On Sun, Mar 16, 2008 at 11:27 PM, Michael Sierchio <[EMAIL PROTECTED]> wrote:
> David Schwartz wrote:
>
> > You have to have absolute trust in any entity that will generate or store
> your private key. Thus you can trust any information in it -- anyone who
> could put in bogus information could
David Schwartz wrote:
You have to have absolute trust in any entity that will generate or store your
private key. Thus you can trust any information in it -- anyone who could put
in bogus information could give away your key to strangers. (By absolute trust,
I mean with respect to anything yo
> David's apparent statement is "the person trusting the time is the
> person generating the key."
> Michael's apparent idea is "if you're generating it and including it
> in the key format, then you're making an assertion which must
> trustable by people other than the person generating the key."
Kyle Hamilton wrote:
On Sun, Mar 16, 2008 at 10:44 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
The issue is 'who is trusting what?'
David's
On Sun, Mar 16, 2008 at 10:57 PM, Michael Sierchio <[EMAIL PROTECTED]> wrote:
> David Schwartz wrote:
>
> > If you can't trust the system that generates and stores your private key,
> you're screwed anyway. So I don't see that this argument has any validity.
>
> A timestamp is not an attribute o
On Sun, Mar 16, 2008 at 10:44 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> If you can't trust the system that generates and stores your private key,
> you're screwed anyway. So I don't see that this argument has any validity.
The issue is 'who is trusting what?'
David's apparent statement
David Schwartz wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
A timestamp is not an attribute of a private key. It's utterly
irrelevant. If your purpose is to require that new certif
> > I have argued many times that not including the creation date
> in every private key data format was a *huge* mistake.
> Furthermore --
> How do you know what time it is? How do I know you know what time
> it is? Do I trust you to put the correct time, or even a monotically
> increasing
David Schwartz wrote:
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of "one key and one key only" in the systems
design or implementation. I can't remember who coined the phrase, but
it's not "good crypto hygeine".
I have argued many times that n
Main, James J Civ USAF AMC DET 3 AMCAOS/DOHJ wrote:
Is there a driver available for MAC using ActivClient CAC 6.1? If so
where is it available.
Hey, Jim -
does ActivClient present itself as a cryptosystem service, a la
PKCS#11 or Microsoft's Smart Card interface?
Regards.
- Michael
___
David Schwartz wrote:
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of "one key and one key only" in the systems
design or implementation. I can't remember who coined the phrase, but
it's not "good crypto hygeine".
I have argued many times that n
Patrick Patterson wrote:
Actually, what you care about are the keys associated with the certificate.
For encryption, you've got content that is encrypted with the public key, and
decryptable only with the private key. Since the certificate is your public
key signed by some Certificate Authorit
> Arguably, you shouldn't do it even once, because it's extremely easy
> to fall into the pattern of "one key and one key only" in the systems
> design or implementation. I can't remember who coined the phrase, but
> it's not "good crypto hygeine".
I have argued many times that not including the
I use VS2005 to create a private RSA key. But I always get the error from the
file setmode.c line 58: Expression: (_osfile(fh)&FOPEN) --Debug assertion
failed
RSA *r =NULL;
int bits=512;
unsigned long e=RSA_3;
FILE *privateKeyFile;
r=RSA_generate_key(bits,e,NULL,NULL);
fopen_s
Hello,
I ceated the debug version of ssleay32.dll and libeay32.dll. I have an
application compiled with VS2005 (MTD). How can I link the source code of
Openssl to my application with VS2005?
Thanks!
_
Express yourself instantly w
On Sunday 16 March 2008, David Schwartz wrote:
> > Doesn't what you suggest create a headache? Every time I want to
> > decrypt an
> > old message I sent or I received, or a file, I will need to
> > change the mail
> > client configuration and point it to another private key.
>
> One would hope yo
On Sat, Mar 15, 2008 at 11:36 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
> For example, suppose I create a public/private keypair that I don't think
> anyone can break for 50 years. If I make the certificate valid for 30 years
> because of this, it would obviously be a bad idea to keep the sa
Hello Mick:
Mick wrote:
> Yes it does. Keeping the same private key and generating new public key with
> it seems to be a sensible thing to do from a practical point of view.
>
Be careful - first of all - you can't "generate a new public key" - you
can generate a new certificate request, but
> Doesn't what you suggest create a headache? Every time I want to
> decrypt an
> old message I sent or I received, or a file, I will need to
> change the mail
> client configuration and point it to another private key.
One would hope your mail client will allow you to keep any number of k
19 matches
Mail list logo
