On Wed, Jul 23, 2008 at 05:32:02PM -0500, Thierry Moreau wrote:
The document I published on my web site today is focused on fielding
certificateless public operations with the TLS protocol which does not
support client public keys without certificates - hence the meaningless
security
Thierry Moreau wrote:
Anne Lynn Wheeler wrote about various flavors of certificateless
public key operation in various standards, notably in the financial
industry.
Thanks for reporting those.
No doubt that certificateless public key operation is neither new nor
absence from today's scene.
At Wed, 23 Jul 2008 17:32:02 -0500,
Thierry Moreau wrote:
Anne Lynn Wheeler wrote about various flavors of certificateless
public key operation in various standards, notably in the financial
industry.
Thanks for reporting those.
No doubt that certificateless public key operation
On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
[EMAIL PROTECTED] wrote:
The document I published on my web site today is focused on fielding
certificateless public operations with the TLS protocol which does not
support client public keys without certificates - hence the meaningless
security
Eric Rescorla wrote:
At Wed, 23 Jul 2008 17:32:02 -0500,
Thierry Moreau wrote:
Anne Lynn Wheeler wrote about various flavors of certificateless
public key operation in various standards, notably in the financial
industry.
Thanks for reporting those.
No doubt that certificateless
Tom Scavo wrote:
On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
[EMAIL PROTECTED] wrote:
The document I published on my web site today is focused on fielding
certificateless public operations with the TLS protocol which does not
support client public keys without certificates - hence the
Disclaimer: Yes, I am referenced, but I've been blarting about this for nearly
two years now, and nobody's paid the slighest notice before; the matter of
making website security both a) easy and b) better can now only become *more*
urgent.
Thierry Moreau wrote:
In draft-ietf-sip-dtls-srtp-framework, the detailed scheme uses
self-signed certificates created by client end-entities themselves.
The basic idea is identical. At the detailed level in my document, the
client end-entity auto-issues a security certificate with a
breached