two bits of light holiday reading

2008-12-26 Thread Ivan Krstić 

1.

Jonathan Zittrain's[0] latest book, 'The Future of the Internet and  
How to Stop It', is available as a free PDF licensed under CC-BY-NC-SA:


http://futureoftheinternet.org/static/ZittrainTheFutureoftheInternet.pdf 



While not dealing with cryptography per se, it does focus on the wider  
implications of the worsening situation in modern computer security,  
and what it means for the new computing platforms we're seeing now and  
in the future. Zittrain is one of the foremost cyberlaw thinkers on  
the planet; given a number of discussions on this list, I thought the  
book would be of interest to subscribers.


[0] http://en.wikipedia.org/wiki/Jonathan_Zittrain


2.

The DC-based Center for Strategic and International Studies recently  
released a report titled 'Securing Cyberspace for the 44th Presidency'  
written by a number of influential authors:


http://www.csis.org/media/csis/pubs/081208_securingcyberspace_44.pdf

Of most interest to this list, the report suggests going on the  
offensive with regard to identity management, proposing to restrict  
bonuses and awards of US federal agencies not using strong digital  
credentials for employees in sufficient numbers (logical pp. 61-65).  
Maybe, uh, it'll work this time around?


Cheers,

--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Security by asking the drunk whether he's drunk

2008-12-26 Thread Peter Gutmann 
d...@geer.org writes:

I'm hoping this is just a single instance but it makes you remember that the
browser pre-trusted certificate authorities really needs to be cleaned up.

Given the more or less complete failure of commercial PKI for both SSL web 
browsing and code-signing (as evidenced by the multibillion-dollar cybercrime 
industry freely doing all the things that SSL certs and code-signing were 
supposed to prevent them from doing), it's not so much cleaned up as 
replaced with something that may actually work.  Adding support for a 
service like Perspectives (discussed here a month or two back) would be a good 
start since it provides some of the assurance that a commercial PKI can't (and 
as an additional benefit it also works for SSH servers, since it's not built 
around certificates).

So, when will Google add Perspectives support to their search database? :-).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com