On Fri, Jun 17, 2005 at 08:21:41AM -0600, Brant Thomsen wrote:
> The exchange below actually reflects what I think is the strongest argument
> against the proposed design change. Successful businesses always prefer
> what works to something new or innovative. With security, that tendency
> shoul
security experience.
Brant Thomsen
Sr. Software Engineer
Wavelink Corporation
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of coco coco
> Sent: Thursday, June 16, 2005 9:20 PM
> To: openssl-users@openssl.org
> Subject: RE: N
Hello coco,
coco coco wrote:
User's keys are escrowed in a central database, completely separated
from the application system (physically and logically, on a remote site).
The escrow database is encrypted with two keys (double encryption,
one on top of another). The two keys are kept in USB tok
Then perhaps your company should hire a security expert to design the
security. Defects in portability or performance are low-risk and easily
detected, and the cost scales with the time until a patch is deployed.
Security vulnerabilities are much more tricky and expensive to detect and
the
On Jun 16, 2005, at 11:47 PM, coco coco wrote:
For a shameless plug, this scheme is designed by myself. I'm giving
a brief description here, so you guys can help to see if that makes
sense.
[snip]
Yeah, I know, you have not seen the implementation, so not fair
to say if that's ok or not. Thi
I thought the problem was that you were using the same keypair
for encryption and signing. So that there really is only one key.
I know, the key escrow was designed when the requirements were
only for encryption only. Digital signature requirement was added when
the consultant got on board. S
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the organiz
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was t
Yes, Viktor... you are right. Two certificates with the same keys is ...
as you say
One of these days, I'll figure out how to write what I really mean, instead
of assuming that all readers have the same context as I do.
And that "retirement" was (how shall I put it) ... non-voluntary.
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
DS
__
On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote:
> Like the commentator, I'm also a little guy. In my case, I'm a retired guy
> who got his intro to this stuff from Entrust. I got convinced that their
> two (or more) -certificate solution was right, based upon the following:
>
You say
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the organizat
Like everyone else, I say this consultant doesn't know what he's
talking about (I'm tempted to ask you to tell me who it is, so I can
avoid him/her). Can I suggest a different line of attack, though?
It's obvious that confronting the consultant by calling bull doesn't
win you any points, so how
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
I got what you meant, sorry for not being clear. I meant there will be more
heated debate between us (the tec
In message <[EMAIL PROTECTED]> on Tue, 14 Jun 2005 00:14:54 -1000, "coco coco"
<[EMAIL PROTECTED]> said:
coconut_to_go> We called it bullshit, and were having a hot debate,
coconut_to_go> most people (the technical people) are opposed to that,
coconut_to_go> saying that there is nothing secure ab
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
DS
__
OpenSSL Project
Thanks all for replying. More heated debates I guess.
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
__
On Tue, Jun 14, 2005 at 12:14:54AM -1000, coco coco wrote:
> My apologies if this is not really an openssl question. Just want to get
> some ideas from the gurus here.
>
> There is this company (a so-called partner) which has hired an external
> security consultant to oversee the security of a
coco coco wrote:
My apologies if this is not really an openssl question. Just want to
get some ideas from the gurus here.
There is this company (a so-called partner) which has hired an
external security consultant to oversee the security of a project
which makes use of crypto quite heavily.
>If you want to separate the signature key from the encryption key, you
should have 2 keys, and not one key with 2 certificates.
Totally agreed - the reason for using key separation is that encryption keys
will (typically) have a shorter life time than signing keys (at least for
certificate valid
My apologies if this is not really an openssl question. Just want to get
some ideas from the gurus here.
There is this company (a so-called partner) which has hired an external
security consultant to oversee the security of a project which makes use of
crypto quite heavily. The security consul
21 matches
Mail list logo
