John S. Denker [EMAIL PROTECTED] writes:
But how to trust a machine when you don't have physical
custody? Even the most-skilled members of this list
would find that a challenge (depending, as I have emphasized
before, on what your threat model is).
Note that this is not the only
On Fri, Aug 16, 2002 at 02:23:05AM +0100, Adam Back wrote:
Other explanations?
Same effect here in Germany.
I'm under the impression that security was never really done
for security reasons, but as a kind of fashion. Do it because
everyone is doing it. It's a problem of the decision makers.
--
On 15 Aug 2002 at 15:26, AARG! Anonymous wrote:
Basically I agree with Adam's analysis. At this point I
think he understands the spec equally as well as I do. He
has a good point about the Privacy CA key being another
security weakness that could break the whole system. It
I arrived at that decision over four years ago ... TCPA possibly didn't
decide on it until two years ago. In the assurance session in the TCPA
track at spring 2001 intel developer's conference I claimed my chip was
much more KISS, more secure, and could reasonably meet the TCPA
requirements at
On the employment situation... it seems that a lot of applied
cryptographers are currently unemployed (Tim Dierks, Joseph, a few
ex-colleagues, and friends who asked if I had any leads, the spate of
recent security consultant .sigs, plus I heard that a straw poll of
attenders at the codecon
Hey, this is off-topic for DRM-punks! ;)
more seriously: I think the fundamental issue is that crypto doesn't
really solve many business problems, and it may solve fewer security
problems. See Bellovin's work on how many vulnerabilities would be
blocked by strong crypto. The buying public can't
Adam Back [EMAIL PROTECTED] writes:
Are there any more definitive security industry stats? Are applied
crypto people suffering higher rates of unemployment than general
application programmers? (From my statistically too small sample of
acquaintances it might appear so.)
Hard to say.
Here are some more thoughts on how cryptography could be used to
enhance user privacy in a system like TCPA. Even if the TCPA group
is not receptive to these proposals, it would be useful to have an
understanding of the security issues. And the same issues arise in
many other kinds of systems