[cryptography] Apple Keychain (was Keyspace: client-side encryption for key/value stores)
Hi Peter, > In a perfect world, yes. However having an OS-provided, standardised > mechanism that gets things mostly right (Apple Keyring) is far, far better > than forcing every developer to invent their own one (Unix and to a lesser > extent Windows), which 90% will get wrong. I'm curious which bits you feel Apple got right with the Keychain - not because I disbelieve you, but because I don't know. :-) Have you got any links or documents, either for what they did right or for what the others do wrong? (I use OS X, so I'm happy to hear they got it mostly right...) Thanks, -- Paul ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Security Pop-Up of the Day
On Thu, Sep 22, 2011 at 09:37:42AM +1000, James A. Donald wrote: > Email client generates private/public keypair. Sends public key to CA > server. CA server certifies that the owner of the private key > corresponding to this public key is capable of receiving email at the > address, emails certificate it back to ostensible email address. User changes email client, or has two clients on different machines. Second certificate is received by CA server. Does it now certify both keys? Does it assume that one is an attack? User's machine crashes. How do they tell the CA server that the owner of the public key is no longer capable of receiving email with that private key? -- Paul Fsck, either way I'm screwed. -- petro Now *that* is the Sysadmin's motto. -- PdS ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography