xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: John Cowan <cowan@mercury.ccil.org>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: Rich Salz <rsalz@datapower.com>
Date: Thu, 8 Jan 2004 07:45:48 -0500 (EST)
Cc: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
In-reply-to: <20040108115451.GP31886@mercury.ccil.org>

> Very true, although eventually those certificates will expire, and then
> you need a new browser, in which case I've got you.

No, because the old CA can sign a new CA certificate.  If I have that, and
I have the new self-signed certificate, I have a trust path.  Or the old
CA can just sign something that says "key nnnnnn is the new public key of
this CA."

As for 2617, I dislike the dictionary attack, especially since it uses
weak user-chosen passwords which are historically easy to guess.  Other
than that, I agree it's pretty good if anyone used it.  But given SSL, I
don't see a compelling need for it; do you?
	/r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

Follow-Ups:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>

References:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>

Prev by Date: Re: [xml-dev] Why is xml:base a URI *reference*?
Next by Date: Re: [xml-dev] Why is xml:base a URI *reference*?
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread