Re: [cryptography] The Trouble with Certificate Transparency

burned, and this has happened before. But the beauty of it is that there are so many CAs for attackers to choose from! CT would allow the game to continue while maybe changing the details a little. Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] The Trouble with Certificate Transparency

On Sun, Sep 28, 2014 at 05:18:33PM -0400, Paul Wouters wrote: > On Sun, 28 Sep 2014, Nicolai wrote: > > >On Fri, Sep 26, 2014 at 10:31:00PM -0400, Paul Wouters wrote: > > > >>But we have other decentralised methods that have better privacy (such > >>as dnssec &

Re: [cryptography] The Trouble with Certificate Transparency

sia support DNSSEC. Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] The Trouble with Certificate Transparency

wo under its belt I'd like to try DNSChain, but for now I'm unwilling to touch major TLS libraries. DNSChain and MinimaLT seem like they could be a great match... Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Curve25519 in OpenSSH & libssh

? Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Backdoors in software

probably uses Windows, right? NB: I'm not making any claim for or against TrueCrypt. Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service

he site which primitives are used client-side. All I see is that combinations of sftp and ssl are used for data-in-flight. Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] NaCl Documentation?

have not gotten any > output). You won't get feedback for a while. After beginning the do script, you can tail -f nacl-20110221/build/$host/log to see progress. Nicolai ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] DKIM: Who cares?

ontradicts my first answer. DNS imposes a limit of 512 bytes (not bits) on UDP packets. Larger packets are truncated and marked with the TC bit. This signals the resolver to retry using TCP. 512 bytes is more than enough for a TXT record con