Re: BrinCity 2.0: Mayor outlines elaborate camera network for city
-BEGIN TYPE III ANONYMOUS MESSAGE- Message-type: plaintext R. A. Hettinga ([EMAIL PROTECTED]) wrote on 2004-09-10: Critics say the cameras ought not be regarded as a panacea in crime fighting. They say the more there are, the greater the potential for abuse. So, since this is titled BrinCity, it surely means that the image streams will be available from a web site and that we the people get cameras in the emergency response center and the mayor's office? -END TYPE III ANONYMOUS MESSAGE-
Re: potential new IETF WG on anonymous IPSec
At 12:57 PM 9/9/2004, Hal Finney wrote: http://www.postel.org/anonsec To clarify, this is not really anonymous in the usual sense. Rather it is a proposal to an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection. The new proposal would let connections go forward using a straight Diffie-Hellman type exchange without authentication. It also proposes less authentication of IP message packets, covering smaller subsets, as an option. I read the draft, and I don't see how it offers any improvement over draft-ietf-ipsec-internet-key-00.txt or Gilmore's proposal touse open secret as a not-very-secret pre-shared secret that anybody who wants to can accept. It does introduce some lower-horsepower alternatives for authenticating less than the entire packet, and suggests using AH which I thought was getting rather deprecated these days, but another way to reduce horsepower needs is to use AES instead of 3DES. Also, the author's document discusses protecting BGP to prevent some of the recent denial-of-service attacks, and asks for confirmation about the assertion in a message on the IPSEC mailing list suggesting E.g., it is not feasible for BGP routers to be configured with the appropriate certificate authorities of hundreds of thousands of peers. Routers typically use BGP to peer with a small number of partners, though some big ISP gateway routers might peer with a few hundred. (A typical enterprise router would have 2-3 peers if it does BGP.) If a router wants to learn full internet routes from its peers, it might learn 1-200,000, but that's not the number of direct connections that it has - it's information it learns using those connections. And the peers don't have to be configured rapidly without external assistance - you typically set up the peering link when you're setting up the connection between an ISP and a customer or a pair of ISPs, and if you want to use a CA mechanism to certify X.509 certs, you can set up that information at the same time. Bill Stewart [EMAIL PROTECTED]
Re: potential new IETF WG on anonymous IPSec
Bill Stewart wrote: At 12:57 PM 9/9/2004, Hal Finney wrote: http://www.postel.org/anonsec To clarify, this is not really anonymous in the usual sense. Rather it is a proposal to an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection. The new proposal would let connections go forward using a straight Diffie-Hellman type exchange without authentication. It also proposes less authentication of IP message packets, covering smaller subsets, as an option. I read the draft, and I don't see how it offers any improvement over draft-ietf-ipsec-internet-key-00.txt or Gilmore's proposal touse open secret as a not-very-secret pre-shared secret that anybody who wants to can accept. That is part of the solution, but not all, as noted below. It does introduce some lower-horsepower alternatives for authenticating less than the entire packet, and suggests using AH which I thought was getting rather deprecated these days, but another way to reduce horsepower needs is to use AES instead of 3DES. That is corrected in draft-touch-tcp-antispoof, which contains the BGP focus of anonsec-00; anonsec-01 (to appear in about 2 weeks) focuses on just the anonsec portion of 00. Also, the author's document discusses protecting BGP to prevent some of the recent denial-of-service attacks, and asks for confirmation about the assertion in a message on the IPSEC mailing list suggesting E.g., it is not feasible for BGP routers to be configured with the appropriate certificate authorities of hundreds of thousands of peers. Routers typically use BGP to peer with a small number of partners, though some big ISP gateway routers might peer with a few hundred. (A typical enterprise router would have 2-3 peers if it does BGP.) If a router wants to learn full internet routes from its peers, it might learn 1-200,000, but that's not the number of direct connections that it has - it's information it learns using those connections. And the peers don't have to be configured rapidly without external assistance - you typically set up the peering link when you're setting up the connection between an ISP and a customer or a pair of ISPs, and if you want to use a CA mechanism to certify X.509 certs, you can set up that information at the same time. Thanks for that input; the claim that BGP in core Internet routers required intractible setup for TCP-MD5 has been refuted by experience noted during the TCPM WG meeting in San Diego as well. This section of tcp-antispoof will be updated accordingly. Joe Bill Stewart [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
A nice little dose of pop conspiracy theory...
Actually, despite some of the fairly dubious what about this! points, there are some things that are a little unsettling. No way that's a Boeing 757, and it's not like they can just lose one (ie, there should have been one unaccounted for). And I was unaware of the possibility that the FBI had quickly confiscated tapes that would show the 'plane' more clearly. So for what it's worth... http://pixla.px.cz/pentagon.swf -TD _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Call for 'hackers' to try to access voting machines draws stern warning
At 7:56 AM -0700 9/11/04, Major Variola (ret) wrote: The No paper trail, no trust coalition In St. Thomas, of course, it's No paper trail, no trus' mon. ;-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Call for 'hackers' to try to access voting machines draws stern warning
t 06:59 PM 9/10/04 -0400, R. A. Hettinga wrote: http://www.virginislandsdailynews.com/index.pl/article?id=7181775 Call for 'hackers' to try to access voting machines draws stern warning The warning came after Elections officials received a faxed document last week stating that a $10,000 cash award would be offered to anyone who can successfully hack into electronic voting machines to prove whether vote tallies can be changed. Sounds like a good idea for social hacking in the States, too. The No paper trail, no trust coalition needs only a bit of typesetting and some glue to make the point. Art is not a crime. Political sarcasm is art. I'm surprised that flyers haven't appeared in SF yet; art is not just for the playa. Even better, give Diebold's URL on the flyer...
Re: BrinCity 2.0: Mayor outlines elaborate camera network for city
At 12:50 PM 9/11/04 +0200, Nomen Nescio wrote: So, since this is titled BrinCity, it surely means that the image streams will be available from a web site and that we the people get cameras in the emergency response center and the mayor's office? Is adultery a crime in Chicago? Given the predilication for peripheral pussy by those in power, the cameras could be used to track them. Conspiracy to commit a crime is also a crime. Who knows, Gary Condit's concubine might still be aerobic had there been enough cameras on the ingress points to various buildings. Hey, its in public view. All those homebodies with computers could help keep the public safe. They're not using crypto to keep the publicly funded, public images from public scrutiny, are they? What do they have to hide? .Wear light colored burkhas to survive the thermal flash.. aluminized fabrics preferred
Re: A nice little dose of pop conspiracy theory...
On Sat, 2004-09-11 at 10:34, Tyler Durden wrote: Actually, despite some of the fairly dubious what about this! points, there are some things that are a little unsettling. No way that's a Boeing 757, and it's not like they can just lose one (ie, there should have been one unaccounted for). And I was unaware of the possibility that the FBI had quickly confiscated tapes that would show the 'plane' more clearly. So for what it's worth... http://pixla.px.cz/pentagon.swf Interesting stuff. The plane in the Pentagon camera shots is definitely no 757. Question is, where did the flight 77 equipment (the 757 that supposedly crashed into the Pentagon) finally end up? -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not Progress, like reality, is not optional. - R. A. Hettinga SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: Perplexing proof
--- Major Variola (ret) [EMAIL PROTECTED] wrote: Can someone explain how finding regularity in the distribution of primes would affect any modexp() system? Suppose that you have a function F(i) which gives you the i-th prime. Since the PK systems (eg RSA, DH) use *randomness* to pick primes, how does being able to generate the i-th prime help? It doesn't affect security of RSA. It only speeds up primality testing. Sarath. __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
