Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Space Patrol Unsatisfactory (Score 1) 180

We have several security measures, so it is not possible to make a good forgery. However a significant proportion of our £1 coins are conspicuous forgeries and still circulate, so a forgery doesn't need to be good to be viable. I'm pretty sure that starch-free paper with the same handling feel would be enough to pass muster for many purposes, if you could get a photocopier to work with them.

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

Again: I am unaware of any auditing requirements. What auditing do you believe takes place, who is placing the requirements, and what is your source for this information?

In respect of dual signature, the key word is "green" - this would be appropriate for validated domains such as banks, not necessarily for all hosts.

An advantage of a WoT model is that it is possible to give partial trust to different signers, and set a policy to trust a site once there are enough partially trusted supporters for it. This means that the system need not be fragile to a lapse in a single signer. At base though, you can have something exactly equivalent to the current single-signer model by issuing the root public certificates for the current CAs with the operating system.

Comment Re:Like all One-Size-Fits-All approaches.. (Score 1) 243

As far as I know, it is not true to say that CAs are audited, and in fact there are well-known problems with CAs signing stuff that they shouldn't.

An advantage of the web of trust model is that you can incorporate CAs as parties that you trust (exactly as for the current model), but you can also require multiple signatures, which as far as I know is not possible with the current model. You might, for instance, require that two of the current CAs have signed a certificate before it lights up as "green" in a browser URL bar.

Comment Why is googlecode used? (Score 1) 179

I use NoScript. The demo site requires code from googlecode.com to be permitted. While the Javascript provided by Google may be innocuous, I would personally not make this assumption. I don't think that it would be possible for it to get the private key, but I would suspect that it would do datamining which would reveal the email addresses in use.

Comment Re:I guess the Vatican doesn't want (Score 1) 323

First of all, you're forgetting where the Bible even comes from [catholicapologetics.info]. The Bible is not the sole rule of faith, was never intended to be...

The church existed before the New Testament was written - yes. However that does not mean that the Roman church was responsible for its production, or the that the various writers agreed with the emerging traditions of Rome. The gospel of Matthew, for instance, appears to have been written by and for Jewish Christians, and in ch 15 (part of the Sermon on the Mount) clearly states that all of the existing Law still applies to Christians - a view diametrically opposed to that of Paul (Peter appears to have swithered on this question, according to Acts).

Comment Re:In other words (Score 0) 517

No, the difference is that the economy of the US depends on continual borrowing, both for funding, and to control some aspects of the economy by setting the interest rate. If the US printed too much currency, existing bonds (loans) would become devalued, which would make it much more expensive to take out new loans, which is done several times per year. Hence no US govt would want to print its way out of trouble.

Comment Re:Why the fuck does a PIN pad get the bank detail (Score 1) 162

That's not how a GSM SIM works (I am working on a couple of SIM products). Firstly, most of them don't have crypto coprocessors. Secondly, the PIN (or PIN2) doesn't wake anything up. Entering the PIN is required to get access to some of the files on the SIM, so it's more like entering a password the first time you use sudo. However there have been proposals for SIM toolkit financial applications which would work roughly as you describe.

Comment Re:E-mail address? (Score 1) 135

SMS was not invented to be email, and came in when fax was more common than email. In fact it was invented for engineers rolling out mobile phone infrastructure so that they could communicated before voice was fully up and working. It's bodged in to a signalling protocol, which is why there is a 160 byte limit - that's all that would fit into the frame, and for the original application it wasn't worth putting in concatenation. Then it was used as one-way notification from the network to the handset, primarily to tell you that you had voicemail. Eventually send-capable phones became available. I bought a Nokia 2110 to be able to send SMS - one of the earliest adopters. Now get off my lawn, kids!

Slashdot Top Deals

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...