avoid all USA, Inc, providers of cryptographic products.
In favor off ... who?
Ah well, that is the sticky question. If we accept the conclusion, I
see these
On 26/09/13 02:24 AM, Peter Fairbrother wrote:
On 25/09/13 17:17, ianG wrote:
On 24/09/13 19:23 PM, Kelly John Rose wrote:
I have always approached that no encryption is better than bad
encryption, otherwise the end user will feel more secure than they
should and is more likely to share
On 26/09/13 02:32 AM, Peter Gutmann wrote:
ianG i...@iang.org writes:
Well, defaults being defaults, we can assume most people have left it in
default mode. I suppose we could ask for research on this question, but I'm
going to guess: most.
“Software Defaults as De Facto Regulation: The