Microsoft info-cards to use blind signatures?
http://www.idcorner.org/index.php?p=88 The Identity Corner Stephan Brands I am genuinely excited about this development, if it can be taken as an indication that Microsoft is getting serious about privacy by design for identity management. That is a big if, however: indeed, the same Microsoft researcher who came up with the patent (hello Dan!) was also responsible for Microsoft e-cash patent no. 5,768,385 that was granted in 1998 but was never pursued. What a strange criticism of Microsoft! Here is something to know about patents: many companies file patents all the time. That doesn't mean they are committing to build a product around every patent they file. The fact that Microsoft hasn't pursued patent 5,768,385 tells you essentially nothing about what they are going to do with this patent. I wouldn't take patent filings as an indicator of intent or of future business strategy. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DTV Content Protection (fwd from [EMAIL PROTECTED])
Anonymous wrote: DTV Content Protection [...] Similar concepts are presented in http://apache.dataloss.nl/~fred/www.nunce.org/hdcp/hdcp111901.htm by Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song and David Wagner. This paper assumes (unlike Irwin) that attackers have access to the private keys of chosen devices. This is a questionable assumption [...] The final version of that paper is at http://www.cs.berkeley.edu/~daw/papers/hdcp-drm01.ps Quoting from the paper's conclusion section: To recover the center's master secret, an attacker needs 40 key pairs, and we point out a variety of ways to get them. An attacker can reverse engineer 40 different HDCP video software utilities, he can break open 40 devices and extract the keys via reverse engineering, or he can simply license the keys from the trusted center. According to the HDCP License Agreement, device manufacturers can buy 1 key pairs for $16000. Given these 40 spanning keys, the master secret can be recovered in seconds. So in essence, the trusted authority sells a large portion of its master secret to every HDCP licensee. The $16,000 figure is taken from page 21 of http://www.digital-cp.com/data/hdcp_license_agreement.pdf Of course, you have to sign an NDA, too, but I'm not sure whether that would deter a serious bad guy. So, in effect, the trusted center has agreed to sell its master secret for $16,000 and a promise. Thank you for your post. It was chock-full of interesting information -- particularly the bits about DTCP, which I had never seen before. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: What happened with the session fixation bug?
-- James A. Donald: PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected. However, the session fixation bugs http://www.acros.si/papers/session_fixation.pdf make https and PKI worthless against such man in the middle attacks. Have these bugs been addressed? On 20 May 2005 at 23:21, Ben Laurie wrote: Do they exist? Certainly any session ID I've ever had a hand in has two properties that strongly resist session fixation: a) If a session ID arrives, it should already exist in the database. b) Session IDs include HMACs. The way to beat session fixation is to issue a privileged and impossible to predict session ID in response to a correct login. If, however, you grant privileges to a session ID on the basis of a successful login, which is in fact the usual practice, you are hosed. The normal programming model creates a session ID, then sets variables and flags associated with that session ID in response to forms submitted by the user. To prevent session fixation, you must create the session ID with unchangeable privileges from the moment of creation. Perhaps you do this, but very few web sites do. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG en30AWb8dk9T67RFzUse67CG7ZHHoOHC5OR/mndW 4T4xroZR7GeKinK0sMRNQ+4Pdj6ApUEu4FCGDghE5 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Plan to Let F.B.I. Track Mail in Terrorism Inquiries
http://www.nytimes.com/2005/05/21/politics/21terror.html?ei=5065en=5515a53963929748ex=1117339200partner=MYWAYpagewanted=print The New York Times May 21, 2005 Plan to Let F.B.I. Track Mail in Terrorism Inquiries By ERIC LICHTBLAU WASHINGTON, May 20 - The F.B.I. would gain broad authority to track the mail of people in terror investigations under a Bush administration proposal, officials said Friday, but the Postal Service is already raising privacy concerns about the plan. The proposal, to be considered next week in a closed-door meeting of the Senate Intelligence Committee, would allow the bureau to direct postal inspectors to turn over the names, addresses and all other material appearing on the outside of letters sent to or from people connected to foreign intelligence investigations. The plan would effectively eliminate the postal inspectors' discretion in deciding when so-called mail covers are needed and give sole authority to the Federal Bureau of Investigation, if it determines that the material is relevant to an authorized investigation to obtain foreign intelligence, according to a draft of the bill. The proposal would not allow the bureau to open mail or review its content. Such a move would require a search warrant, officials said. The Intelligence Committee has not publicly released the proposal, but a draft was obtained by The New York Times. The provision is part of a broader package that also strengthens the bureau's power to demand business records in intelligence investigations without approval by a judge or grand jury. The proposals reflect efforts by the administration and Senate Republicans to bolster and, in some ways, broaden the power of the bureau to fight terrorism, even as critics are seeking to scale back its authority under the law known as the USA Patriot Act. A debate over the government's terrorism powers is to begin in earnest at a session of the Intelligence Committee on Thursday, in what is shaping up as a heated battle over the balance between fighting terrorism and protecting civil rights in the post-Sept. 11 era. The F.B.I. has conducted mail covers for decades in criminal and national security investigations. But the prospect of expanding its authority to monitor mailings alarmed some privacy and civil rights advocates and caused concerns among postal officials, as well. They said the proposal caught them off guard. This is a major step, the chief privacy officer for the Postal Service, Zoe Strickland, said. From a privacy perspective, you want to make sure that the right balance is struck between protecting people's mail and aiding law enforcement, and this legislation could impact that balance negatively. The new proposal removes discretion from the Postal Inspection Service as to how the mail covers are implemented, Ms. Strickland said in an interview. I worry quite a bit about the balance being struck here, and we're quite mystified as to how this got put in the legislation. Officials on the Intelligence Committee said the legislation was intended to make the F.B.I. the sole arbiter of when a mail cover should be conducted, after complaints that undue interference from postal inspectors had slowed operations. The F.B.I. would be able to control its own investigations of terrorists and spies, and the postal service would have to comply with those requests, said an aide to the Intelligence Committee who is involved in the proposal but insisted on anonymity because the proposal remains confidential. The postmaster general shouldn't be able to substitute his judgment for that of the director of the F.B.I. on national security matters, the aide said. The proposal would generally prevent the post office from disclosing a mail cover. It would also require the Justice Department to report to Congress twice a year on the number of times the power had been used. Civil rights advocates said they thought that the proposal went too far. Prison wardens may be able to monitor their prisoners' mail, said Lisa Graves, senior counsel for the American Civil Liberties Union, but ordinary Americans shouldn't be treated as prisoners in their own country. Marcia Hofmann, a lawyer for the Electronic Privacy Information Center, a public interest group here, said the proposal certainly opens the door to abuse in our view. The Postal Service would be losing its ability to act as a check on the F.B.I.'s investigative powers, Ms. Hofmann said. Postal officials refused to provide a tally of mail covers, saying the information was confidential. They said the Postal Service had not formally rejected any requests from the bureau in recent years. A tally in 2000 said the Postal Service conducted 14,000 mail covers that year for a variety of law enforcement agencies, a sharp increase over the previous year. The program has led to sporadic reports of abuse. In the mid-1970's the Church Committee, a Senate panel that documented C.I.A. abuses, faulted a program created in
Re: how email encryption should work (and how to get it used...)
-- On 30 Mar 2005 at 13:00, Amir Herzberg wrote: A missing element is motivation for getting something like this deployed... I think spam could offer such motivation; and, I strongly believe that a cryptographic protocol to penalize spammers could be one of the most important tools against spam. The cure for spam is not a provable link to a true name, but a provable link to a domain name. The problem with adoption is that this is only beneficial against spam if widely used. We face the usual critical mass problem. The proposal on my blog (blog.jim.com) focusses on encryption at the individual level - one key per email address, not one key per domain name. which would solve the spam problem, but is less immediately helpful than one key per domain name. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Fl8/gx81XkbuiLaqs0tMz+/ctcqWpf8QrHNii7fo 41mnxh9Ph2K70irDlta/Y+pRlE0zVmBG5xdTi+LFm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
