On Mar 23, 2010, at 11:21 AM, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what people
--
From: Perry E. Metzger pe...@piermont.com
Subject: Against Rekeying
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position, partially because I think we have too little
experience with real world
Perry E. Metzger pe...@piermont.com writes:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what people think on the
Seems people like bottom post around here.
On Tue, Mar 23, 2010 at 8:51 PM, Nicolas Williams
nicolas.willi...@sun.com wrote:
On Tue, Mar 23, 2010 at 10:42:38AM -0500, Nicolas Williams wrote:
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up
On Mar 23, 2010, at 22:42, Jon Callas wrote:
If you need to rekey, tear down the SSL connection and make a new one. There
should be a higher level construct in the application that abstracts the two
connections into one session.
... which will have its own subtleties and hence probability
On Mar 21, 2010, at 4:13 PM, Sergio Lerner wrote:
I looking for a public-key cryptosystem that allows commutation of the
operations of encription/decryption for different users keys
( Ek(Es(m)) = Es(Ek(m)) ).
I haven't found a simple cryptosystem in Zp or Z/nZ.
I think the solution may
Daniel Bleichenbacher presented an implementation attack against DSA in
2001 titled On the generation of DSS one-time keys. I think it made
the rounds as a preprint, but I don't know if it was ever officially
published. It's cited frequently (e.g. in the SEC1 doc
On 2010-03-22 11:22 PM, Sergio Lerner wrote:
Commutativity is a beautiful and powerful property. See On the power
of Commutativity in Cryptography by Adi Shamir.
Semantic security is great and has given a new provable sense of
security, but commutative building blocks can be combined to build
On Mar 24, 2010, at 2:07 AM, Stephan Neuhaus wrote:
On Mar 23, 2010, at 22:42, Jon Callas wrote:
If you need to rekey, tear down the SSL connection and make a new one. There
should be a higher level construct in the application that abstracts the two
connections into one session.
On 2010-03-23 1:09 AM, Sergio Lerner wrote:
I've read some papers, not that much. But I don't mind reinventing the
wheel, as long as the new protocol is simpler to explain.
Reading the literature, I couldn't find a e-cash protocol which :
- Hides the destination / source of payments.
- Hides
I think the problem is more marketing and less technology. Some
marketoid somewhere decided to say that their product supports rekeying
(they usually call it key agility). Probably because they read
somewhere that you should change your password frequently (another
misconception, but that's
From: coderman coder...@gmail.com
Date: Wed, 24 Mar 2010 10:50:33 -0700
To: Morlock Elloi morlockel...@yahoo.com
Cc: cypherpu...@al-qaeda.net
Subject: Re: [vserver] Bought an entropykey - very happy
On Wed, Mar 24, 2010 at 8:43 AM, Morlock Elloi morlockel...@yahoo.com
wrote:
While avalanche
March 24th, 2010 New Research Suggests That Governments May Fake SSL
Certificates
Technical Analysis by Seth Schoen
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
Today two computer security researchers, Christopher Soghoian and Sid Stamm,
released a
Rui Paulo writes:
-+---
| http://www.wired.com/threatlevel/2010/03/packet-forensics/
|
| At a recent wiretapping convention however, security researcher Chris =
| Soghoian discovered that a small company was marketing internet spying =
| boxes to the feds designed to intercept
Matt has an interesting blog post up about the Soghoian Stamm SSL
interception paper:
http://www.crypto.com/blog/spycerts
--
Perry E. Metzgerpmetz...@cis.upenn.edu
Department of Computer and Information Science, University of Pennsylvania
On 24/03/2010 08:28, Simon Josefsson wrote:
Perry E. Metzger pe...@piermont.com writes:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be
On Thu, Mar 25, 2010 at 01:24:16PM +, Ben Laurie wrote:
Note, however, that one of the reasons the TLS renegotiation attack was
so bad in combination with HTTP was that reauthentication did not result
in use of the new channel to re-send the command that had resulted in a
need for
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
On Mar 23, 2010, at 4:23 PM, Adam
18 matches
Mail list logo