Re: The PKC-only application security model ...

On Wed, Jul 23, 2008 at 05:32:02PM -0500, Thierry Moreau wrote: The document I published on my web site today is focused on fielding certificateless public operations with the TLS protocol which does not support client public keys without certificates - hence the meaningless security

Re: The PKC-only application security model ...

Thierry Moreau wrote: Anne Lynn Wheeler wrote about various flavors of certificateless public key operation in various standards, notably in the financial industry. Thanks for reporting those. No doubt that certificateless public key operation is neither new nor absence from today's scene.

Re: The PKC-only application security model ...

At Wed, 23 Jul 2008 17:32:02 -0500, Thierry Moreau wrote: Anne Lynn Wheeler wrote about various flavors of certificateless public key operation in various standards, notably in the financial industry. Thanks for reporting those. No doubt that certificateless public key operation

Re: The PKC-only application security model ...

On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau [EMAIL PROTECTED] wrote: The document I published on my web site today is focused on fielding certificateless public operations with the TLS protocol which does not support client public keys without certificates - hence the meaningless security

Re: The PKC-only application security model ...

Eric Rescorla wrote: At Wed, 23 Jul 2008 17:32:02 -0500, Thierry Moreau wrote: Anne Lynn Wheeler wrote about various flavors of certificateless public key operation in various standards, notably in the financial industry. Thanks for reporting those. No doubt that certificateless

Re: The PKC-only application security model ...

Tom Scavo wrote: On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau [EMAIL PROTECTED] wrote: The document I published on my web site today is focused on fielding certificateless public operations with the TLS protocol which does not support client public keys without certificates - hence the

AppleID Security

Disclaimer: Yes, I am referenced, but I've been blarting about this for nearly two years now, and nobody's paid the slighest notice before; the matter of making website security both a) easy and b) better can now only become *more* urgent.

Re: The PKC-only application security model ...

Thierry Moreau wrote: In draft-ietf-sip-dtls-srtp-framework, the detailed scheme uses self-signed certificates created by client end-entities themselves. The basic idea is identical. At the detailed level in my document, the client end-entity auto-issues a security certificate with a breached