Re: SSL and Malicious Hardware/Software

2008-05-06 Thread Arcane Jill
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven M. Bellovin Sent: 03 May 2008 00:51 To: Arcane Jill Cc: cryptography@metzdowd.com Subject: Re: SSL and Malicious Hardware/Software I can't think of a great way of alerting the user, I would

Re: SSL and Malicious Hardware/Software

2008-05-03 Thread Steven M. Bellovin
On Fri, 2 May 2008 08:33:19 +0100 Arcane Jill [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Phillips Sent: 28 April 2008 23:13 To: Cryptography Subject: SSL and Malicious Hardware/Software I can't think of a great

privacy expectations Was: SSL and Malicious Hardware/Software

2008-04-30 Thread Alexander Klimov
On Tue, 29 Apr 2008, Jack Lloyd wrote: Expectations of privacy at work vary by jurisdiction and industry. In the US, and say in the financial services industry, any such expectations are groundless (IANAL). Most places I have worked (all in the US) explicitly required consent to more or

Re: privacy expectations Was: SSL and Malicious Hardware/Software

2008-04-30 Thread Steven M. Bellovin
On Wed, 30 Apr 2008 12:49:12 +0300 (IDT) Alexander Klimov [EMAIL PROTECTED] wrote: http://www.securityfocus.com/columnists/421/2: Lance Corporal Jennifer Long was issued a government computer to use on a government military network. When she was suspected of violations of the

Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Victor Duchovni
On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote: What are people's opinions on corporations using this tactic? I can't think of a great way of alerting the user, but I would expect a pretty reasonable level of privacy while using an SSL connection at work. Expectations of

Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Leichter, Jerry
On Mon, 28 Apr 2008, Ryan Phillips wrote: | Matt's blog post [1] gets to the heart of the matter of what we can | trust. | | I may have missed the discussion, but I ran across Netronome's 'SSL | Inspector' appliance [2] today and with the recent discussion on this | list regarding malicious

Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Jack Lloyd
On Mon, Apr 28, 2008 at 10:03:38PM -0400, Victor Duchovni wrote: On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote: What are people's opinions on corporations using this tactic? I can't think of a great way of alerting the user, but I would expect a pretty reasonable level of

SSL and Malicious Hardware/Software

2008-04-28 Thread Ryan Phillips
Matt's blog post [1] gets to the heart of the matter of what we can trust. I may have missed the discussion, but I ran across Netronome's 'SSL Inspector' appliance [2] today and with the recent discussion on this list regarding malicious hardware, I find this appliance appalling. Basically a