Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning? (was: “On the limits of the use cases for authenticated encryption”)

2012-05-01 Thread Kevin W. Wall
On Thu, Apr 26, 2012 at 12:22 AM, Nico Williams wrote: > Also, > > On Wed, Apr 25, 2012 at 10:11 PM, Zooko Wilcox-O'Hearn > wrote: [big snip] >> I don't question the usefulness of the Authenticated Encryption >> abstraction for protocols that fall into that category. > > Right, me either.  I c

Re: [cryptography] Symantec/Verisign DV certs issued with excessive validity period of 6 years

2012-05-01 Thread Nico Williams
The idea of using fresh certs (not necessarily short-lived) came up in the TLS WG list in the context of the OCSP multi-stapling proposal. So far the most important objection to fresh-lived certs was that it exacerbates clock synchronization issues, but I'm willing to live with that. Short-lived

Re: [cryptography] Symantec/Verisign DV certs issued with excessive validity period of 6 years

2012-05-01 Thread James A. Donald
On 2012-05-02 12:23 AM, Peter Gutmann wrote: Thor Lancelot Simon writes: NIST says 2048 bit RSA keys should have a 3 year lifetime. Who here really wants to explain to customers (or investors!) that he willfully ignored that recommendation and just reused the same old key when making the CSR

Re: [cryptography] PKI in practice: is there a list of ("widely" deployed) client-certs-issuing CAs?

2012-05-01 Thread Martin Paljak
On Sat, Apr 28, 2012 at 05:25, ianG wrote: > Well, to the extent above.  My db has a table for all certs, and a table for > all users, with a join by cert identifiers between the two tables. I hope you actually bind the actual public key instead of any kind of identifiers? Or would that not be a

Re: [cryptography] Symantec/Verisign DV certs issued with excessive validity period of 6 years

2012-05-01 Thread Peter Gutmann
>So does the expiry period actually matter that much? Intuitively yes, >rationally, no. That's a point that I've made as well in the past: Having said that, the idea that a short certificate lifetime is better seems to be accepted more as an article of faith than as a product of any real a

Re: [cryptography] Symantec/Verisign DV certs issued with excessive validity period of 6 years

2012-05-01 Thread Thor Lancelot Simon
On Wed, May 02, 2012 at 02:23:47AM +1200, Peter Gutmann wrote: > Thor Lancelot Simon writes: > > >NIST says 2048 bit RSA keys should have a 3 year lifetime. Who here really > >wants to explain to customers (or investors!) that he willfully ignored that > >recommendation and just reused the same

Re: [cryptography] Symantec/Verisign DV certs issued with excessive validity period of 6 years

2012-05-01 Thread Peter Gutmann
Thor Lancelot Simon writes: >NIST says 2048 bit RSA keys should have a 3 year lifetime. Who here really >wants to explain to customers (or investors!) that he willfully ignored that >recommendation and just reused the same old key when making the CSR for that >new certificate? This is standard