Re: [therightkey] Barely-capable CAs
Jon Callas <jon@callas.org> Sat, 03 November 2012 00:52 UTC
Return-Path: <jon@callas.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 670C41F0C91 for <therightkey@ietfa.amsl.com>; Fri, 2 Nov 2012 17:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TePiVD851aNc for <therightkey@ietfa.amsl.com>; Fri, 2 Nov 2012 17:52:44 -0700 (PDT)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 449A61F0C5F for <therightkey@ietf.org>; Fri, 2 Nov 2012 17:52:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 634F012AD309 for <therightkey@ietf.org>; Fri, 2 Nov 2012 17:52:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Er8gKKWHa3E for <therightkey@ietf.org>; Fri, 2 Nov 2012 17:52:41 -0700 (PDT)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id E44C812AD2FE for <therightkey@ietf.org>; Fri, 2 Nov 2012 17:52:40 -0700 (PDT)
Received: from [10.0.23.14] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Fri, 02 Nov 2012 17:52:41 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 02 Nov 2012 17:52:41 -0700
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <5092B8C4.3070607@cs.tcd.ie>
Date: Fri, 02 Nov 2012 17:52:39 -0700
Message-Id: <B627CB9C-CDB2-436C-88AC-6E69219A2BA4@callas.org>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D3FBAE8@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAOuvq22PMSq2sAmUBfJcWu6LhEdCA3jKteu38m4UuHbykp7xZw@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D5FC685@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <6DD8CB4F-1233-403D-A27E-F3F80310390F@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D5FC79B@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <508A48C5.9070005@comodo.com> <544B0DD62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com> <CAMm+LwjQiJ3aWpAYdy1hxtf09Sf=4g9AO=r-PihSPVkc8PMLkg@mail.gmail.com> <5092B 8C4.3070607@cs.tcd.ie>
To: therightkey@ietf.org
X-Mailer: Apple Mail (2.1499)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2012 00:52:44 -0000
On Nov 1, 2012, at 11:00 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote: >> Having worked in Web security over 20 years now, I have still to see a case >> where a system was breached because of a really subtle design flaw. > > Bleichenbacher? Maybe. By the time Bleichenbacher was actually an issue, a number of us had been screaming for years. I suppose you can say that it was really subtle because the people concerned about it weren't listened to. But that has its own ick factor, too. Everything that people don't believe is subtle. Is it subtle that you shouldn't be using 1024 bit RSA keys? 512? Jon
- [therightkey] Certrans BoF planning Paul Hoffman
- [therightkey] Call for agenda items for certrans … Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Erwann Abalea
- Re: [therightkey] Impact on issue processes Rick Andrews
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rick Andrews
- [therightkey] Other solutions to the problem Paul Hoffman
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Chris Palmer
- Re: [therightkey] Other solutions to the problem Yoav Nir
- Re: [therightkey] Other solutions to the problem Rob Stradling
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Call for agenda items for certr… Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Leif Johansson
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Stephen Farrell
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Phillip Hallam-Baker
- Re: [therightkey] Other solutions to the problem Ben Laurie
- [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Lucy Lynch
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rick Andrews
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Stephen Farrell
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Nico Williams
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Martin Rex
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker