>Now, if the discussion can be steered to how Mozilla's crypto can succeed at
>becoming as popular as Skype may be, WITHOUT it having to resort to
>- closed source,
>- proprietary designs (restricted intellectual property),
>- being a closed system with no interoperability,
>that may be worthwhile
Anders Rundgren wrote:
That there should be as you claim mainly a "UI problem" is an opinion
that has some support in the literature ("Jonny can't encrypt"),
but I feel that it is much deeper than that; security should probably
as in the case of Skype be transparent, not needing any UI at all.
I
On 12/05/2008 03:20 PM, Anders Rundgren:
I doubt that Ian promotes the things you claim he does.
The tone and arguments highly suggests exactly that.
That there should be as you claim mainly a "UI problem" is an opinion
that has some support in the literature ("Jonny can't encrypt"),
but I
Eddy Nigg wrote:
>Nelson wrote:
>> Now, in contrast to that, I have been led to believe that Skype's:
>> - protocols, security designs and parameters are proprietary, secret, have
>> not been openly published, and thus not subjected to public scrutiny
>> - components are all proprietary. Their cli
Anders Rundgren wrote:
This is BTW not too different to PayPal which I guess works so well
because it owns the entire customer-base and doesn't have to mess
with other competing/collaborating partners.
Ahhh... Paypal :) Now there is a poignant example.
Paypal is awful. Its security is woefu
Nelson wrote:
>> For me, the purpose of this debate is finding out what users can expect from
>> Mozilla by way of security.
>The answers to that quest probably include these properties:
>- open, openly specified, not secret,
>- inner workings subjected to public scrutiny.
>- security claims indep
Anders Rundgren wrote:
Nelson B Bolyard wrote:
I have contacts in the former Soviet Union who claim that Russian banks
now routinely require PKI hardware for authentication as a condition of
online banking.
How sad that I live is a nation that is such a technological back-water. :)
It sure
Nelson B Bolyard wrote:
>I have contacts in the former Soviet Union who claim that Russian banks
>now routinely require PKI hardware for authentication as a condition of
>online banking.
>How sad that I live is a nation that is such a technological back-water. :)
It sure is. The US is about the
I wish I could wave my hands and say "it's a non-issue" like you.
Unfortunately, I'm the one who has to try to explain how to use these
things. Unfortunately, I'm the one who has to deal with the tech support
calls. When I can't figure it out (and I've been trying for over a decade),
how the fuck
Just to clarify: I also see a lot of practical problems to be solved
when encrypting/signing e-mails. And I supported real end-users doing
so. But these are not caused by S/MIME (or PGP) standards itself.
Ian G wrote:
* it has no open + effective key distribution mechanism. (I exclude
the L
Michael Ströder wrote:
Anders Rundgren wrote:
Ian G wrote:
=> Encrypting/signing must be made a business requirement in contracts.
That's the whole point. And there's no technical solution for it.
That's as close to a perfect dilemma as I've come across! It's not a
business requirement, so
Ian G wrote:
Michael Ströder wrote:
Ian G wrote:
Michael Ströder wrote:
Anders, that's not the real problem with S/MIME or PGP.
Encrypting/signing is simply not a business requirement.
...
=> Encrypting/signing must be made a business requirement in
contracts. That's the whole point. And th
Michael Ströder wrote:
Ian G wrote:
Michael Ströder wrote:
Anders, that's not the real problem with S/MIME or PGP.
Encrypting/signing is simply not a business requirement.
...
=> Encrypting/signing must be made a business requirement in
contracts. That's the whole point. And there's no techn
Anders Rundgren wrote:
Ian G wrote:
=> Encrypting/signing must be made a business requirement in contracts.
That's the whole point. And there's no technical solution for it.
That's as close to a perfect dilemma as I've come across! It's not a
business requirement, so we must make it a busin
Ian G wrote:
Michael Ströder wrote:
Anders, that's not the real problem with S/MIME or PGP.
Encrypting/signing is simply not a business requirement.
...
=> Encrypting/signing must be made a business requirement in
contracts. That's the whole point. And there's no technical solution
for it.
Ian G wrote:
>> => Encrypting/signing must be made a business requirement in contracts.
>> That's the whole point. And there's no technical solution for it.
>That's as close to a perfect dilemma as I've come across! It's not a
>business requirement, so we must make it a business requirement ...
Michael Ströder wrote:
Anders, that's not the real problem with S/MIME or PGP.
Encrypting/signing is simply not a business requirement.
...
=> Encrypting/signing must be made a business requirement in contracts.
That's the whole point. And there's no technical solution for it.
That's as clos
Anders Rundgren wrote:
I want each organization/domain entity that can afford an SSL certificate to
become a virtual CA and run their own secure messaging center. Based on
the SSL certificate they can use whatever issuance policies they feel
comfortable
with as long as they keep inside of their
Anders Rundgren wrote, On 2008-11-23 09:15:
> Nelson B Bolyard wrote.
>>> I want each organization/domain entity that can afford an SSL certificate
>>> to become a virtual CA and run their own secure messaging center.
>
>> Why SSL certs? why not email certs?
>
> Could it be the fact that the SS
Nelson B Bolyard wrote.
>> I want each organization/domain entity that can afford an SSL certificate
>> to become a virtual CA and run their own secure messaging center.
>Why SSL certs? why not email certs?
Could it be the fact that the SSL PKI exists?
Email certs is a nice idea that requires
Anders Rundgren wrote:
Ian,
For me at least secure messaging means authenticated messaging as well.
Sure, your choice. For me, security is an overall economic equation.
Sometimes this suggests security as unauthenticated, encrypted
messaging, sometimes not :)
Here is the current Firefo
Anders Rundgren wrote, On 2008-11-22 08:33:
> I want each organization/domain entity that can afford an SSL certificate
> to become a virtual CA and run their own secure messaging center.
Why SSL certs? why not email certs?
Is it because you think that a secured IM service would be based on SS
On 11/22/2008 07:29 PM, Anders Rundgren:
Ian,
For me at least secure messaging means authenticated messaging as well.
Here is the current Firefox solution to certificate distribution.
http://demo.webpki.org/mozkeygen
This serves only for authentication. Hopefully you aren't including
email si
Ian,
For me at least secure messaging means authenticated messaging as well.
Here is the current Firefox solution to certificate distribution.
http://demo.webpki.org/mozkeygen
I don't know what Eddy and Jabber intends to do but it must be something
similar.
Anders
- Original Message -
Anders Rundgren wrote:
Ian,
I hope you don't mind but I limit my response to a single core topic.
:)
So from this, I gather you want: scalability + distribution.
Absolutely.
Do you want no center(s) at all?
I want each organization/domain entity that can afford an SSL certificate to
b
Ian,
I hope you don't mind but I limit my response to a single core topic.
<>
>So from this, I gather you want: scalability + distribution.
Absolutely.
>Do you want no center(s) at all?
I want each organization/domain entity that can afford an SSL certificate to
become a virtual CA and run t
n B Bolyard" <[EMAIL PROTECTED]>
To: "mozilla's crypto code discussion list"
Sent: Saturday, November 22, 2008 12:11
Subject: Re: Creating a Global User-level CA/Trust Infrastructure for
SecureMessaging
Anders Rundgren wrote, On 2008-11-22 02:12:
> The following is relate
27 matches
Mail list logo
