[EMAIL PROTECTED] writes:
On 27 May 2002 at 19:56, Peter Gutmann wrote:
[EMAIL PROTECTED] writes:
My impression is that S/MIME sucks big ones, because it commits one
to a certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
Eric Murray [EMAIL PROTECTED] writes:
Additionally, there is nothing that prevents one from issuing certs that can
be used to sign other certs. Sure, there are key usage bits etc but its
possible to ignore them. It should be possible to create a PGP style web of
trust using X.509 certs, given
[EMAIL PROTECTED] writes:
My impression is that S/MIME sucks big ones, because it commits one to a
certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
criticising is PEM circa 1991, not S/MIME. Things have moved on a bit
Curt Smith [EMAIL PROTECTED] writes:
1. How do you create a X.509 signing hierarchy?
Grab whatever crypto software you feel most comfortable with that does X.509
and start cranking out certs.
2. Can you add additional algorithms (ie. Twofish)?
Certs are for public-key algorithms, so Twofish
On 27 May 2002 at 19:56, Peter Gutmann wrote:
[EMAIL PROTECTED] writes:
My impression is that S/MIME sucks big ones, because it commits one
to a certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
criticising is PEM
On Fri, May 24, 2002 at 04:40:36PM -0700, Eric Murray wrote:
Additionally, there is nothing that prevents one from issuing certs
that can be used to sign other certs. Sure, there are key usage bits
etc but its possible to ignore them.
The S/MIME aware MUAs do not ignore the trust delegation
On Fri, 24 May 2002, Eric Murray wrote:
3. Is a relavent developer reference is available for X.509?
X.509 is an ITU/T standard, which means, among other things, that
they charge money for copies. You can find copies on the net though.
Depending on how good your local library is, they
contrary [EMAIL PROTECTED] writes:
As long as you obtain your S/MIME certificate from an apporved CA, using an
approved payment method and appropriate identification.
The only CA-issued certs I've ever used were free, and under a bogus name.
Usually I just issue my own. You really need to
Curt Smith [EMAIL PROTECTED] writes:
Certificate Authorities issue certificates complete with CA imposed expiration
dates and usage limitations. (I prefer independent systems with unrestricted
certificates)
So issue your own. Honestly, why would anyone want to *pay* some random CA for
this?
On Fri, 24 May 2002 17:13:18 +1200 (NZST), Peter Gutmann
[EMAIL PROTECTED] said:
contrary [EMAIL PROTECTED] writes:
As long as you obtain your S/MIME certificate from an apporved
CA, using an
approved payment method and appropriate identification.
The only CA-issued certs I've ever
--
On 23 May 2002 at 0:24, Lucky Green wrote:
Tell me about it. PGP, GPG, and all its variants need to die
before S/MIME will be able to break into the Open Source
community, thus removing the last, but persistent, block to an
instant increase in number of potential users of secure email
--
On 23 May 2002 at 21:58, Adam Back wrote:
This won't achieve the desired effect because it will just
destroy the S/MIME trust mechanism. S/MIME is based on the
assumption that all CAs are trustworthy. Anyone can forge any
identity for clients with that key installed. S/MIME isn't
On Fri, May 24, 2002 at 12:07:48PM -0700, Curt Smith wrote:
While we are on the subject of issuing your own X.509
certificates:
1. How do you create a X.509 signing hierarchy?
Do a web search on openssl certificate authority.
2. Can you add additional algorithms (ie. Twofish)?
Yes, if
On Fri, May 24, 2002 at 11:17:08AM -0700, [EMAIL PROTECTED] wrote:
--
On 23 May 2002 at 0:24, Lucky Green wrote:
Tell me about it. PGP, GPG, and all its variants need to die
before S/MIME will be able to break into the Open Source
community, thus removing the last, but persistent,
-BEGIN PGP SIGNED MESSAGE-
Lucky Green [EMAIL PROTECTED] writes:
PGP, GPG, and all its variants need to die before S/MIME will be
able to break into the Open Source community, thus removing the
last, but persistent, block to an instant increase in number of
potential users of secure
At 12:43 AM 05/22/2002 -0400, R. A. Hettinga wrote:
At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK:
Well, yes, but you seem to be implying some sinister motive that
not all of us are reading between the lines clearly enough to see
:) I mean, otherwise, this just seems like a fairly
Adam wrote:
Which is too bad. If NAI-PGP went away completely, then
compatability problems would be reduced. I also expect that
the German goverment group currently funding GPG would be
more willing to fund UI work for windows.
Tell me about it. PGP, GPG, and all its variants need to
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote:
| Adam wrote:
| Which is too bad. If NAI-PGP went away completely, then
| compatability problems would be reduced. I also expect that
| the German goverment group currently funding GPG would be
| more willing to fund UI work
At 10:34 AM -0400 5/23/02, Adam Shostack wrote:
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote:
| Adam wrote:
| Which is too bad. If NAI-PGP went away completely, then
| compatability problems would be reduced. I also expect that
| the German goverment group currently funding
On Thu, 23 May 2002, Adam Back wrote:
On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
So what if we create the Cypherpunks Root CA, which (either) signs
what you submit to it via a web page, or publish the secret key?
This won't achieve the desired effect because it will
Meyer Wolfsheim wrote:
NAI is now taking steps to remove the remaining copies of PGP
from the Internet, not long after announcing that the company
will not release its fully completed Mac OS X and Windows XP
versions, and will no longer sell any copies of its PGP software.
Do we still
-BEGIN PGP SIGNED MESSAGE-
At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK:
Well, yes, but you seem to be implying some sinister motive that
not all of us are reading between the lines clearly enough to see
:) I mean, otherwise, this just seems like a fairly garden-variety
At 03:03 PM 5/21/2002 -0700, Meyer Wolfsheim wrote:
NAI is now taking steps to remove the remaining copies of PGP from the
Internet, not long after announcing that the company will not release its
fully completed Mac OS X and Windows XP versions, and will no longer sell
any copies of its PGP
At 11:33 PM 5/21/02, you wrote:
At 5:41 PM -0700 on 5/21/02, Joseph S. Barrera III wrote on FoRK:
So what are they trying to do?
I've totally not been following PGP,
so I don't understand what they're doing.
O, I don't kno It looks, to *me* at least, like they're trying
to
Perhaps there is a conflict of interest issue as well?
NAI Labs is comprised of more than 100 dedicated scientific
and academic professionals in four locations in the Unites
States, and is entirely funded by government agencies such as:
the Department of Defense's (DoD) Defense Advanced Research
Disk encryption can always be augmented by physical security,
however communication encryption is dependent on available
encryption tools and legal rights. If quality tools are not
available, then individuals and businesses will not use them.
As long as communication encryption is not
NAI is now taking steps to remove the remaining copies of PGP from the
Internet, not long after announcing that the company will not release its
fully completed Mac OS X and Windows XP versions, and will no longer sell
any copies of its PGP software.
Do we still believe this was a pure
--
On 21 May 2002 at 15:03, Meyer Wolfsheim wrote:
NAI is now taking steps to remove the remaining copies of PGP
from the Internet, not long after announcing that the company
will not release its fully completed Mac OS X and Windows XP
versions?
Not a problem -- we have too many
At 5:41 PM -0700 on 5/21/02, Joseph S. Barrera III wrote on FoRK:
So what are they trying to do?
I've totally not been following PGP,
so I don't understand what they're doing.
O, I don't kno It looks, to *me* at least, like they're trying
to stamp out unauthorized copies of PGP
29 matches
Mail list logo