Kikx wrote:
Yes ...
but there is still 2 solutions
- A very big warning if we speak in SSL3 and the answer came in SSL2
SSL3 has a mechanism for detecting an attacker attempting to downgrade a
connection between two SSL3 endpoints to SSL2 in order to MITM it, if
that's what you mean.
-
Gervase Markham wrote:
Kikx wrote:
Yes ...
but there is still 2 solutions
- A very big warning if we speak in SSL3 and the answer came in SSL2
SSL3 has a mechanism for detecting an attacker attempting to downgrade a
connection between two SSL3 endpoints to SSL2 in order to MITM it,
[Apologies for the delay in replying.]
Nigel McFarlane wrote:
Not exactly. The point of trust is on reload, not on save. The MOTW is
merely metadata about the file's origin. I might configure my Firefox,
for example, to not alert for all content saved from www.mybank.com.
That's a matter of
Nigel McFarlane wrote:
I never said that Microsoft would provide an alternate *concrete*
solution. I said that they're developing an alternative to be
*promoted* as a solution; perhaps with some slick features that
make the promotion job easier.
This thread is about the power of rhetoric, not
Ian G wrote:
I hadn't seen that before. Currently I understand all
CAs to be in practice zero-accountable. Does anyone
know any different? Are there any payouts? Has a
CA ever been held to account?
On this point, I have noted that some CAs (e.g. XRamp) offer warranties
against fraudulent cert
Ian G wrote:
A CA root cert is no big deal. If it gets lost,
just mint another one and let everyone know
you lost it and to watch out for it.
Er, given that we have no OCSP and no-one's checking CRLs, I think
losing a root cert which is embedded in 99% of browsers out there would
be an
Duane wrote:
Why should something that will potentially effect all of us be shrouded
in such secracy, who has something to hide here? Security through
obscurity doesn't cut it, isn't that the exact oposite one of the
premises that's supposed to make open source software better?
Not all of the
On Friday 20 May 2005 23:47, Jean-Marc Desperrier wrote:
Gervase Markham wrote:
Er, given that we have no OCSP and no-one's checking CRLs, I think
losing a root cert which is embedded in 99% of browsers out there would
be an _extremely_ big deal.
But OCSP/CRL can not help in case of
Ian,
Ian G wrote:
But OCSP/CRL can not help in case of *root* cert compromission.
There's nothing above it to sign the validity information.
Can't it revoke itself?
This is priceless and one for the books. This statement shows that you
really don't understand PKI !
Revocation checks cannot be
Frank Hecker wrote:
As I've said before, I don't think use of certs in general and SSL in
particular should be artificially constrained to fit the perceived
requirements of the Internet e-commerce market. To get back to Gerv's
draft paper, I think his discussion is consistent with that
10 matches
Mail list logo
