> This isn't really a problem with the servers though, the problem lies
> in the fact that client-side certs are (effectively) unworkable. I
> know of a number of organisations who wanted to use them and ran into
> so many problems just with pilots involving small numbers of
> (presumably) exper
"Steven M. Bellovin" wrote:
>
> It's clearly not automatic, but I suspect it would work
>
User behaviour is the weak point here--while the browsers WILL notify
you that the cert is signed by a CA you don't recognize, they also
give you the option of accepting the cert, which most users wi
Date: Mon, 16 Aug 1999 22:03:49 -0600
Reply-To: mea culpa <[EMAIL PROTECTED]>
From: mea culpa <[EMAIL PROTECTED]>
Subject: Bill reopens encryption access debate
To: [EMAIL PROTECTED]
http://www.fcw.com:80/pubs/fcw/1999/0816/fcw-newsencrypt-08-16-99.html
Bill reopens encryption acces
--- begin forwarded text
From: [EMAIL PROTECTED]
Date: Mon, 16 Aug 1999 13:34:55 -0500
To: [EMAIL PROTECTED]
Subject: IP: Latest in computer security revealed
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Source: EurekAlert!
http://www.eurekalert.org/releases/wpi-lic081699.html
FOR I
Michael Helm wrote:
>
> > > > The attacker could also present a certficate from a fake CA with an
> > > > appropriate name -- say, "Netscape Security Services", or something that
> > > Right. In which case Netscape brings up a different dialog which
> > > says that the server certificate is signe
http://www.rtfm.com/puretls/
Claymore Systems, Inc. is pleased to announce the availability of
PureTLS 0.9a2. PureTLS is a free pure Java implementation of TLS and
SSLv3. This is the second Alpha release of PureTLS. We consider
the code quality to be late Alpha. That is to say, it's undergone som
At 11:39 AM -0500 8/13/99, Jim Thompson wrote:
> >> This thread started over concerns about diskless nodes that want to
>>> run IPsec. Worst case, these boxes would not have any slots or other
>>> expansion capability. The only source of entropy would be network
>>> transactions, which makes me n
At 2:00 PM -0400 on 8/17/99, [EMAIL PROTECTED] wrote:
> Title: Security Firm to Revive Computer-Defense Site
> Resource Type: News Article
> Date: August 17, 1999
> Source: NYT (Free Registration Required)
> Author: PETER WAYNER
> Keywords: KROLL-O'GARA,PACKET STORM,WEBSITE TAKEOVER,HACK
Peter Gutman said:
>> Smart cards with thumbprint readers are one step in this
>> direction, although they're currently prohibitively expensive.
American Biometrics (www.abio.com) has their Biomouse II, which I once
heard was supposed to retail around $250 or so. The old finger-only
Biomouse sho
At 09:11 PM 8/17/99 -0700, Nick Szabo wrote:
>>how it was prepared. There simply *cannot* be an all-purpose statistical
>>test.
>
>Quite so. I'd like to see what Maurer's "universal" test
>says about the entropy of completely predictable sequences
>like the following:
>
>(1) pi
>(2) Champernowne
http://www.house.gov/barr/p_081699.html
(Search his web site for "Echelon" for more press releases. --gnu)
Forwarded-by: Paul Wolf <[EMAIL PROTECTED]>
HOUSE COMMITTEE TO HOLD PRIVACY HEARINGS
BARR OBTAINS COMMITMENT FROM GOVERNMENT REFORM
WASHINGTON, DC -- U.S. Representative Bob Barr (GA-7)
On Wed, 18 Aug 1999, Arnold G. Reinhold wrote:
> Finally, I think thought should be given to the question of how to
> use copious hardware random number generators on systems where they
> are available. These could include on-chip RNGs, like the Pentium
> III's, sound cards with noise input, H
--- begin forwarded text
Date: Fri, 20 Aug 1999 02:27:15 -0400
Reply-To: Law & Policy of Computer Communications
<[EMAIL PROTECTED]>
Sender: Law & Policy of Computer Communications
<[EMAIL PROTECTED]>
From: Vin McLellan <[EMAIL PROTECTED]>
Subject: Nonrepudiation and what to do a
Visit http://www.1on1mail.com/
It has a downloadable Windows client that I haven't tried yet, and a lot
of blather about how secure 2048 bit RSA keys are. It's free, supported
by ads. I wonder if it puts them in the encrypted messages.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetr
John Denker:
>There are profound theoretical reasons to believe it is impossible to
>calculate a useful lower bound on the entropy of a string without knowing
>how it was prepared. There simply *cannot* be an all-purpose statistical
>test.
