On Wed, Nov 11, 2009 at 09:42:21PM -0500, Jerry Leichter wrote:
[...]
If one organization distributes the dongles, they could accept
only updates signed by that organization. We have pretty good
methods for keeping private keys secret at the enterprise level,
so the risks should be manageable.
On Mon, Nov 16, 2009 at 11:20:27PM -0500, Jerry Leichter wrote:
I'm not sure that's the right lesson to learn.
I might have, perhaps, phrased it a little better. Regardless of
initial planning, TI continued selling devices relying on this
particular code signing implementation well past what the
On 2013-08-25 16:29:42 -0400 (-0400), Perry E. Metzger wrote:
[...]
If I meet someone at a reception at a security conference, they might
scrawl their email address (al...@example.org) for me on a cocktail
napkin.
I'd like to be able to then write to them, say to discuss their
exciting new
On 2013-09-01 13:02:26 +1000 (+1000), James A. Donald wrote:
On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
[...]
bring business cards (or even just slips of paper) with our name,
E-mail address and 160-bit key fingerprint.
[...]
The average user is disturbed by the sight a 160 bit hash
On 2013-09-04 13:12:21 +0200 (+0200), Ilja Schmelzer wrote:
There is already a large community of quite average users which use
Torchat, which uses onion-Adresses as Ids, which are 512 bit hashs if
I remember correctly.
Typical ways of communication in this community are look for my
On 2013-10-11 12:03:44 +0100 (+0100), Tony Naggs wrote:
Do key signing parties even happen much anymore? The last time I saw
one advertised was around PGP 2.6!
[...]
Within more active pockets of the global free software community
(where OpenPGP signatures are used to authenticate release
