RE: A mighty fortress is our PKI, Part III

2010-09-16 Thread Carl Ellison
I, too, would love to get the details, but Peter is right here. The flaw he reported was in the PKI itself, not in the UI. If there were a bulletproof OS with perfect non-confusing UI, once the malware has a valid signature that traces to a valid certificate, it's the PKI that failed. As for EV

RE: Walton's Mountain notaries (identity requirements)

2004-01-07 Thread Carl Ellison
-Original Message- From: John Gilmore [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 3:11 PM To: Carl Ellison Cc: 'Paul A.S. Ward'; [EMAIL PROTECTED] Subject: Re: Walton's Mountain notaries (identity requirements) ... once again I heard

Walton's Mountain notaries

2004-01-03 Thread Carl Ellison
-Original Message- From: Paul A.S. Ward [mailto:[EMAIL PROTECTED] Sent: Monday, December 29, 2003 11:29 AM Subject: RE: Repudiating non-repudiation I was recently the subject of identity theft. Specifically, the thieves had my SSN (SIN, actually, since it is in Canada), and my

RE: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Carl Ellison
: Tuesday, December 23, 2003 1:18 AM To: [EMAIL PROTECTED] Subject: Re: Non-repudiation (was RE: The PAIN mnemonic) Ben, Carl and others, At 18:23 21/12/2003, Carl Ellison wrote: and it included non-repudiation which is an unachievable, nonsense concept. Any alternative definition

RE: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Carl Ellison
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm Sent: Tuesday, December 23, 2003 1:44 AM To: [EMAIL PROTECTED] Subject: Re: Non-repudiation (was RE: The PAIN mnemonic) Ah. That's why they're trying to rename the corresponding keyUsage

RE: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Carl Ellison
Ellison; [EMAIL PROTECTED] Subject: RE: Non-repudiation (was RE: The PAIN mnemonic) At 04:20 25/12/2003, Carl Ellison wrote: ... If you want to use cryptography for e-commerce, then IMHO you need a contract signed on paper, enforced by normal contract law, in which one party

The PAIN mnemonic

2003-12-22 Thread Carl Ellison
A security taxonomy, PAIN: * privacy (aka thinks like encryption) * authentication (origin) * integrity (contents) * non-repudiation Sorry, Lynn, but I don't buy this. It's missing replay prevention (freshness) and it included non-repudiation which is an unachievable, nonsense concept. If

Non-repudiation (was RE: The PAIN mnemonic)

2003-12-22 Thread Carl Ellison
-Original Message- From: Anne Lynn Wheeler [mailto:[EMAIL PROTECTED] Sent: Sunday, December 21, 2003 6:42 AM To: Carl Ellison Cc: 'Anne Lynn Wheeler'; [EMAIL PROTECTED] Subject: Re: The PAIN mnemonic At 11:20 PM 12/20/2003 -0800, Carl Ellison wrote: and it included non

RE: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-22 Thread Carl Ellison
Message- From: Seth David Schoen [mailto:[EMAIL PROTECTED] On Behalf Of Seth David Schoen Sent: Sunday, December 21, 2003 3:03 PM To: Carl Ellison Cc: 'Stefan Lucks'; [EMAIL PROTECTED] Subject: Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel

RE: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-20 Thread Carl Ellison
| +---Officer, arrest that man. He's whistling a copyrighted song.---+ -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 2:42 AM To: Carl Ellison Cc: 'Stefan Lucks'; [EMAIL PROTECTED] Subject: Re: Difference between TCPA-Hardware and a smart card

RE: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-20 Thread Carl Ellison
| +---Officer, arrest that man. He's whistling a copyrighted song.---+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Lucks Sent: Tuesday, December 16, 2003 1:02 AM To: Carl Ellison Cc: [EMAIL PROTECTED] Subject: RE: Difference between

RE: yahoo to use public key technology for anti-spam

2003-12-09 Thread Carl Ellison
/~cme | |PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 | +---Officer, arrest that man. He's whistling a copyrighted song.---+ -Original Message- From: Anton Stiglic [mailto:[EMAIL PROTECTED] Sent: Sunday, December 07, 2003 2:11 PM To: Carl Ellison; 'Will Rodger

PKI Research Workshop '04, CFP

2003-10-21 Thread Carl Ellison
The third annual PKI Research workshop CFP has been posted. http://middleware.internet2.edu/pki04/ This workshop considers the full range of public key technology used for security decisions. PKI supports a variety of functionalities including authentication, authorization, identity

Re: UPnP Security specs available for review

2003-08-26 Thread Carl Ellison
Hi John. I'm sorry you were disappointed. I appreciate your comments on the overview and summary, though. 1024-bit is not an upper limit in key size - but a lower limit. I appreciate your suggestion of varying key lengths and am glad that you have put it in the open literature (this mail

UPnP Security specs available for review

2003-08-22 Thread Carl Ellison
http://www.upnp.org/draftspecs/ Enjoy, Carl ++ |Carl Ellison Intel R D E: [EMAIL PROTECTED] | |2111 NE 25th AveT: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-3375 | |PGP

Re: SDSI/SPKI background

2003-06-13 Thread Carl Ellison
At 12:00 PM 6/13/2003 +0200, Stefan Mink wrote: Hi Carl, On Wed, Jun 11, 2003 at 09:56:12PM -0700, Carl Ellison wrote: There's one draft that should have gone on to RFC, but people were using it from the draft instead. It's my fault that we left it at that stage and didn't publish the RFC