Anne Lynn Wheeler [EMAIL PROTECTED] write:
the assertion here is possible threat model confusion when the same exact
technology is used for two significantly different business purposes.
I don't think there's any confusion about the threat model, which is Users
find it too difficult to generate
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
Peter, are you talking about generic CAs or in-corporation ones?
Both. Typically what happens is that the CA generates the key and cert and
mails it to the user as a PKCS #12 file, either in plaintext, with the
password in the same email,
For what it's worth, last week, I had the chance to eat dinner with
Carlisle Adams (author of the PoP RFC), and he commented that he didn't
know of any CA that did PoP any other way than have the client sign
part of a CRM.
Clearly, this seems to contradict Peter's experience.
I'd REALLY love
At 03:20 AM 7/18/2004, Enzo Michelangeli wrote:
Can someone explain me how the phishermen escape identification and
prosecution? Gaining online access to someone's account allows, at most,
to execute wire transfers to other bank accounts: but in these days
anonymous accounts are not exactly easy
Peter Gutmann wrote:
A depressing number of CAs generate the private key themselves and mail out to
the client. This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.
It's also cost-effective. The CA model as presented
is too expensive.
Eric:
On 2004, Jul 15, , at 17:55, Eric Rescorla wrote:
There are advantages to message-oriented
security (cf. S-HTTP) but this doesn't seem like a very convincing
one.
Could you please elaborate on this, or refer me to a document which
expresses your views? I just read [1] in search of
Back in late 1996, I wrote to Jim Bidzos, proposing an RSA
Challenge to break single DES by brute force computation.
Later in 1997, the first DES Challenge was successfully
completed.
Its taken another 7 years, but NIST has finally pulled
single DES as a supported mode.
Favorite line: DES
***CALL FOR PAPERS*
*
DIMACS Workshop on Mobile and Wireless Security
November 3 - 5, 2004
DIMACS Center, Rutgers University, Piscataway, NJ
Organizers:
Bill Arbaugh, University
--- begin forwarded text
Date: Tue, 27 Jul 2004 09:10:21 -0700
To: [EMAIL PROTECTED]
From: Bill Stewart [EMAIL PROTECTED]
Old-Subject: [Meetingpunks] SF Bay Area Cypherpunks August 2004 Physical
Meeting Announcement
Subject: [Meetingpunks] SF Bay Area Cypherpunks August 2004 Physical
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Gutmann
Sent: Saturday, July 24, 2004 9:07 PM
[SNIP]
A depressing number of CAs generate the private key
themselves and mail out to the client.
Replies to this talked about business cases to have control of the
private
The difference is if the CA does not generate private keys, there
should be only one certificate per email address, so if two are
discovered in the wild the user has a transferable proof that the CA
is up-to-no-good. Ie the difference is it is detectable and provable.
If the CA in normal
According to Ed Gerck:
But encryption and authentication are a hassle today, with less
than 2% of all email encrypted (sorry, can't cite the source I know).
Are these 2% 'only' S/MIME and PGP-encrypted email messages or
is SSL-encrypted email communication included?
ciao...
--
Lars
--- begin forwarded text
Date: Sun, 25 Jul 2004 14:39:14 -0700
To: [EMAIL PROTECTED]
From: John Young [EMAIL PROTECTED]
Subject: Feds and Yahoo Muzzle DNC Security Whistleblower
Sender: [EMAIL PROTECTED]
It appears that the Feds and LEA at the DNC Convention
have ordered Yahoo to axe the mail
At 12:09 PM 7/28/2004, Adam Back wrote:
The difference is if the CA does not generate private keys, there
should be only one certificate per email address, so if two are
discovered in the wild the user has a transferable proof that the CA
is up-to-no-good. Ie the difference is it is detectable
http://www.nytimes.com/2004/07/28/politics/campaign/28vote.final.html?ei=5006en=b992e2c2cfb441c3ex=1091592000partner=ALTAVISTA1pagewanted=printposition=
The New York Times
July 28, 2004
Lost Record '02 Florida Vote Raises '04 Concern
By ABBY GOODNOUGH
IAMI, July 27 - Almost all the electronic
15 matches
Mail list logo