travis+ml-rbcryptogra...@subspacefield.org writes:
> couldn't immediately see a way for a system to increment the iteration
> count without having the user re-enter a password, since U_x seems
Jon Callas already hinted at the real solution. Don't be clever. When you
change your policy, add code t
travis+ml-rbcryptogra...@subspacefield.org writes:
> Your implication is, "don't try, don't even discuss trying".
No, I mean that we should do better by taking into account the whole system,
including the capabilities of the developers and users, and the business
requirements and realities. We sh
James A. Donald writes:
> What he wants is the that probability is cumulative - that each short
> field not only validates the latest packet, but strengthens the
> probability that all previous accepted packets were correct.
Schneier and Kelsey described a potentially-similar-enough technique:
Arshad Noor writes:
> system. Last I heard, we are all still free to travel where we
> want and how we want, in the US.
I believe this is where John Gilmore steps in...
Arshad, your argument seems to be that since we're already in an Orwellian
society (your words, referring to the E
travis+ml-rbcryptogra...@subspacefield.org writes:
> http://tcpcrypt.org/tcpcrypt-slides.pdf
>
> Interesting discussion vis-a-vis server-side SSL performance.
I don't know how they ginned up that 82x figure. I've looked long and hard,
and never seen anything near that bad. The best worst I've fo
Looking forward to Perry's moderated list coming back online.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Ian G writes:
> As I say, highly counter-culture and widely disagreed :)
Really? I think this audience at least is likely to agree with you. I do,
particularly your hypothesis 5 (I learned it from Saltzer et al.).
Granted, there are all these people who believe that DNS and BGP and so on
should
James A. Donald writes:
> No one gets appointed to the CAFC for having any knowledge or relevant
> expertise in the subject matter of patents. None of them, not a one,
> understand what is being patented,
How many CAFC people have you talked to?
--
http://noncombatant.org/
_
James A. Donald writes:
> >How many CAFC people have you talked to?
>
> By their fruits shall you know them.
So zero, then.
Ok.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Sandy Harris writes:
> First, it is open source. The code can be audited, and anyone with really
People make too much of this. In my experience, given the level of detail
that you need to absorb to properly audit this kind of C code, it's not
really all that different from auditing disassembled o
"Mere" accidents like disk errors are the most common and likely problem,
and by themselves justify strong integrity protection. Hence ZFS. License
problems mean you'll never boot Linux from it, but FreeBSD can, and OS X
supports it. Linux' answer is btrfs or something like that.
On Jan 19, 2011 6:
Marsh Ray writes:
> Of course, Microsoft helpfully provides the government of Tunisia with a
> trusted root CA in their products. If you have access to a Windows box,
> visit https://www.certification.tn/ . Then look for "Agence Nationale de
> Certification Electronique" in your personal trusted r
On Sep 12, 2011, at 2:02 AM, Ian G wrote:
>> (There are likely some Googlers on this list who can speak authoritatively
>> on whether their management are "scared as hell" or even noticing.)
>
> Googlers are unlikely to do so. Google has a firm rule about not discussing
> business outside the c
On Sep 17, 2011, at 8:54 PM, Arshad Noor wrote:
> When one connects to a web-site, one does not trust all 500 CA's in
> one's browser simultaneously;
Actually, that is exactly the situation.
If, and only if, the person operating the browser inspects the certificate
chain and knows what to expec
Just to clarify things, let's put a face on the phenomenon:
http://www.washingtonpost.com/world/middle-east/syrian-activist-ghiyath-matars-death-spurs-grief-debate/2011/09/14/gIQArgq8SK_story.html
Before you say "It's the dissident's fault", "everyone obviously does, or
should, understand that S
Please look into how code signing on Android works and what it means. It's
not what you think — there are no CAs. By making their signing key public,
if that's what they do, Cyanogen out their users at huge risk: any third
party app can take any System or SystemOrSignature permission, or
impersonat
On Wed, Sep 21, 2011 at 11:30 AM, ianG wrote:
> It's a good term! Add my use: There is a universal implicit
> cross-certification in the secure browsing PKI, and the industry knows it,
> or should know it.
>
> Indeed, we can show evidence of this in Chrome's CA pinning.
I had assumed everyone
On Wed, Sep 21, 2011 at 2:27 PM, Joe St Sauver wrote:
> Well, its obviously not quite that easy yet, but users can currently get
> a free client cert by visiting a web page and filling out a form, and
IanG's point was that there should be no web page, no form. You know
how sshd generates a host
On Sep 21, 2011, at 10:11 PM, M.R. wrote:
>> Please look into how code signing on Android works and what it means.
> A quick summary would be appreciated, especially on the "meaning" part.
Google: [ android code signing ]
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
"""Andr
On Sep 25, 2011, at 9:10 PM, James A. Donald wrote:
> Having a government apparatus to fix liquidity crises is not a solution. I
> recommend instead bankruptcy, and indentured servitude to for those bankrupts
> whose lenders were misled.
Thank you for your honesty. It's important for people to
20 matches
Mail list logo
