• To: John Cowan <cowan@m...>
• Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: Rich Salz <rsalz@d...>
• Date: Thu, 8 Jan 2004 07:45:48 -0500 (EST)
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <20040108115451.GP31886@m...>

> Very true, although eventually those certificates will expire, and then
> you need a new browser, in which case I've got you.

No, because the old CA can sign a new CA certificate.  If I have that, and
I have the new self-signed certificate, I have a trust path.  Or the old
CA can just sign something that says "key nnnnnn is the new public key of
this CA."

As for 2617, I dislike the dictionary attack, especially since it uses
weak user-chosen passwords which are historically easy to guess.  Other
than that, I agree it's pretty good if anyone used it.  But given SSL, I
don't see a compelling need for it; do you?
	/r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

• Follow-Ups:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: John Cowan <cowan@m...>

• References:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: John Cowan <cowan@m...>

• Prev by Date: Re: Why is xml:base a URI *reference*?
• Next by Date: Re: Why is xml:base a URI *reference*?
• Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread