[EMAIL PROTECTED] writes:
>On 27 May 2002 at 19:56, Peter Gutmann wrote:
>>[EMAIL PROTECTED] writes:
>>>My impression is that S/MIME sucks big ones, because it commits one
>>>to a certificate system based on verisign or equivalent.
>>
>>I'll say this one more time, slowly for those at the back: Wh
On 27 May 2002 at 19:56, Peter Gutmann wrote:
> [EMAIL PROTECTED] writes:
>
> >My impression is that S/MIME sucks big ones, because it commits one
> >to a certificate system based on verisign or equivalent.
>
> I'll say this one more time, slowly for those at the back: What you're
> criticising
Curt Smith <[EMAIL PROTECTED]> writes:
>1. How do you create a X.509 signing hierarchy?
Grab whatever crypto software you feel most comfortable with that does X.509
and start cranking out certs.
>2. Can you add additional algorithms (ie. Twofish)?
Certs are for public-key algorithms, so Twof
[EMAIL PROTECTED] writes:
>My impression is that S/MIME sucks big ones, because it commits one to a
>certificate system based on verisign or equivalent.
I'll say this one more time, slowly for those at the back: What you're
criticising is PEM circa 1991, not S/MIME. Things have moved on a bit s
Eric Murray <[EMAIL PROTECTED]> writes:
>Additionally, there is nothing that prevents one from issuing certs that can
>be used to sign other certs. Sure, there are key usage bits etc but its
>possible to ignore them. It should be possible to create a PGP style web of
>trust using X.509 certs, g
--
Having been the verisign guy at a couple of companies, it appears
to me that the administrative costs of both models are
unacceptably high.
The hierarchical verisign model is useful when one wishes to
verify that something comes from a famous and well known name --
that this software reall
On Fri, 24 May 2002, Eric Murray wrote:
> > 3. Is a relavent developer reference is available for X.509?
>
> X.509 is an ITU/T standard, which means, among other things, that
> they charge money for copies. You can find copies on the net though.
Depending on how good your local library is, the
On Fri, May 24, 2002 at 04:40:36PM -0700, Eric Murray wrote:
> Additionally, there is nothing that prevents one from issuing certs
> that can be used to sign other certs. Sure, there are key usage bits
> etc but its possible to ignore them.
The S/MIME aware MUAs do not ignore the trust delegatio
On Fri, May 24, 2002 at 11:17:08AM -0700, [EMAIL PROTECTED] wrote:
> --
> On 23 May 2002 at 0:24, Lucky Green wrote:
> > Tell me about it. PGP, GPG, and all its variants need to die
> > before S/MIME will be able to break into the Open Source
> > community, thus removing the last, but persiste
On Thu, 23 May 2002 10:34:22 -0400, Adam Shostack said:
> Is there any Open source implementation of the protocol?
Well, there is a Free Software implementation called NewPG which
provides a backend called gpgsm - very similar to gpg. It is
currently under development but we already exchanged e
On Fri, May 24, 2002 at 12:07:48PM -0700, Curt Smith wrote:
> While we are on the subject of issuing your own X.509
> certificates:
>
> 1. How do you create a X.509 signing hierarchy?
Do a web search on "openssl certificate authority".
> 2. Can you add additional algorithms (ie. Twofish)?
Ye
--
On 23 May 2002 at 21:58, Adam Back wrote:
> This won't achieve the desired effect because it will just
> destroy the S/MIME trust mechanism. S/MIME is based on the
> assumption that all CAs are trustworthy. Anyone can forge any
> identity for clients with that key installed. S/MIME isn't
While we are on the subject of issuing your own X.509
certificates:
1. How do you create a X.509 signing hierarchy?
2. Can you add additional algorithms (ie. Twofish)?
3. Is a relavent developer reference is available for X.509?
--- Peter Gutmann <[EMAIL PROTECTED]> wrote:
> ...
> So issu
> 1. How do you create a X.509 signing hierarchy?
by issuing other people's keys with a subordinate CA certificate.?
--
On 23 May 2002 at 0:24, Lucky Green wrote:
> Tell me about it. PGP, GPG, and all its variants need to die
> before S/MIME will be able to break into the Open Source
> community, thus removing the last, but persistent, block to an
> instant increase in number of potential users of secure ema
On Fri, 24 May 2002 17:13:18 +1200 (NZST), "Peter Gutmann"
<[EMAIL PROTECTED]> said:
> "contrary" <[EMAIL PROTECTED]> writes:
>
> >As long as you obtain your S/MIME certificate from an apporved
> >CA, using an
> >approved payment method and appropriate identification.
>
> The only CA-issued
Curt Smith <[EMAIL PROTECTED]> writes:
>Certificate Authorities issue certificates complete with CA imposed expiration
>dates and usage limitations. (I prefer independent systems with unrestricted
>certificates)
So issue your own. Honestly, why would anyone want to *pay* some random CA for
this
"contrary" <[EMAIL PROTECTED]> writes:
>As long as you obtain your S/MIME certificate from an apporved CA, using an
>approved payment method and appropriate identification.
The only CA-issued certs I've ever used were free, and under a bogus name.
Usually I just issue my own. You really nee
Adam Shostack <[EMAIL PROTECTED]> writes:
>Are you claiming that S/mime no longer has the enourmous compatability
>problems it used to have?
It never had much in the way of compatibility problems (see e.g. RSA's S/MIME
interop page, if it still exists - even Microsoft's implementation would
inte
On Thu, 23 May 2002, Adam Back wrote:
> On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> > So what if we create the Cypherpunks Root CA, which (either) signs
> > what you submit to it via a web page, or publish the secret key?
