> If this solution would solve the problem in such an easy way, why isn't
> it already in use for more than a decade? Recent studies going at task
> with those accessing SSH servers have shown that most users simple edit
> their known_hosts file - those people are way more knowledgeable than
> the
On 02/21/2010 04:11 AM, Nguyễn Đình Nam:
I think you didn't look closely at my description.
The intrusion detection servers track the changes of certificates
belong to a host name over time, reported by user agent software
around the world, this is just like "Perspectives". If there is one
time t
> 1. How do you secure the connection to the perspectives server?
The software to be released with predefined intrusion detection
servers, each comes with it's own X.509 certificate, should be self
signed. It's a kind of "Auditive" mechanism, by using it, we should be
suspicious of any CA, so we wo
On 02/21/2010 03:10 AM, Jean-Marc Desperrier:
On 20/02/2010 03:25, Eddy Nigg wrote:
Apache performs a renegotiation when none is needed when configuring
client authentication at a particular location, is there a logical
explanation for that? Or even considered correct implementation?
Yes, ther
On 20/02/2010 03:25, Eddy Nigg wrote:
Apache performs a renegotiation when none is needed when configuring
client authentication at a particular location, is there a logical
explanation for that? Or even considered correct implementation?
Yes, there's a logical explanation and Apache is doing n
On 2010-02-20 08:46 PST, Nguyễn Đình Nam wrote:
[yet another promotion of "perspectives"]
Questions/issues:
1. How do you secure the connection to the perspectives server?
(This is a recursive problem)
2. How do you avoid false reports for the multiple servers that legitimately
claim to be th
On 2010-02-18 03:06 PST, Michael Ströder wrote:
> I'm using Seamonkey 2.0.3 under Linux. Is there a way to list and tweak the
> cached S/MIME capabilities for certain recipients?
There is no way to list them, at present. There could be. It just doesn't
exist. As for "tweaking" them, they get t
On 2010-02-19 00:01 PST, Marty wrote:
> For anyone who might have cared, it looks like this is a case of missing
> some of the Firefox DLLs from my program's search path. It looks
> (behavior-wise... haven't checked the code) like the OS/2-specific code
> for the dynamic loader in SECMOD_AddNe
I forget to mention, I aware there are two similar mechanisms:
"Perspectives": http://www.cs.cmu.edu/~perspectives/firefox.html
"Certificate Patrol": https://addons.mozilla.org/en-US/firefox/addon/6415
According to my analysis, my proposed mechanism has following
advantages:
* Easier to use: no in
Background
Recently I have read the problem of Mozilla and CNNIC. Many years ago,
I was a cryptography researcher, I worked on this problem when my
country – Vietnam – started working on a central PKI. Vietnam is
similar to China, the possibility of being cheated by rogue
certificates created under
10 matches
Mail list logo
