also just a very off topic topic:
what if a trusted CA issued a *.* cert? for those of you who don't know,
that would be valid everywhere (even if the session was hjacked) but again,
very off topic, back to the topic at hand :D
*Riley Childs*
*Library Technology Manager at Charlotte United Christian Academy
<http://cucawarriors.com/>*
*Head Programmer/Manager at Open Library Management Projec
<http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>*
*Cisco Certified Entry Level Technician *
_________________________
*Phone: +1 (704) 497-2086*
*email: [log in to unmask] <[log in to unmask]>*
*email: [log in to unmask] <[log in to unmask]>*
*Twitter: @RowdyChildren <http://twitter.com/rowdychildren>*
On Tue, Nov 12, 2013 at 7:56 PM, Riley Childs <[log in to unmask]> wrote:
> Is there a donate button somewhere? the only hurdle I see now is finding
> some to maintain the cert, and coming up with the money, maybe we could put
> a check box on the conference sign up form, like chip in $10 for a SSL
> Cert?
> Also, once again I ask how do you normally take this sort of poll deal? I
> would assume it would just be a roll call (like I vote yes in a series of
> emails)
> Once again my recommendation for a cert provider is DigiCert, they will
> cover both the wiki and site (plus *.code4lib.org) for about $475 a year
> (or they have a single cert for $159)
>
> *Riley Childs*
> *Library Technology Manager at Charlotte United Christian Academy
> <http://cucawarriors.com/>*
> *Head Programmer/Manager at Open Library Management Projec
> <http://openlibman.sf.net/>t <http://openlibman.sourceforge.net/>*
> *Cisco Certified Entry Level Technician *
> _________________________
>
> *Phone: +1 (704) 497-2086 <%2B1%20%28704%29%20497-2086>*
> *email: [log in to unmask] <[log in to unmask]>*
> *email: [log in to unmask] <[log in to unmask]>*
> *Twitter: @RowdyChildren <http://twitter.com/rowdychildren>*
>
>
>
>
> On Tue, Nov 12, 2013 at 7:28 PM, Simon Spero <[log in to unmask]> wrote:
>
>> On Mon, Nov 4, 2013 at 1:45 PM, Ethan Gruber <[log in to unmask]> wrote:
>>
>> > NSA broke it already
>>
>>
>> SSL was born into lossage. After Netscape decided to go it alone, the
>> first version they came back with used RC4... with the same symmetric key
>> in both directions... At EIT I did a Proof of Concept attack using the
>> initial lack of binding between DNS name and X.500 certificate (this was
>> funded on the DARPA MADE project grant).
>>
>> All this was done at a time when the guestimate of a ~1 Public Key
>> Operation per second.
>>
>> On a late 2011 macbook pro ( Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz )
>>
>> openssl speed -multi 8 rsa2048 gives a throughput of 3124.2
>> signatures.second, and 97561.0 verifications.
>>
>> For Symmetric AES, the same hardware gives the throughput listed below.
>>
>> The 'numbers' are in 1000s of bytes per second processed.
>>
>> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
>> bytes
>>
>> aes-128 cbc 427093.88k 451648.30k 460755.99k 462780.42k
>> 459068.76k
>>
>> aes-192 cbc 352143.17k 368399.83k 370499.48k 371674.11k
>> 371816.40k
>>
>> aes-256 cbc 299224.85k 309780.08k 301863.34k 286403.36k
>> 286261.25k
>> In other words: the cpu cost ain't not thang.
>>
>> There is an recurrent cost for a server certificate, but I'm sure that
>> this
>> could be obtained from the usual suspects (Mellon, OCLC, Kilgour, or
>> Stanford). Somebody has to responsible for renewing certificates before
>> they expire (same sort of work as making sure the DNS domains don't
>> expire).
>>
>> Simon
>>
>
>
|