At 02:55 PM 6/8/2003, James A. Donald wrote:
Attached is a spam mail that constitutes an attack on paypal similar
in effect and method to man in the middle.
The bottom line is that https just is not working. Its broken.
The fact that people keep using shared secrets is a symptom of https
not work
At 10:09 PM 6/4/2003, James A. Donald wrote:
Eric Rescorla
> Nonsense. One can simply cache the certificate, exactly as
> one does with SSH. In fact, Mozilla at least does exactly
> this if you tell it to. The reason that this is uncommon is
> because the environments where HTTPS is used are genera
At 02:30 PM 3/5/2003 -0500, Steven M. Bellovin wrote:
>From: Somebody
>
>Technically, since their signal speed is slower than light, even
>transmission lines act as storage devices.
>
>Wire tapping is now legal.
The crucial difference, from a law enforcement perspective, is how hard
it is to get th
At 07:30 PM 8/12/2002 +0100, Adam Back wrote:
>(Tim Dierks: read the earlier posts about ring -1 to find the answer
>to your question about feasibility in the case of Palladium; in the
>case of TCPA your conclusions are right I think).
The addition of an additional security ring with
At 09:07 PM 8/12/2002 +0100, Adam Back wrote:
>At some level there has to be a trade-off between what you put in
>trusted agent space and what becomes application code. If you put the
>whole application in trusted agent space, while then all it's
>application logic is fully protected, the danger
