I, too, would love to get the details, but Peter is right here.
The flaw he reported was in the PKI itself, not in the UI. If there were a
bulletproof OS with perfect non-confusing UI, once the malware has a valid
signature that traces to a valid certificate, it's the PKI that failed.
As for EV
-Original Message-
From: John Gilmore [mailto:[EMAIL PROTECTED]
Sent: Monday, January 05, 2004 3:11 PM
To: Carl Ellison
Cc: 'Paul A.S. Ward'; [EMAIL PROTECTED]
Subject: Re: Walton's Mountain notaries (identity requirements)
... once again I heard
-Original Message-
From: Paul A.S. Ward [mailto:[EMAIL PROTECTED]
Sent: Monday, December 29, 2003 11:29 AM
Subject: RE: Repudiating non-repudiation
I was recently the subject of identity theft.
Specifically, the thieves had my SSN (SIN, actually, since it is in
Canada), and my
: Tuesday, December 23, 2003 1:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
Ben, Carl and others,
At 18:23 21/12/2003, Carl Ellison wrote:
and it included non-repudiation which is an unachievable,
nonsense concept.
Any alternative definition
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
Sent: Tuesday, December 23, 2003 1:44 AM
To: [EMAIL PROTECTED]
Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
Ah. That's why they're trying to rename the corresponding keyUsage
Ellison; [EMAIL PROTECTED]
Subject: RE: Non-repudiation (was RE: The PAIN mnemonic)
At 04:20 25/12/2003, Carl Ellison wrote:
...
If you want to use cryptography for e-commerce,
then IMHO you need a
contract signed on paper, enforced by normal contract law,
in which one
party
A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
Sorry, Lynn, but I don't buy this.
It's missing replay prevention (freshness)
and it included non-repudiation which is an unachievable, nonsense concept.
If
-Original Message-
From: Anne Lynn Wheeler [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 21, 2003 6:42 AM
To: Carl Ellison
Cc: 'Anne Lynn Wheeler'; [EMAIL PROTECTED]
Subject: Re: The PAIN mnemonic
At 11:20 PM 12/20/2003 -0800, Carl Ellison wrote:
and it included non
Message-
From: Seth David Schoen [mailto:[EMAIL PROTECTED] On Behalf Of
Seth David Schoen
Sent: Sunday, December 21, 2003 3:03 PM
To: Carl Ellison
Cc: 'Stefan Lucks'; [EMAIL PROTECTED]
Subject: Re: Difference between TCPA-Hardware and a smart
card (was: example: secure computing kernel
|
+---Officer, arrest that man. He's whistling a copyrighted song.---+
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 2:42 AM
To: Carl Ellison
Cc: 'Stefan Lucks'; [EMAIL PROTECTED]
Subject: Re: Difference between TCPA-Hardware and a smart
card
|
+---Officer, arrest that man. He's whistling a copyrighted song.---+
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefan Lucks
Sent: Tuesday, December 16, 2003 1:02 AM
To: Carl Ellison
Cc: [EMAIL PROTECTED]
Subject: RE: Difference between
/~cme |
|PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 |
+---Officer, arrest that man. He's whistling a copyrighted song.---+
-Original Message-
From: Anton Stiglic [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 07, 2003 2:11 PM
To: Carl Ellison; 'Will Rodger
The third annual PKI Research workshop CFP has been posted.
http://middleware.internet2.edu/pki04/
This workshop considers the full range of public key technology used
for security decisions. PKI supports a variety of functionalities
including authentication, authorization, identity
Hi John.
I'm sorry you were disappointed. I appreciate your comments on the
overview and summary, though.
1024-bit is not an upper limit in key size - but a lower limit. I
appreciate your suggestion of varying key lengths and am glad that
you have put it in the open literature (this mail
http://www.upnp.org/draftspecs/
Enjoy,
Carl
++
|Carl Ellison Intel R D E: [EMAIL PROTECTED] |
|2111 NE 25th AveT: +1-503-264-2900 |
|Hillsboro OR 97124 F: +1-503-264-3375 |
|PGP
At 12:00 PM 6/13/2003 +0200, Stefan Mink wrote:
Hi Carl,
On Wed, Jun 11, 2003 at 09:56:12PM -0700, Carl Ellison wrote:
There's one draft that should have gone on to RFC, but people were
using it from the draft instead. It's my fault that we left it at
that stage and didn't publish the RFC
16 matches
Mail list logo