On Sat, 2003-12-20 at 09:03, Ian Grigg wrote:
What is the source of the acronym PAIN?
I.e., its provenance?
Google shows only a few hits, indicating
it is not widespread.
iang
I just tried
+security +pain +privacy +authentication +integrity
on alta vista and it claims to have over
Anne Lynn Wheeler wrote:
At issue in business continuity are business requirements for things like
no single point of failure, offsite storage of backups, etc. The threat
model is 1) data in business files can be one of its most valuable assets,
2) it can't afford to have unauthorized access
Bill Frantz wrote:
[I always considered the biggest contribution from Mondex was the idea of
deposit-only purses, which might reduce the incentive to rob late-night
business.]
This was more than just a side effect, it was also
the genesis of the earliest successes with smart
card money.
The
Carl Ellison wrote:
We see here a difference between your and my sides of the Atlantic. Here in
the US, almost no one has a smart card.
Of those cards you carry, how many are capable of doing public key
operations? A simple memory smartcard doesn't count for what we were
talking about.
I don't
Ian Grigg wrote:
What is the source of the acronym PAIN?
Lynn said:
... A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
I.e., its provenance?
Google shows only a few hits, indicating
it is not widespread.
bear wrote:
I really don't care if anyone *else* trusts my system; as
far as I'm concerned, their secrets should not be on my
system in the first place, any more than my secrets should
be on theirs.
The problem is that their secrets are Snow White, or the latest Oasis
album. You want them on your
Bill Frantz wrote:
One should note that TCPA is designed to store its data (encrypted) in the
standard file system, so standard backup and restore techniques can be
used.
Only if your box doesn't die.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no
Remote attestation has use in applications requiring accountability of
the user, as a way for cooperating processes to satisfy themselves
that
configurations and state are as they're expected to be, and not
screwed
up somehow.
There are many business uses for such things, like checking to see
if
At 03:03 AM 12/21/2003, Ian Grigg wrote:
What is the source of the acronym PAIN?
I've seen, for many years, the acronym CAIN, where the C is
Confidentiality. I think that was in the Orange Book.
There's also, historically, an R for Robustness or Reliability in many
military contexts, instead of
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
In the late nineties, the smart card world
worked out that each smart card was so expensive,
it would only work if the issuer could do multiple
apps on each card. That is, if they could share
the cost with different uses (or users).
Of course, at
William Arbaugh wrote:
On Dec 16, 2003, at 5:14 PM, David Wagner wrote:
Jerrold Leichter wrote:
We've met the enemy, and he is us. *Any* secure computing kernel
that can do
the kinds of things we want out of secure computing kernels, can also
do the
kinds of things we *don't* want out
A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
Sorry, Lynn, but I don't buy this.
It's missing replay prevention (freshness)
and it included non-repudiation which is an unachievable, nonsense concept.
If
-Original Message-
From: Anne Lynn Wheeler [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 21, 2003 6:42 AM
To: Carl Ellison
Cc: 'Anne Lynn Wheeler'; [EMAIL PROTECTED]
Subject: Re: The PAIN mnemonic
At 11:20 PM 12/20/2003 -0800, Carl Ellison wrote:
and it included
At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
That's an interesting definition, but you're describing a constraint on the
behavior of a human being. This has nothing to do with cryptosystem choice
or network protocol design. What mechanisms do you suggest for enforcing
even the constraint
Seth,
that was a very good and interesting reply. Thank you.
IBM has started rolling out machines that have a TPM installed. If
other companies do that too (and there might be others that do already -
since I don't follow this closely) then gradually the installed base of
--- begin forwarded text
Status: U
Date: Wed, 17 Dec 2003 22:16:57 -0800
To: MacDev-1 (Moderated) [EMAIL PROTECTED]
From: MacDev-1 Moderator [EMAIL PROTECTED]
Subject: IP2Location.com Releases Database to Identify IP's Geography
Sender: [EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL
http://online.wsj.com/article_print/0,,SB107210905212179600,00.html
The Wall Street Journal
December 22, 2003 11:25 a.m. EST
Norwegian DVD Hacker
Acquitted on Piracy Charges
Associated Press
OSLO, Norway -- Dealing another blow to the entertainment industry, an
appeals court on
On Sat, 20 Dec 2003, Ian Grigg wrote:
Bill Frantz wrote:
[I always considered the biggest contribution from Mondex was the idea of
deposit-only purses, which might reduce the incentive to rob late-night
business.]
...
The first smart card money system in the Netherlands
was a
Bill Stewart wrote:
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
In the late nineties, the smart card world
worked out that each smart card was so expensive,
it would only work if the issuer could do multiple
apps on each card. That is, if they could share
the cost with different uses
The IP2Location(TM) database contains more than 2.5 million records for all
IP addresses. It has over 95 percent matching accuracy at the country
level. Available at only US$499 per year, the database is available via
download with free twelve monthly updates.
And since the charge is
20 matches
Mail list logo
