On Fri, Nov 4, 2011 at 11:35 PM, Marsh Ray wrote:
> On 11/04/2011 09:19 PM, Watson Ladd wrote:
>>
>> On Fri, Nov 4, 2011 at 8:01 PM, Julian Yon wrote:
>>>
>>> What if the GET request can be anything innocuous (e.g. robots.txt,
>>> index.html) and a valid document is sent back. But the headers inc
On 11/04/2011 09:19 PM, Watson Ladd wrote:
On Fri, Nov 4, 2011 at 8:01 PM, Julian Yon wrote:
What if the GET request can be anything innocuous (e.g. robots.txt,
index.html) and a valid document is sent back. But the headers include
an ETag derived in some way from the document content (or just
Julian Yon writes:
> On 04/11/11 21:37, Watson Ladd wrote:
>> On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom wrote:
>>> | Should the client send a string of the form "GET
>>> | /?q=correct+horse+battery+staple\r\n\r\n" instead of an AUTHORIZE
>>> | cell, where "correct+horse+battery+staple" is a
On Fri, Nov 4, 2011 at 8:01 PM, Julian Yon wrote:
> On 04/11/11 21:37, Watson Ladd wrote:
>> On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom wrote:
>>> | Should the client send a string of the form "GET
>>> | /?q=correct+horse+battery+staple\r\n\r\n" instead of an AUTHORIZE
>>> | cell, where "corre
On 04/11/11 21:37, Watson Ladd wrote:
> On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom wrote:
>> | Should the client send a string of the form "GET
>> | /?q=correct+horse+battery+staple\r\n\r\n" instead of an AUTHORIZE
>> | cell, where "correct+horse+battery+staple" is a semi-plausible search
>> |
Here is the letter I wrote to the SHA-3 mailing list, followed by
replies from Jon Callas and John Kelsey.
---
From: Zooko O'Whielacronx
Folks:
You might be interested in this discussion on the tor-dev mailing list
about a new crypto protocol for Tor:
https://lists.torproject.org/pi
On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom wrote:
> On 2011-11-04, George Kadianakis wrote:
>>
>> Filename: 189-authorize-cell.txt
>> Title: AUTHORIZE and AUTHORIZED cells
>> Author: George Kadianakis
>> Created: 04 Nov 2011
>> Status: Open
>>
>> 1. Overview
>>
>> Proposal 187 introduced th
On 2011-11-04, George Kadianakis wrote:
>
> Filename: 189-authorize-cell.txt
> Title: AUTHORIZE and AUTHORIZED cells
> Author: George Kadianakis
> Created: 04 Nov 2011
> Status: Open
>
> 1. Overview
>
>Proposal 187 introduced the concept of the AUTHORIZE cell, a cell
>whose purpose is to m
On Nov 4, 2011, at 12:14 AM, Markku-Juhani O. Saarinen wrote:
>
> From: Jon Callas
>
>> People should get off of 80-bit crypto as soon as is reasonably possible.
>> This means RSA 1024, SHA-1, etc. NIST recommended doing this by the end of
>> 2010, but are now holding their nose and saying t
On 2011-11-04, Robert Ransom wrote:
> On 2011-11-04, George Kadianakis wrote:
>>To avoid problems associated with the human condition, schemes
>>based on public key cryptography and certificates can be used. A
>>public and well tested protocol that can be used as the basis of a
>>
On 2011-11-04, George Kadianakis wrote:
>
> Filename: 190-password-bridge-authorization.txt
> Title: Password-based Bridge Client Authorization
> Author: George Kadianakis
> Created: 04 Nov 2011
> Status: Open
>
> 1. Overview
>
>Proposals 187 and 189 introduced the AUTHORIZE and AUTHORIZED cel
Filename: 190-password-bridge-authorization.txt
Title: Password-based Bridge Client Authorization
Author: George Kadianakis
Created: 04 Nov 2011
Status: Open
1. Overview
Proposals 187 and 189 introduced the AUTHORIZE and AUTHORIZED cells.
Their purpose is to make bridge relays scanning res
Filename: 189-authorize-cell.txt
Title: AUTHORIZE and AUTHORIZED cells
Author: George Kadianakis
Created: 04 Nov 2011
Status: Open
1. Overview
Proposal 187 introduced the concept of the AUTHORIZE cell, a cell
whose purpose is to make Tor bridges resistant to scanning attacks.
This is a
Hi, Robert! Hi, Jon!
As usual, please take me not as being "That fellow who is a pompous
ass and says things that aren't true" but rather as "that fellow who
knows that he is probably wrong about some stuff, and doesn't know a
better way to find out what he's wrong about than getting corrected."
On Fri, Nov 4, 2011 at 9:24 AM, Ian Goldberg wrote:
> On Fri, Nov 04, 2011 at 01:01:09PM +, Robert Ransom wrote:
>> I have also seen parameters for an Edwards curve equivalent to
>> Curve25519; we will need the Edwards-curve parameters in order to
>> implement point addition efficiently in con
On 11/04/2011 01:39 AM, Jon Callas wrote:
It's certainly laudable to worry about TLAs with ASICs. They probably
can't break 80-bit crypto yet, but that's why you need to get off of
it now.
On the other hand, no TLA worth their salt is buying ASICs to crack
crypto. They are buying zero-day kerne
On 11/04/2011 08:01 AM, Robert Ransom wrote:
On 2011-11-03, Jon Callas wrote:
However, the safe, sane thing to do is use SHA-256.
SHA-256 sucks unnecessarily on 64-bit processors. Our fast relays are
64-bit.
It may be worth mentioning the newly-standardized SHA-512/256 here. This
is not
On Fri, Nov 04, 2011 at 01:01:09PM +, Robert Ransom wrote:
> I have also seen parameters for an Edwards curve equivalent to
> Curve25519; we will need the Edwards-curve parameters in order to
> implement point addition efficiently in constant time for our EC
> signature scheme.
Hmm? curve2551
On 2011-11-03, Jon Callas wrote:
> Zooko forwarded a hash question over to the SHA-3 competition mailing list,
> and mentioned the discussion that has been going on here. He's going to
> forward over comments that I made and John Kelsey made. Nonetheless, I'd
> like to offer some comments on what
From: Jon Callas
> People should get off of 80-bit crypto as soon as is reasonably possible.
> This means RSA 1024, SHA-1, etc. NIST recommended doing this by the end of
> 2010, but are now holding their nose and saying that 2013 is the real new
> date.
Absolutely agree. The 80-bit figure wa
20 matches
Mail list logo