>
> This won't achieve the desired effect because it w
On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> So what if we create the Cypherpunks Root CA, which (either) signs
> what you submit to it via a web page, or publish the secret key?
This won't achieve the desired effect because it will just destroy the
S/MIME trust mechanism. S/
On Thu, May 23, 2002 at 07:10:01PM +0100, Adam Back wrote:
| Certificate authorities also can forge certificates and issue
| certificates in fake names if asked by government agencies. S/MIME is
| too much under central control by design to be a sensible choice for
| general individual use.
So w
Certificate authorities also can forge certificates and issue
certificates in fake names if asked by government agencies. S/MIME is
too much under central control by design to be a sensible choice for
general individual use.
The central control is doubtless primarily motivated by the hopes of
tu
Greetings,
On Thu, 23 May 2002 00:24:00 -0700, "Lucky Green"
<[EMAIL PROTECTED]> said:
> Adam wrote:
> > Which is too bad. If NAI-PGP went away completely, then
> > compatability problems would be reduced. I also expect that
> > the German goverment group currently funding GPG would be
> > m
Although I also hope for widespread e-mail encryption, I feel
that S/MIME introduces more problems than it resolves.
Certificate Authorities issue certificates complete with CA
imposed expiration dates and usage limitations.
(I prefer independent systems with unrestricted certificates)
Certifica
At 10:34 AM -0400 5/23/02, Adam Shostack wrote:
>On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote:
>| Adam wrote:
>| > Which is too bad. If NAI-PGP went away completely, then
>| > compatability problems would be reduced. I also expect that
>| > the German goverment group currently fun
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote:
| Adam wrote:
| > Which is too bad. If NAI-PGP went away completely, then
| > compatability problems would be reduced. I also expect that
| > the German goverment group currently funding GPG would be
| > more willing to fund UI work
Adam wrote:
> Which is too bad. If NAI-PGP went away completely, then
> compatability problems would be reduced. I also expect that
> the German goverment group currently funding GPG would be
> more willing to fund UI work for windows.
Tell me about it. PGP, GPG, and all its variants need to
-BEGIN PGP SIGNED MESSAGE-
"Lucky Green" <[EMAIL PROTECTED]> writes:
> PGP, GPG, and all its variants need to die before S/MIME will be
> able to break into the Open Source community, thus removing the
> last, but persistent, block to an instant increase in number of
> potential users of
At 12:43 AM 05/22/2002 -0400, R. A. Hettinga wrote:
>At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK:
> > Well, yes, but you seem to be implying some sinister motive that
> > not all of us are reading between the lines clearly enough to see
> > :) I mean, otherwise, this just seems like a
On Wed, May 22, 2002 at 01:00:54AM -0700, Lucky Green wrote:
| Most likely, this Peter Beruk is new at his job, has not yet figured out
| that C-level management at NAI wants copies of PGP floating about the
| Net, but needs to of course protect their trademarks and copyrights by
| dutifully send
Disk encryption can always be augmented by physical security,
however communication encryption is dependent on available
encryption tools and legal rights. If quality tools are not
available, then individuals and businesses will not use them.
As long as communication encryption is not widespre
Perhaps there is a conflict of interest issue as well?
"NAI Labs is comprised of more than 100 dedicated scientific
and academic professionals in four locations in the Unites
States, and is entirely funded by government agencies such as:
the Department of Defense's (DoD) Defense Advanced Research
At 11:33 PM 5/21/02, you wrote:
>At 5:41 PM -0700 on 5/21/02, Joseph S. Barrera III wrote on FoRK:
>
>
> > So what are they trying to do?
> > I've totally not been following PGP,
> > so I don't understand what they're doing.
>
>O, I don't kno It looks, to *me* at least, like they're tr
At 03:03 PM 5/21/2002 -0700, Meyer Wolfsheim wrote:
>NAI is now taking steps to remove the remaining copies of PGP from the
>Internet, not long after announcing that the company will not release its
>fully completed Mac OS X and Windows XP versions, and will no longer sell
>any copies of its PGP s
-BEGIN PGP SIGNED MESSAGE-
At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK:
> Well, yes, but you seem to be implying some sinister motive that
> not all of us are reading between the lines clearly enough to see
> :) I mean, otherwise, this just seems like a fairly garden-variety
Meyer Wolfsheim wrote:
> NAI is now taking steps to remove the remaining copies of PGP
> from the Internet, not long after announcing that the company
> will not release its fully completed Mac OS X and Windows XP
> versions, and will no longer sell any copies of its PGP software.
>
> Do we s
At 9:43 AM +0530 on 5/22/02, Udhay Shankar N wrote:
> Does this include the free versions at, e.g, http://www.pgpi.com/ ? If it
> does not, why should this make any great difference, apart from making NAI
> look like even bigger horse's asses than they already do?
There's that, then. I suppose
At 5:41 PM -0700 on 5/21/02, Joseph S. Barrera III wrote on FoRK:
> So what are they trying to do?
> I've totally not been following PGP,
> so I don't understand what they're doing.
O, I don't kno It looks, to *me* at least, like they're trying
to stamp out "unauthorized" copies of
--
On 21 May 2002 at 15:03, Meyer Wolfsheim wrote:
> NAI is now taking steps to remove the remaining copies of PGP
> from the Internet, not long after announcing that the company
> will not release its fully completed Mac OS X and Windows XP
> versions?
Not a problem -- we have too many commu
40 matches
Mail list logo