Quite so. I'd like to see what Maurer's "universal" te
Hello,
After having implemented and successfully tested Ross Anderson's idea
to use the video output to synthesize a mediumwave AM signal, I
wondered if a similar effect could be obtained by using only the CPU,
since it was easy to correlate CPU activity with radio noise. I've
just written a quic
What does decorellation do?
--
Mike Stay
Cryptographer / Programmer
AccessData Corp.
mailto:[EMAIL PROTECTED]
We offer the European Parliament-sponsored reports which
have been prepared as follow-up to the 1998 "Appraisal of
the Technologies of Political Control."
The four-part series is titled "Development of Surveillance
Technology and Risk of Abuse of Economic Information
(an appraisal of technologi
Starium is about to start selling $100 phone encryption units,
according to this article:
http://www.wired.com/news/news/technology/story/21236.html
This could potentially change the encryption debate landscape quite
dramatically, as even casual users will be able to justify the price.
--
Pe
After a week of machine crashes and internet access problems, I've
finally caught up on the moderation backlog. I'm very sorry about the
temporary disruption.
--
Perry Metzger [EMAIL PROTECTED]
--
"Ask not what your country can force other people to do for you..."
I've received some questions by email which are beyond my ability to
answer. The questions are about the cryptographic strength of the plugin
for bo2k (3DES IIRC, see www.bo2k.com and www.cdc.com, down once in a
while it seems). If anyone don't know what bo2k is, it's a remote control
utility whic
The Canadian Dep't of Foreign Affairs & International Trade (DFAIT) has an export law
page at:
http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm
It includes this text:
| PROPOSED EXPORT CONTROL LIST CHANGES:
|
| 12. The Wassenaar ... States agreed to ... a Cryptography Note
| app
With N key bits, there are 2^N different subsets of key bits. If you
fix a plaintext, then each ciphertext bit is an N-to-1 boolean
function. Is there any way to show that there is no subset of key bits
whose parity is a good linear approximation of the function?
--
Mike Stay
Cryptographer / Pr
David Honig <[EMAIL PROTECTED]> writes:
> At 09:26 PM 8/16/99 -0700, Eric Rescorla wrote:
>
> >A horribly embarrasing packaging oversight has been fixed. Alpha 1
> >included test-only code that always verified every signature
> >on a certificate as true.
>
> Well, at least some of your testing
At 2:00 PM -0400 on 8/19/99, [EMAIL PROTECTED] wrote:
> Title: Hackers, Consultants Embrace Secure Tool
> Resource Type: News Article
> Date: 08/16/99
> Source: Computer World
> Author: Ann Harrison
> Keywords: SECURITY,ENCRYPTION ,HACKER/SECURITY ,CONSULTANTS
>
> Abstract/Summary:
In the Aug 16 '99 EETimes, there are several articles
about software radios. These have analog front ends,
and after down-conversion are digital. This lets you
deal with complex back-compatability/protocol/DSP improvement/legal issues
flexibly.
The FCC is flipping out, considering how to regula
John,
Have you heard about this PECSENC recommendation cited
by Dorothy Denning? I've written the PECSENC administrator
about getting the recommendation. That's Jason Gomberg
<[EMAIL PROTECTED]>. Could you try from your end?
Thanks, John
--
Date: Fri, 20 Aug 1999 13:49:07 -0400
From: [EMAIL
27 matches
Mail list logo
