Ian Grigg [EMAIL PROTECTED] 12/20/2003 12:15:51 PM
One of the (many) reasons that PKI failed is
that businesses simply don't outsource trust.
Of course they do. Examples:
DB and other credit reporting agencies.
SEC for fair reporting of financial results.
International Banking Letters of
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
Ben Laurie wrote:
Ian Grigg wrote:
What is the source of the acronym PAIN?
Lynn said:
... A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
I.e., its provenance?
Google shows only a few hits, indicating
it is not
At 03:03 PM 12/21/2003 -0800, Seth David Schoen wrote:
Some people may have read things like this and mistakenly thought that
this would not be an opt-in process. (There is some language about
how the user's platform takes various actions and then responds to
challenges, and perhaps people
William Arbaugh wrote:
David Wagner writes:
As for remote attestion, it's true that it does not directly let a remote
party control your computer. I never claimed that. Rather, it enables
remote parties to exert control over your computer in a way that is
not possible without remote
Ben, Carl and others,
At 18:23 21/12/2003, Carl Ellison wrote:
and it included non-repudiation which is an unachievable,
nonsense concept.
Any alternative definition or concept to cover what protocol designers
usually refer to as non-repudiation specifications? For example
non-repudiation of
Let's just leave the term non-repudiation to be used by people who don't
understand security, but rather mouth things they've read in books that
others claim are authoritative. There are lots of those books listing
non-repudiation as a feature of public key cryptography, for example,
and
From: Carl Ellison [EMAIL PROTECTED]
Some TPM-machines will be owned by people who decide to do what I
suggested: install a personal firewall that prevents remote attestation.
How confident are you this will be possible ? Why do you think the
remote attestation traffic won't be passed
At 07:34 PM 12/22/2003 -0700, Ed Reed wrote:
Of course they do. Examples:
DB and other credit reporting agencies.
SEC for fair reporting of financial results.
International Banking Letters of Credit when no shared root of trust
exists.
Errors and Ommissions Professional Liability insurance for
| We've met the enemy, and he is us. *Any* secure computing kernel
| that can do
| the kinds of things we want out of secure computing kernels, can also
| do the
| kinds of things we *don't* want out of secure computing kernels.
|
| I don't understand why you say that. You can build
Ed Reed wrote:
Ian Grigg [EMAIL PROTECTED] 12/20/2003 12:15:51 PM
One of the (many) reasons that PKI failed is
that businesses simply don't outsource trust.
Of course they do. Examples:
DB and other credit reporting agencies.
SEC for fair reporting of financial results.
Rich Salz wrote:
The IP2Location(TM) database contains more than 2.5 million records for all
IP addresses. It has over 95 percent matching accuracy at the country
level. Available at only US$499 per year, the database is available via
download with free twelve monthly updates.
And
At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
That's an interesting definition, but you're describing a constraint on the
behavior of a human being. This has nothing to do with cryptosystem choice
or network protocol design. What mechanisms do you suggest for enforcing
even the constraint
13 matches
Mail list logo
