Re: New Chips Can Keep a Tight Rein on Consumers
Pete Chown [EMAIL PROTECTED] writes: Peter Gutmann wrote: Actually I'm amazed no printer vendor has ever gone after companies who produce third-party Smartchips for remanufactured printer cartridges. This sounds like the perfect thing to hit with the DMCA universal hammer. There is no copyright issue, though. The DMCA only bans circumvention devices that relate to copyrighted content. If the vendor required it, how long do you think it would take their lawyers to figure out a way in which some sort of copyright was involved somewhere, and it could therefore be hit with the DMCA hammer? Thus the universal hammer comment, you can define almost anything you want to be a copyright violation if it suits your purposes. My guess on this one (and IANAL) is that reading the instruction codes sent from the host would be the user-definable copyright violation for third-party Smartchips. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Boing Boing Blog] More sharp notes on Palladium
--- begin forwarded text Status: U To: [EMAIL PROTECTED] From: Cory Doctorow [EMAIL PROTECTED] Mailing-List: list [EMAIL PROTECTED]; contact [EMAIL PROTECTED] Date: Sat, 06 Jul 2002 11:13:25 -0700 Subject: [Boing Boing Blog] More sharp notes on Palladium Reply-To: [EMAIL PROTECTED] http://groups.yahoo.com/ http://groups.yahoo.com/mygroupsMy Groups | http://groups.yahoo.com/group/boingboing-mailblogboingboing-mailblog Main Page Seth has posted further, in-depth notes about our meeting with Microsoft's Palladium team, going into great detail about the technical workings and intentions of the system -- and there's no Latin in sight this time! The closer you look at Palladium, the more civil liberties implications begin to surface. Again, Seth is the likely most technical person to have received a briefing like this without signing an NDA; his notes are lucid, accurate and well-informed. When you want to start a Palladium PC in trusted mode (note that it doesn't have to start in trusted mode, and, from what Microsoft said, it sounds like you could even imagine booting the same OS in either trusted or untrusted mode, based on a user's choice at boot time), the system hardware performs what's called an authenticated boot, in which the system is placed in a known state and a nub is loaded. A hash (I think it's SHA-1) is taken of the nub which was just loaded, and the 160-bit hash is stored unalterably in the PCR, and remains there for as long as the system continues to operate in trusted mode. Then the operating system kernel can boot, but the key to the trust in the system is the authentication of the nub. As long as the system is up, the SCP knows exactly which nub is currently running; because of the way the CPU works, it is not possible for any other software to modify the nub or its memory or subvert the nub's policies. The nub is in some sense in charge of the system at a low level, but it doesn't usually do things which other software would notice unless it's asked to. http://vitanuova.loyalty.org/2002-07-05.htmlLink http://www.quicktopic.com/boing/H/5Dxg3vRyNkY6Discuss -- Posted by Cory Doctorow to http://boingboing.net/Boing Boing Blog at 7/6/2002 11:13:23 AM Powered by http://pro2.blogger.comBlogger Pro To unsubscribe from this group, send an email to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the http://docs.yahoo.com/info/terms/Yahoo! Terms of Service. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Korea Mandates Digital Certificates
http://www.koreaherald.com/SITE/data/html_dir/2002/07/04/200207040023.asp Monday, July 8, 102 Official digital certificates needed Starting next year all Internet-based financial transactions will require users to possess official cyber certificates and digital signatures, the Financial Supervisory Service (FSS) said yesterday. The financial watchdog said that the new measures were being introduced to ensure security and accountability in cyber exchanges. The move also conforms to the government's efforts to digitalize its services. The introduction of the new system is designed to protect transactions from being compromised, ascertain the identity of users, and make it impossible for people to claim that they did not make transactions that turned out to be unfavorable, said an FSS official. The official said that that the existing certificates provided to banks and financial institutions will have to be converted into official certificates provided by the Korea Financial Telecommunications and Clearance Institute (KFTC) by May 2003. He also said that the KFTC will only issue official certificates for financial institutions interested in starting Internet banking services from Sept. 1. The KFTC oversees electronic funds transfers and digital payment systems and is responsible for yessign, a certification service that gives Internet transactions legal validity and protection under the digital signature law. The FSS, in addition, said that people who have been able to conduct Internet-banking by using the conventional ID name and password system will also have to have digital certificates from May of next year. The supervisory body said that once an official certificate is obtained, the holder will be able to use it to conduct Internet banking, online stock trading, and arrange cyber insurance deals. The digital certificates will also allow people to file complaints or suggestions to the various government ministries and take part in government bids. Meanwhile, people can apply for an official digital certificate by submitting requests to financial institutions that have contracts for cyber trading with the KFTC, Korea-Stock, the Korea Information Certificate Authority Inc., CrossCert Inc., and KTNet Co. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Quantum Computing Puts Encrypted Messages at Risk
http://www.ecommercetimes.com/perl/printer/18490/ NewsFactor Network Technology's Home Page Quantum Computing Puts Encrypted Messages at Risk By Tim McDonald www.NewsFactor.com, Part of the NewsFactor Network July 08, 2002 http://www.newsfactor.com/perl/story/18490.html Given that quantum computers will provide an enormous power boost, encryption experts believe that current standards for encryption, which are based on computational difficulty, will then fall. In the world of quantum computing and encryption, the question of which will come first, quantum computing or quantum encryption, is very important. In fact, it is vital. If quantum computing comes first, chaos will reign, since most of security systems installed by the world's vital institutions, including banking, commerce and government, have come to depend on current encryption methods -- which would instantly become archaic. The boost in computing power offered by quantum computing would make many of the encryption security measures now in place obsolete. If advances in quantum encryption come first, quantum computers will be capable of performing lightning-fast mathematical calculations, and there is little doubt that many of today's mathematical obstacles will be easily solved. The problem is that some of those obstacles are the basis for today's encryption technology. Being Difficult Current encryption standards, including the Data Encryption Standard (DES), which is now largely being replaced by the Advanced Encryption Standard (AES), are based on computational difficulty. The idea is not that the codes are impossible to break; it is that they are impossible to break within a reasonble time, given today's resources. It would take millions of years of computer processing time to decrypt most messages sent via encyption, given the computing power now available. However, once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption security standards -- and any other standard based on computational difficulty -- will fall, experts believe. Breaking and Entering The problem is that if a powerful quantum computer were to spring into being tomorrow, all the assumed, unproven mathematical formulas that on which encryption depends could be broken. And it is easy to see the problems that would create, as encrypted messages sent by critical instituions such as banks and government agencies become easy to decipher. Now we have the challenge of turning quantum computation into an engineering reality, Isaac Chuang, former IBM researcher and now an MIT professor, told NewsFactor. If we could perform this calculation at much larger scales -- say the thousands of qubits required to factor very large numbers -- fundamental changes would be needed in cryptography implementations. Knock, Knock Classical cryptography already is becoming increasingly vulnerable to eavesdroppers. Take for example, the RSA algorithm, used in classic cryptosystems to ensure that no one but the intended recipient is able to decipher the message. In a recent academic paper, University of Illinois-Chicago associate professor of mathematics Daniel Bernstein detailed a more efficient method of factoring large numbers that may put the RSA algorithm at risk. Bernstein's method would make it possible, he said, to fairly quickly factor public encryption keys as large as 1,024 bits derived from the RSA algorithm. Many of the security protocols currently in place routinely use keys much smaller than 1,024 bits, but some experts now are saying they consider keys as large as 1,024 bits to be compromised by new mathematical computing capabilities. Already in Use Quantum encryption to the rescue. Most people assume that the technology -- perhaps due to its cryptic name -- is one of those odd, far-out sciences that theorists love to love but which will have no practical application in the foreseeable future. Others are betting that quantum encryption will save the day for security applications. Between the intrinsic weaknesses of classic cryptography and the advanced research and development -- both commercial and academic -- that is being conducted around the globe, quantum encryption will be a widespread security tool sooner than you may think, Andy Hammond, a spokesperson for quantum information processing (QIP) company MagiQ Technologies, told NewsFactor. The need for a product that provides perfect encryption is obvious, he added. Even as these questions are being asked, companies are evaluating and beginning to deploy quantum encryption as a security tool. It is already being used in some military and intelligence applications, and private concerns are scrambling to get in on the quantum ground floor. Coming Soon Hammond said that his company, scheduled for a public launch this September, will have a commercially available solution in 2003. The Somerville, Massachusetts-based company is developing a prototype
Sun to Unveil Liberty Identity Management Tools
http://online.wsj.com/article_print/0,,SB102625213031520,00.html The Wall Street Journal July 10, 2002 E-COMMERCE Sun-Backed Body Is Set To Unveil New Web Tools By REBECCA BUCKMAN Staff Reporter of THE WALL STREET JOURNAL The war over Web standards between Microsoft Corp. and rival Sun Microsystems Inc. appears to be cooling off a bit, with both companies moving ahead with new initiatives and, in some cases, working together to try to make more money from e-commerce. One big milestone will reached Monday, when a Sun-backed group called the Liberty Alliance finally unveils new technical specifications for online identity management systems. The specifications -- which have been hammered out by Sun and about 40 other large companies, including UAL Corp.'s United Airlines and General Motors Corp. -- can be downloaded free from the Internet starting next week. The new tools are important because they are the building blocks upon which companies can build new services that allow consumers to move easily among Web sites without having to repeatedly identify themselves with a new password. United, for example, might use the specifications to link parts of its Web site to those of business partners, such as another airline or a rental-car company, said Eric Dean, United's chief information officer and the chairman of the Liberty group. That might allow people to easily make multiple reservations for a trip. Microsoft is promoting its own online-identity service, called Passport, and hasn't joined the Liberty group. Sun actually started Liberty in response to some Microsoft moves last year to expand Passport and use it as the basis for new businesses. But Mr. Dean said services built on Liberty's technology could ultimately work with Passport, and Liberty continues to talk to Microsoft about joining the group. He is also heartened by Sun's recent decision to support a related Web-security initiative, known as WS-Security, recently submitted to a Web-standards body by Microsoft, International Business Machines Corp. and VeriSign Inc. Sun's decision to cooperate with the initiative kind of shocked all of us, said Rob Enderle, an analyst with Giga Information Group. He said the continuing technology recession, which is crimping revenue at even the biggest companies, may have contributed to Sun's decision. A Sun spokesman said Sun is supporting WS-Security mainly because the specification will be free for companies to license, something Sun says was unclear when IBM and Microsoft introduced it. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
TPM cost constraint [was: RE: Revenge of the WAVEoid]
Bill wrote: At 10:07 PM 06/26/2002 -0700, Lucky Green wrote: An EMBASSY-like CPU security co-processor would have seriously blown the part cost design constraint on the TPM by an order of magnitude or two. Compared to the cost of rewriting Windows to have a infrastructure that can support real security? Maybe, but I'm inclined to doubt it, especially since most of the functions that an off-CPU security co-processor can successfully perform are low enough performance that they could be done on a PCI or PCMCIA card, without requiring motherboard space. Upon re-reading the paragraph I wrote, I can see how the text might have been ambiguous. I was trying to express that there was a cost constraint on the part. Adding the cost of an EMBASSY or SEE environment to the purchase of every new PC is more than the market for bare-bones or even mid-range PC's will bear. --Lucky - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DMCA + ROT13 + Smashmouth Lawyer Strong Crypto
In general, we no longer need strong crypto. DMCA plus ROT13 and a smashmouth lawyer suffices. -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: 7/6/02 1:47 AM Subject: Re: New Chips Can Keep a Tight Rein on Consumers Pete Chown [EMAIL PROTECTED] writes: Peter Gutmann wrote: Actually I'm amazed no printer vendor has ever gone after companies who produce third-party Smartchips for remanufactured printer cartridges. This sounds like the perfect thing to hit with the DMCA universal hammer. There is no copyright issue, though. The DMCA only bans circumvention devices that relate to copyrighted content. If the vendor required it, how long do you think it would take their lawyers to figure out a way in which some sort of copyright was involved somewhere, and it could therefore be hit with the DMCA hammer? Thus the universal hammer comment, you can define almost anything you want to be a copyright violation if it suits your purposes. My guess on this one (and IANAL) is that reading the instruction codes sent from the host would be the user-definable copyright violation for third-party Smartchips. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: New Chips Can Keep a Tight Rein on Consumers
John S. Denker[SMTP:[EMAIL PROTECTED]] wrote: Peter Gutmann wrote: Actually I'm amazed no printer vendor has ever gone after companies who produce third-party Smartchips for remanufactured printer cartridges. This sounds like the perfect thing to hit with the DMCA universal hammer. I wonder if there's a good reason for this? Why is this particular field immune? I don't know the whole story, and I don't know anything for sure, but here's a hypothesis and a starting point: Expand the acronym DMCA to discover the word copyright. IANAL but: As a rule, copyrights aren't supposed to be used to protect functionality; that's what patents are for. Reverse engineering in general remains legal ... not just laissez-faire legal, but actually protected by the fair-trade laws. DMCA carves out an exception in the case of reverse engineering that promotes violation of copyrights. A micron-by-micron copy of the smartchip would be a violation of somebody's plain-old non-DMCA copyright in the mask, but a clone that reproduces the functionality is fair game. You might wonder about a hypothetical next step: printer vendors could put some crypto in the system (so that every smartchip would _need_ to have a copy of the key) and then invoke copyright on the key. IANAL but that might be asking for trouble. 0) Copyrights are not supposed to be used to protect functionality, as discussed above. 1) Printer vendors aren't analogous to DVD vendors, because the latter have intellectual property rights in the content, long recognized by law, which they are allowed to protect. Preventing piracy is a _perfectly legal_ limitation on trade. In contrast, printer makers have far fewer recognized rights in the ink. Trying too hard to mess up the aftermarket in ink might be considered an _illegal_ restraint of trade. 2) Related point: The printer vendors claim that the chips are there merely to provide necessary functionality, which is legal. Court action against somebody who didn't copy anything but the key would put the lie to this claim. And then you would have questions about the legality of the chips; see item (1). There's related legal precedent, but I'm too lazy to look up the details. Over 10 years ago a game console manufacturer 'Foo' (Nintendo? Atari?) sued an independent game cartridge manufacturer, claiming copyright infringement in that the console checked that a specific location in the cartridge contained the string Copyright (c) Foo Inc. The console maker lost; the judge ruled that including the string was neccesary for perfectly legal compatibility reasons. (I note that it was also only visible to the console, not to the consumer). This seems quite appropos to the printer cartridge situation, but IANAL. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Ross's TCPA paper
On Fri, 5 Jul 2002, AARG!Anonymous wrote: ... / Right, and you can boot untrusted OS's as well. Recently there was discussion here of HP making a trusted form of Linux that would work with the TCPA hardware. So you will have options in both the closed source and open source worlds to boot trusted OS's, or you can boot untrusted ones, like old versions of Windows. The user will have more choice, not less. ... / Nonsense. Let us remember what Palladium is: Palladium is a system designed to enable a few large corporations and governments to run source secret, indeed, well-encrypted, code on home user's machines in such a way that the home user cannot see, modify, or control the running code. The Orwellian, strictly Animal Farmish, claim runs: Why it is all just perfectly OK, because anyone can run source secret, well encrypted, code in an uncontrolled manner on anyone's machine at will! We are all equal, it is just that some, that is, We the Englobulators, will in practice get to run source secret, well-encrypted, code on hundreds of millions of users' machines while you, you will never run such code on anybody else's machine except at a hobbyists' fair, precisely to demonstrate we are all equal.. There are other advantages to Palladium: No free kernel will ever freely boot on a Palladium machine. And there is more. If Palladium is instituted: Microsoft will support the most vicious interpretation of the DMCA and press for passage of the SSSCA, in order that the first crack does not prove to the world that Palladium cannot prevent all copyright infringement. Microsoft will be able to say See, it is these GNU/BSD/XFree/Sendmail/Apache/CLISP folk who are causing all this dreadful copyright infringement. Why owning a non-Palladium machine should be declared, no, not illegal, we are not monsters after all, but probative evidence that the owner is an infringer, and more, a general infringer and a member of the Copyright Infringement Conspiracy. Why some of them even write such code as the well known, and in CIC circles, widely used, tool of infringement called 'cp'. Senator, I know you will be as shocked as I was when I learned what 'cp' stands for. It stands for 'copy'. And I do not mean safe Englobulator-Certified Fair Use Copying, such as is provided by the Triple X Box, which, for a reasonable license fee, allows up to six copy-protected copies to be made before settling of accounts and re-certification of the Box over the net. No, I mean, raw, completely promiscuous copying of any file on the machine, as many times as the infringer wishes. Without record, without payment to the artist, without restraint. Senator, I prefer to call cp 'The Boston Strangler', because that is exactly what it is. And every single non-Palladium operating system in the world comes with cp already loaded, loaded and running.. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FC: Politech challenge: Decode Al Qaeda stego-communications!
Where is the substantiated evidence? Where that news report lacks in facts, it makes up for with entertainment. Of course terrorists are communicating via Web sites. Lots of people communicate via the Web. The only person publicly searching for hidden terrorist messages hasn't found any. And he's using sound analytical techniques. See http://www.citi.umich.edu/u/provos/stego/ -Kevin Militants wire Web with links to jihad http://www.usatoday.com/news/world/2002/07/10/web-terror-cover.htm Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com. Most of the messages have been sent from Internet cafes in Pakistan and public libraries throughout the world. An eBay spokesperson did not return phone calls. The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Pointers to Palladium Patent...
A correction on the inventors of the alleged Palladium patent from a Microsoft programmer: - Subject: Correction to cryptome.org Date: Mon, 8 Jul 2002 17:07:45 -0700 From: John DeTreville [EMAIL PROTECTED] To: [EMAIL PROTECTED] Are you a good contact person for the information on the Microsoft DRM patent (6,330,670) on cryptome.org? The pages linked from http://cryptome.org/ms-drm-os.htm say that the authors of this patent (England, DeTreville, and Lampson) were identified by Newsweek as Palladium programmers. I can reliably state that I (DeTreville) am not a Palladium programmer, and neither is Butler Lampson. I believe that the Newsweek article was referring to a different patent. I'm sure that the Palladium participants jointly hold a significant number of important patents in the field of computer security. Cheers, John - This message has been added to the file at: http://cryptome.org/ms-drm-os.htm We would appreciate information on the alternative Palladium patent John DeTreville is referring to, or patents if the program is based on several. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IP: SSL Certificate Monopoly Bears Financial Fruit
-- On 6 Jul 2002 at 9:33, R. A. Hettinga wrote: Thawte has now announced a round of major price increases. New cert prices appear to have almost doubled, and renewals have increased more than 50%. While Thawte proclaims this is their first price increase in five years, this comes at a time when we should be seeing *increased* competition and *lower* prices for such virtual products, not such price increases. But of course, in an effective monopoly environment, it's your way or the highway, so this should have been entirely expected. IE comes preloaded with about 34 root certificate authorities, and it is easy for the end user to add more, to add more in batches. Anyone can coerce open SSL to generate any certificates he pleases, with some work. Why is not someone else issuing certificates? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FgD9xqiaNt/GIr99+cDvezUuY9K7pVf/sr8sYLtx 2U+1rnhprPRzvE4aLRCq4ADtyF4DDrnAKjbwHgbFn - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IP: SSL Certificate Monopoly Bears Financial Fruit
At 03:48 PM 7/10/2002 -0700, [EMAIL PROTECTED] wrote: -- On 6 Jul 2002 at 9:33, R. A. Hettinga wrote: Thawte has now announced a round of major price increases. New cert prices appear to have almost doubled, and renewals have increased more than 50%. [...] Why is not someone else issuing certificates? See http://www.securityspace.com/s_survey/sdata/200206/certca.html for recent data re SSL certificate market share; Geotrust, at http://www.geotrust.com, has 11% of the market, and appears (from their web pages; I haven't bought one) to be ready to issue SSL server certs without the torturous document review process which Verisign invented but Thawte managed to make simultaneously more intrusive and less relevant. -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]