On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin s...@cs.columbia.edu
wrote:
I've mentioned it before, but I'll point to the paper Eric Rescorla
wrote a few years ago:
http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . The bottom
On Sun, May 18, 2008 at 4:55 PM, Hal Finney [EMAIL PROTECTED] wrote:
A simple trick can be used to help immunize DSA signatures against
these kinds of failures. I first learned of this idea many years ago
from Phil Zimmermann, and a varient has been used for a long time in
PGP and probably
On Wed, Sep 14, 2005 at 12:18:14PM +0300, Alexander Klimov wrote:
http://www1.ietf.org/proceedings_new/04nov/slides/saag-2/sld9.htm:
What is Really Covered
o The use of elliptic curves defined over GF(p) where p is a prime
number greater than 2^255 when the product satisfies the
On Tue, Nov 18, 2003 at 09:19:48AM -0800, Anton Stiglic wrote:
David Wagner [EMAIL PROTECTED]:
martin f krafft wrote:
it came up lately in a discussion, and I couldn't put a name to it:
a means to use symmetric crypto without exchanging keys:
- Alice encrypts M with key A and sends it to
Ian Grigg [EMAIL PROTECTED]:
I agree. As a side note, I think it is probably
a good idea for TLS to deprecate ADH, simply
because self-signed certs are more or less
equivalent, and by unifying the protocol around
certificates, it reduces some amount of complexity
without major loss of
Tim Dierks [EMAIL PROTECTED]:
Ian Grigg [EMAIL PROTECTED]:
Steven M. Bellovin:
What's your threat model? Self-signed certs are no better than ADH
against MITM attacks.
I agree. As a side note, I think it is probably
a good idea for TLS to deprecate ADH, simply
because self-signed certs