Re: Re: Cookies at XML Europe 2004 -- Call for Participation

To: Rich Salz <rsalz@d...>
Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
From: John Cowan <cowan@m...>
Date: Thu, 8 Jan 2004 08:12:10 -0500
Cc: xml-dev@l...
In-reply-to: <Pine.LNX.4.44L0.0401080742070.11874-100000@s...>
References: <20040108115451.GP31886@m...> <Pine.LNX.4.44L0.0401080742070.11874-100000@s...>
User-agent: Mutt/1.3.28i

Play the video

Rich Salz scripsit:

> > Very true, although eventually those certificates will expire, and then
> > you need a new browser, in which case I've got you.
> 
> No, because the old CA can sign a new CA certificate.  If I have that, and
> I have the new self-signed certificate, I have a trust path.  

Just because I trust CA1, doesn't mean I trust any CAs that they have
perhaps foolishly decided to trust.  The exposure of transitive CA trust is
much greater than simple trust.

> CA can just sign something that says "key nnnnnn is the new public key of
> this CA."

Fair enough.

> As for 2617, I dislike the dictionary attack, especially since it uses
> weak user-chosen passwords which are historically easy to guess.  

Actually, there is nothing in 2617 that says the passwords must be
user-chosen.  On www.reutershealth.com, all passwords are chosen by us,
sent to the user out of band, and forgotten.  Unfortunately, we still
have to use basic authentication, but since we hold no privacy-sensitive
data about anyone, we consider that sufficiently secure.

> But given SSL, I don't see a compelling need for it; do you?

It's considerably more lightweight.  It isn't always necessary or
commercially sensible to use the strongest grade of protection.

-- 
John Cowan  jcowan@r...  www.ccil.org/~cowan  www.reutershealth.com
I must confess that I have very little notion of what [s. 4 of the British
Trade Marks Act, 1938] is intended to convey, and particularly the sentence
of 253 words, as I make them, which constitutes sub-section 1.  I doubt if
the entire statute book could be successfully searched for a sentence of
equal length which is of more fuliginous obscurity. --MacKinnon LJ, 1940

References:
- Re: Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@m...>
- Re: Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@d...>

Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call forParticipation
Next by Date: Re: Why is xml:base a URI *reference*?
Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: RE: xml editor to design forms
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >