When I fired up Firefox a few minutes ago it told me that there was a new update available to fix security problems. I thought, "Hmm, I wonder what that would be...". It's interesting to note that we now have fixes for many of the OSS crypto apps (OpenSSL, gpg, Firefox (via NSS, so probably Thunderbird as well), my own cryptlib), but nothing from any of the commercial vendors. Maybe someone should convert this into a DRM attack so Microsoft will fix it before 2007 :-).
(The real #*($&#*( for me is that I wanted to turn off e=3 years ago, but when I did it in a snapshot release some squawk piped up to say that they were using e=3 and the standard said it was OK and I was being non-standards compliant and so on and so forth, so in the end I had to leave it enabled. I did make it very easy to turn off with a single-character code change, but that may explain why commercial vendors are going to be reluctant to rush out a fix without a lot of prior impact assessment). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]