1st amend applies to video games
A federal appeals court panel has struck down a law that restricted children's access to violent video games, giving the software the same free-speech protection as that for works of art. A panel of the 8th Circuit Court of Appeals ruled Tuesday that a St. Louis County, Mo., ordinance that bans the rentals or sales of graphically violent video games to minors violates free-speech rights. In doing so, the panel reversed a ruling by the U.S. District Court for the Eastern District of Missouri and ordered the lower court to craft an injunction that would prohibit the ordinance from taking effect. In Tuesday's ruling, the panel decided that if the paintings of Jackson Pollock, the music of Arnold Schoenberg and the Jabberwocky verse of Lewis Carroll are protected by the First Amendment, then video games should be, too. http://news.com.com/2100-1043_3-1012882.html?tag=lh
Re: Maybe It's Snake Oil All the Way Down
Eric Murray [EMAIL PROTECTED] writes: Too often people see something like Peter's statement above and say oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML instead and then it'll work fine which is simply not true. The formatting of the certificates is such a minor issue that it is lost in the noise of the real problems. And Peter publishes a fine tool for printing ASN.1, so the human readable argument is moot. Actually, the ASN.1 part is a major factor in the X.509 interoperability problems. Different cert vendors include different extensions, or different encodings. They put different information into different parts of the certificate (or indeed the same information into different parts). Does the FQDN for a server cert belong in the DN or some extension? What about the email address for a user cert? Note that there isn't a real running global PKI using SPKI or PGP either. That's a different problem (namely that the big guys like RSA Security, Microsoft, and Verisign don't sell PGP-enabled software or PGP certificates). PGP's problem is an integration problem, making it easy to use for non-techies. That has been the barrier to entry for PGP. The largest problem with X.509 is that various market/political forces have allowed Verisign to dominate the cert market and charge way too much for them. There is software operable by non-cryptographers that will generate reasonable cert reqs (it's not standard Openssl) but individuals and corporations alike balk at paying $300-700 for each cert. (yes I know about the free individual certs, the failure of S/MIME is a topic for another rant). This is only part of the problem... It is not all of it. Indeed the cost (both in money, time, and headache) has always been a barrier to entry. I don't believe that market or political forces are the largest problem with X.509 I will certainly agree that the cost is a major impediment. The question is: how do we convince M$ and Netscape to include something else in their software? If it's not supported in IE, then it wont be available to the vast majority of users out there. -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com
Re: Maybe It's Snake Oil All the Way Down
Derek Atkins [EMAIL PROTECTED] writes: Eric Murray [EMAIL PROTECTED] writes: Too often people see something like Peter's statement above and say oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML instead and then it'll work fine which is simply not true. The formatting of the certificates is such a minor issue that it is lost in the noise of the real problems. And Peter publishes a fine tool for printing ASN.1, so the human readable argument is moot. Actually, the ASN.1 part is a major factor in the X.509 interoperability problems. Different cert vendors include different extensions, or different encodings. They put different information into different parts of the certificate (or indeed the same information into different parts). Does the FQDN for a server cert belong in the DN or some extension? What about the email address for a user cert? This isn't really true in the SSL case: To a first order, everyone ignores any extensions (except sometimes the constraints) and uses the CN for the DNS name of the server. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/
Re: Maybe It's Snake Oil All the Way Down
On Wed, Jun 04, 2003 at 07:15:13PM -0400, John Kelsey wrote: | At 03:50 PM 6/3/03 -0700, Eric Blossom wrote: | ... | GSM and CDMA phones come with the crypto enabled. The crypto's good | enough to keep out your neighbor (unless he's one of us) but if you're | that paranoid, you should opt for the end-to-end solution. The CDMA | stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 | second worst case to gather data sufficient to solve 42 equations in | 42 unknowns, but again, what's your threat model? Big brother and | company are going to get you at the base station... | | Big brother has a limited budget, just like the rest of us. If he has to | produce a warrant or tap a wire somewhere to listen in on me, he probably | won't bother. | | The only thing protecting my cellphone calls right now is trivially-broken | encryption, the need for some moderately expensive equipment, and some laws | prohibiting cellphone eavesdropping. That means that some bad guys may be | eavesdropping now, and there's no telling how many bad guys will be doing | so tomorrow. Nobody here knows how much eavesdropping is being done, More bad guys will be listening tomorow, because SDR and Moore's law will drive down the cost. At some point, we'll hit a knee in the curve, and cell phones will be either made more secure, or we'll live with the fact that all our calls are being listened to, much like the Brits are always on video. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume