I'll go out on a limb and give an answer to this question that I know some will
disagree with. The answer is both yes and no. I'll
warn you that this emal drags on a bit and some of my ideas may be incorrect. If so -
will those who come across these errors
please advise me. Unlike some - w
Dennis Glatting wrote:
> ...Certificate theft is but one very real
> problem that undermines the credibility of certificates in general.
Certificates aren't secret data, and *can't* be stolen.
> ...Additionally, not one
> web site I have visited in the last year has asked for my client
> cert
Before going too much further down this path, it's useful to think about
what CAs are actually needed for, and what certificates are actually needed
for - certificates like those discussed below don't seem to match any
existing requirements.
Right now, CAs like Verisign and Thawte certify that
I have a "phony" HTTPS server that I've written using OpenSSL. MS Explorer
has no trouble talking to it, but with Netscape, every other time I try to
connect with it, Netscape throws a message box up saying "Netscape has
encountered bad data from the server."
It happens every *other* time I try
Calm down. I think we are missing the point here. (I don't want to sound
rude)
My original question still hasn't been answered yet. So please, I'm asking
you, this is really important to me. I'm a ICT engineer and I graduate this
year. This question is part of my thesis. I think you understand
On Thu, 23 Dec 1999, Massimiliano Pala wrote:
> What if certificates could be issued by Municipalities CAs ? Just
> like they issue ID cards ? I mean, now you need a credit-card to
> demonstrate you are you and able to spend... thnik about the
> possibility to get certificates issued by govenam
> So??? what are you saying? In general any good design and
> implementation is better than a bad one regardless of the
> choice of the implementation language. It appears to me that you
> are accusing the OpenSSL developers of producing a
> "hack"... Or did I interpret what you said prope
Bill Michaelson wrote:
> I've long believed that acceptance of liability by CA's is what would truly
> make certificates meaningful in a practical sense. I'd rather have a
> certificate with (fidelity?) insurance from Lloyd's or Citigroup than
> what Verisign offers, and it's really what irks me
Creed Millman wrote:
>
> What if each country's government were to act as CAs? To me this seems the
> most logical solution. They already issue passports, driver's licenses,
> etc., - why not digital certificates? This would also tie in well with
> Massimiliano Pala's vision: "Indeed I see cer
So??? what are you saying? In general any good design and implementation is better
than a bad one regardless of the
choice of the implementation language. It appears to me that you are accusing the
OpenSSL developers of producing a
"hack"... Or did I interpret what you said properly?
On
What if each country's government were to act as CAs? To me this seems the
most logical solution. They already issue passports, driver's licenses,
etc., - why not digital certificates? This would also tie in well with
Massimiliano Pala's vision: "Indeed I see certificates to be like ID cards:
y
Bill Michaelson wrote:
>
> > As far as liability being a show stopper, I agree with Ben that it's not.
> > "Not for profit" doesn't mean free, it just means "at cost". The cost of
> > managing the liability can be passed on to customers like everything else.
>
> I've long believed that acceptan
Matthias Loepfe wrote:
>
> Hi again,
>
> Does really NOBODY has anything to say about the following? Shouldn't the server
> try to always choose the best available cipher?
>
> regards
>
> Matthias
>
> Matthias Loepfe wrote:
> >
> > Hi
> >
> > I have fundamental question regarding choosing the
Michael Ströder wrote:
>
> Massimiliano Pala wrote:
> >
> > Dr Stephen Henson wrote:
> >
> > > Oh and don't even think about using BMPStrings or UTF8Strings in
> > > certificates or CRLs BTW.
> >
> > Do you, or anyone, have contacts with Netscape people (or can get me
> > in contact with) to know
Matthias Loepfe wrote:
>
> Hi again,
>
> Does really NOBODY has anything to say about the following? Shouldn't the server
> try to always choose the best available cipher?
Why is DES-CBC3-SHA better than RC4-MD5?
Cheers,
Ben.
>
> regards
>
> Matthias
>
> Matthias Loepfe wrote:
> >
> > Hi
> As far as liability being a show stopper, I agree with Ben that it's not.
> "Not for profit" doesn't mean free, it just means "at cost". The cost of
> managing the liability can be passed on to customers like everything else.
I've long believed that acceptance of liability by CA's is what woul
I think the discussion should be continued on another mailing list :-D This is
really OT, here (sorry people) ...
If you can/want to continue discussing it, please subscribe to
[EMAIL PROTECTED]
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
Hi again,
Does really NOBODY has anything to say about the following? Shouldn't the server
try to always choose the best available cipher?
regards
Matthias
Matthias Loepfe wrote:
>
> Hi
>
> I have fundamental question regarding choosing the chipher in SSL. The spec
> says that the client sen
> WHy woudl you transform it to C++. It adds about 50K to the
> executable on linux GCC and runs slower. I can't see much reason
> to use C++ for a library liek OpenSSL
Your statement is not generally applicable! A C++ binary may be
a bit larger than a C++ binary. Wheter it runs slower depen
Massimiliano Pala wrote:
>
> Dr Stephen Henson wrote:
>
> > Oh and don't even think about using BMPStrings or UTF8Strings in
> > certificates or CRLs BTW.
>
> Do you, or anyone, have contacts with Netscape people (or can get me
> in contact with) to know what they are doing by now and if they w
20 matches
Mail list logo
