Hi David,
>>> Most private keys are issued by, not merely certified by, the CAs.
>> Can you give numerical evidence for this claim?
>>
> Device certificates (those that go into mass manufactured products)
> typically have the CA provide both keys and cert. The back and forth of
> keygen->CSR->Sign
On 9/6/2013 6:58 AM, Ralph Holz wrote:
Hi,
On 09/06/2013 07:12 AM, James A. Donald wrote:
Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
Device certificates (those that go into mass manufactured products)
typically have the
On 06/09/13 14:58, Ralph Holz wrote:
On 09/06/2013 07:12 AM, James A. Donald wrote:
Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
I was also thinking "[citation required]".
The CAs I work with - StartSSL and DFN - either
On 2013-09-06 11:58 PM, Ralph Holz wrote:
I'd be surprised if a majority of CAs
insisted on generating the key for you.
No one insists, as far as I know. The problem is that idiocy is
possible and permissible, not that it is mandatory.
___
crypto
2013/9/6 ianG
> Hmmm, curious. I haven't seen that. I would also suspect it breaks a lot
> of CPSs and user agreements. But no matter, they're all broken anyway.
>
A 'user agreement' is an agreement between a company and a 'user'. All
claims in it shall hold valid unless law dictates otherwis
Hi,
On 09/06/2013 07:12 AM, James A. Donald wrote:
> Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
The CAs I work with - StartSSL and DFN - either allow to send CSRs or
use the HTML keygen method. I'd be surprised if a majority
On 6/09/13 08:12 AM, James A. Donald wrote:
Most private keys are issued by, not merely certified by, the CAs.
If issued by, not private. Chances are the controlling authority also
gets a copy of that private key.
Hmmm, curious. I haven't seen that. I would also suspect it breaks a
lot of
Most private keys are issued by, not merely certified by, the CAs.
If issued by, not private. Chances are the controlling authority also
gets a copy of that private key.
To install your keys on your https server is painful, despite numerous
people assuring me it is easy, and involves transpo
On 9/5/13 6:25 PM, Andy Isaacson wrote:
However, virtually nobody properly keys their ciphers with physical
entropy. I suspect that correlated key PRNG attacks are almost
certainly a significant part of the NSA/GCHQ crypto break. Many
deployed systems expose a significant amount of correlated
Tinfoil hat time ...
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
With today's disclosures, the question turns to -- what has the NSA
broken? Unfortunately the journalists bowed to pressure from the
espionage-industrial complex and decided not to publish specif
10 matches
Mail list logo