Sharon Hezy writes:
> -->(1) You need to check the MAC which only appears at the end of
> -->the record.
>
> Is it right that you still can say that maximum *SSL* record size (not TCP)
> is about 16K - I don't remember the exact number, but this is the maximum
> size of encrypted block as defi
"Zamangoer, Ferruh" <[EMAIL PROTECTED]> writes:
> I want know what are advantages and disadvantages of different secure
> methods . Where can I read something about that. Currently I'am using SSL to
> secure my data over the network, it's really slow . But which advantages and
> disadvantages hav
Hello to you both.
Eric, I have a question regarding what you said (just for interest):->
look below...
-->-Original Message-
-->From: Eric Rescorla [mailto:[EMAIL PROTECTED]]
-->Sent: Fri, June 07, 2002 4:20 PM
-->To: [EMAIL PROTECTED]
-->Subject: Re: fragmentation
-->
-->
-->"Oleg Tys
Hi all,
I want know what are advantages and disadvantages of different secure
methods . Where can I read something about that. Currently I'am using SSL to
secure my data over the network, it's really slow . But which advantages and
disadvantages have the SASL Framwork . Do anybody know, where I
I need to verify a signature present in an Attribute Certificate (so it's not a standard X.509 certificate). The verifier public key is in a X509 standard certificate (in PKCS#7 format). Can you tell me where I can find the documentation to do it and what are the API required? (if you have some lin
Hi,
Where/How can I find the openssl.exe (application file) in the 0.9.6a
version?
Thanks
Daniela
--
Daniela Prestipino
[EMAIL PROTECTED]
I.D.S.,
Informatica Distribuita e Software srl
Via Consolare Pompea 19
98168 Messina ITALIA
Tel.: +39 90 353638
Fax : +39 90
> > 1) short lived certs
> > 2) CRL's published at regular intervals.
> >
> > both involve a regularly-signed short-lived objects.
>
> Errr - OCSP?
last year we implemented a system that used DNS (with security extensions)
to distribute ceritificate validity information (among other things)
On Sun, 09 Jun 2002 21:36:08 EDT, Keith Moore said:
> > Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
> > The worms are out of the can, and I suggest anybody who wants to fight
> > this battle order at least a 4-sizes-larger can
>
> these particular worms are still in
On Sun, 09 Jun 2002 20:57:58 EDT, Keith Moore said:
> assuming that you can keep the folks who control the TLDs from trying
> to sell themselves as authoritative CAs for those TLDs, I mostly agree.
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the ca
Correction: A single global rooted PKI is a bad idea, a single global (in
the namespace sense, not a single system) PKI database where we can look up
certificates is a good idea.
At 07:39 PM 6/9/2002 -0400, Keith Moore wrote:
> > I was wondering if the best system to build a global PKI woul
> Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
> The worms are out of the can, and I suggest anybody who wants to fight
> this battle order at least a 4-sizes-larger can
these particular worms are still in the can, and it's probably better
for everyone if they stay t
> Correction: A single global rooted PKI is a bad idea, a single global (in
> the namespace sense, not a single system) PKI database where we can look up
> certificates is a good idea.
assuming that you can keep the folks who control the TLDs from trying
to sell themselves as authoritative CAs f
> I was wondering if the best system to build a global PKI wouldn't be the
> DNS system already in place?
A global PKI is a Bad Idea. Nobody is sufficiently trustworthy to be the
root CA.
Keith
__
OpenSSL Project
13 matches
Mail list logo
