[146679] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS (was Re: Fwd:
daemon@ATHENA.MIT.EDU (ianG)
Fri Sep 6 16:21:03 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 06 Sep 2013 22:46:14 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <522A0DBC.4020203@mozilla.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 6/09/13 20:15 PM, Daniel Veditz wrote:
> On 9/6/2013 9:52 AM, Rapha=EBl Jacquot wrote:
>> To meet today=92s PCI DSS crypto standards DHE is not required.
>
> PCI is about credit card fraud.
So was SSL ;-) Sorry, couldn't resist...
> Mastercard/Visa aren't worried that
> criminals are storing all your internet purchase transactions with the
> hope they can crack it later; if the FBI/NSA want your CC number they
> can get it by asking.
That's what the crims do to, they ask for all the numbers, they don't =
bother much with SSL.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
