Eric Rescorla wrote:
SHA-1 is only 2^80 strong against birthday attack. If you
go around using SHA-1 or worse yet MD5 to sign stuff then
using a private key of size 1024 is only of limited value.
If you want to forge a signature, you will probably not be able to use
the birthday attack.
Burger, Kobus K wrote:
I have noticed a couple of discrepancies between mainframe support for MDC2
and OpenSSL's support:
* Mainframe supports MDC2 with various keys (The documentation notes that
the default key is the same as the one used by OpenSSL) - Openssl has a
single key
Raghuram Belur wrote:
I am wondering if it is possible to use some simple cross-platform
[PRNG] on the client which is probably not too hard to guess and use
a more robust mechanism such as an entropy gathering daemon on the
server
You will have to be very careful. For example, if you use
Geoff Thorpe wrote:
Which leaves
the mathematical consideration of the multi-prime keys themselves, and
their generation, to be debated (ie. I doubt the patent could rest on an
argument that it is a physical process, or an implementation invention,
because that should bang its head on the
Leland V. Lammert wrote:
I don't think you have placed OpenSSL in the proper
perspective. OpenSSL is a *toolkit* used primarily with OTHER
applications.
Most toolkits have documentation, though. Developers need to know how
to use the product just like anyone else. For an example, see the
Dr. Greg Quinn wrote:
A big limitation as far as I can see would be getting certs
pre-installed into web browsers. The chance of either MS or
netscape doing this would be close to none.
Yes. On the other hand, there is a way of giving people a trusted
copy of the root certificate without
Kristian Köhntopp wrote:
Now, where do I find a free SSLified IMAP server, please? ;-)
It depends if you want the old or new version of the protocol. The
old version has a different port number for secured IMAP; the new one
doesn't. If you want the new version, you could have a look at
At long last, here is the first beta release of SafeGossip, which
implements the new RFCs and Internet drafts for telnet, FTP, IMAP, POP
and SMTP over TLS.
Here are some of the new features:
* Telnet support is now implemented according to the Internet draft.
* You can now configure SafeGossip
Jeffrey Altman wrote:
How are you mapping a client cert to a local Unix account name?
Are you using a field within the cert? If so, which one(s)? Are
different fields used for different services?
Or are you using some form of Certificate MApping Service which takes
a validated cert as
Joe Pruett wrote:
did you ever find a way to do this? i am just starting down the same
road. pgp licensing is way out of control for commercial use nowadays
($9500!).
If you want to do PGP-style messages for commercial use, you are
probably best off with the GNU Privacy Guard
Some of you have been asking about my package which implements various
protocols over TLS. Here is an alpha release. I have called the
package SafeGossip, or Gossip for short.
Currently the protocols implemented are FTP, telnet (sort of), IMAP,
SMTP and POP. Gossip supports both the old and
Craig Idler wrote:
Has someone done something like this in the past? It seems an ssl enabled
telnet program could do this. It's so easy to use basic telnet talking to port
80, but using something that communicates with port 443 is a different story.
Try "openssl s_client". This is similar
Dave Neuer wrote:
RSADSI seem to have a propensity for casting information in a decidedly
pro-RSADSI light. Kind of like the way they convinced the IETF that the
licensing for RSA would always be "affordable and non-discriminatory."
Interestingly one of the RFCs says that the licence fee is
hat a user possesses a
certificate. (It is often said that certificates should only be used to
vouch for identity and not as a basis for access control decisions. Of
course in practice people do not always keep to this.)
---
Pete Ch
Michael Urban wrote:
Perhaps a file mapping a certificate subject name to a local
username is a better solution. The certificate can be used at sites
with different usernames that aren't known at certificate issue time,
and doesn't require extra baggage in the certificate.
This might work
15 matches
Mail list logo