PGP8 paranoia ?

2003-06-07 Thread Anonymous
PGP 8 on XP declares all public (encrypting) keys created by 2.6.2 in 1998 or earlier to have revoked user ID and will not encrypt with them. 1999 keys work. A bug or strong keys ?

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread Harmon Seaver
On Fri, Jun 06, 2003 at 06:08:34PM -0400, Ian Grigg wrote: Derik asks the pertinant question: The question is: how do we convince M$ and Netscape to include something else in their software? If it's not supported in IE, then it wont be available to the vast majority of users out there.

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread Peter Gutmann
Derek Atkins [EMAIL PROTECTED] writes: Actually, the ASN.1 part is a major factor in the X.509 interoperability problems. Different cert vendors include different extensions, or different encodings. They put different information into different parts of the certificate (or indeed the same

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread Dave Howe
James A. Donald wrote: Could you point me somewhere that illustates server issued certs, certification with zero administrator overhead and small end user overhead? Been a while since I played with it, but IIRC OpenCA (www.openca.org) is a full implimentation of a CA, in perl cgi, with no admin

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread James A. Donald
-- James A. Donald: Certificate caching is not the problem that needs solving. The problem is all this spam attempting to fool people into logging in to fake BofA websites and fake e-gold websites, to steal their passwords or credit card numbers On 6 Jun 2003 at 15:04, Tim Dierks

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread Dave Howe
Anonymous Sender wrote: James A. Donald writes: E-Gold could set things up to allow its customers to authenticate with certs issued by Verisign, or with considerably more work it could even issue certs itself that could be used for customer authentication. Why doesn't it do so? Well, it's a

Re: [dgc.chat] Micropayments and the incentive program at e-gold

2003-06-07 Thread Jim Davidson
Dear James, Jay Wherley is the head tech guy at e-gold.com so wwe can rely on his views below. The incentive payments and the payment receive fee are not counted as spends for the statistics on the e-gold.com/stats.html page. One correspondent suggested to me that there may be one or more spread

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread James A. Donald
-- On 4 Jun 2003 at 20:58, Anne Lynn Wheeler wrote: it is relatively trivial to demonstrate that public keys can be registered in every business process that currently registers shared- secrets (pins, passwords, radius, kerberos, etc, etc) I don't think so. Suppose the e-gold, to

Micropayments and the incentive program at e-gold

2003-06-07 Thread Jim Davidson
Dear Friends, James A. Donald points out that tens of thousands of micropayments are being made on the e-gold system every day. If we assert that less than a tenth of a gram of gold is a micropayment, then the web page http://www.e-gold.com/stats.html gives us some information. Spend size

Re: Maybe It's Snake Oil All the Way Down

2003-06-07 Thread Anne Lynn Wheeler
At 04:24 PM 6/6/2003 -0700, James A. Donald wrote: I don't think so. ??? public key registered in place of shared-secret? NACHA debit trials using digitally signed transactions did it with both software keys as well as hardware tokens. http://internetcouncil.nacha.org/News/news.html in the