> On Friday, June 01, 2007 7:00 AM James A. Donald wrote:
>
> Many protocols use some form of self describing data format, for
example
> ASN.1, XML, S expressions, and bencoding.
>
> Why?
>
> Presumably both ends of the conversation have negotiated what protocol
> version they are using (and if
On Sat 5/26/2007 at 8:59 PM Allen [EMAIL PROTECTED]
wrote:
> Validating a digital signature requires getting the public key from
> some source, like a CA, or a publicly accessible database and
> decrypting the signature to validate that the private key associated
> with the public key created the
This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, what prevents them from using the same techniques
and/or code to create a visually identical spoof? There have been
several OS-level designs to create hardware-supported secure dialogs.
Needless to say, these schem