Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
At 9:29 AM -0700 10/28/04, James A. Donald wrote: Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? I think we're getting there. We're going to need a, heh, killer ap, for it, of course. :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
James A. Donald wrote: R.A. Hettinga wrote: [The mobile phone is] certainly getting to be like Chaum's ideal crypto device. You own it, it has its own I/O, and it never leaves your sight. Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? I've been programming phones and PDAs for several years. They are certainly powerful enough for symmetric operations. Some at the higher end can to public key operations at a reasonable speed. The lower end ones can't. Try taking a look at the new Treos, the newer PocketPC devices, and phones such as the Motorola A760. The ideal crypto device would be programmed by burning new proms, thus enabling easy reprogramming, while making it resistant to trojans and viruses. Some of the devices partition their storage, with portions that are easily modified, and portions which are more secure. The carriers generally want to prevent users from modifying the SW in ways which could enable fraud or damage the network, yet allow downloads of games, apps, etc. Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
At 10:29 AM 10/28/2004, James A. Donald wrote: Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? The ideal crypto device would be programmed by burning new proms, thus enabling easy reprogramming, while making it resistant to trojans and viruses. there are a couple different trust relationships ... the issue of the user trusting the keyboard/terminal ... and the issue of the relying party trusting the keyboard/terminal. The FINREAD terminal ... misc. (EU) finread references: http://www.garlic.com/~lynn/subpubkey.html#finread supposedly is certified as an stand-alone external keypad and display that can't (very difficult) in being hacked. the financial scenario is that the display can be trusted to display the amount being approved the user puts in his card and enters their pin/password. The pin-pad is certified as not being subject to virus keyloggers (that you might find if a PC keyboard was being used). For the relying party (say an online financial institution) ... the user putting their card into the reader ... and the card generating some unique value ... would indicate to the relying party something you have authentication. The user entering a PIN can both indicate something you know authentication as well as implying that the user aggrees/approves with the value in the display. Note that the implied agreement/approval ... in not just dependent on the user entering the PIN ... but also on the certification of the terminal ... that the terminal doesn't accept the PIN until after the certified terminal displays the correct value (i.e. there is a certified business process sequence). The entering of the PIN can also involving transmitting some form of the PIN to the relying party ... and/or the PIN is passed to the smartcard/chip ... and the chip is known to only operate in the appropriate manner when the correct PIN is entered. In this later case, the relying party doesn't actually have knowledge of the something you know authentication but the relying party can infer it based on knowing the certified business process operation of all of the components. Lets say the unique value provided by the smartcard is some form of digital signature ... and the relying party infers from the correct digitial signature something you have authentication. There is still the trust issue between the relying party and the terminal used by the user which may also require that the (certified eu finread) terminal also performs a digital signature in order for the relying party to be able to trust that it really was a terminal of specific characteristics ... as opposed to some counterfeit or lower-trusted terminal. There is still the issue of the user trusting such a terminal. If the terminal belongs to the user in the user physical home space then there isn't as much of a trust issue regarding the user trusting the terminal. The problem arises for the user if they are faced with using a terminal in some random, unsecured location some place in the world. Even in the situation where a relying party receives a valid transaction with a valid digital signature from a certified, known finread terminal ... there are still a number of MITM attacks on finread terminals that might be located in unsecured locations (various kinds of overlays and/or intermediate boxes capable of performing keylogging and/or modified display presentation). The personal cellphone and/or PDA ... with user owned display and key entry is a countermeasure to various kinds of MITM attacks on terminals in public /or unsecured locations (user has no way of easily proofing that they aren't faced with some form of compromised terminal environment). -- Anne Lynn Wheeler http://www.garlic.com/~lynn/
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Ian Grigg wrote: Alan Barrett wrote: On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... The risks of using *somebody else's keypad* to type passwords or instructions to your smartcard, or using *somebody else's display* to view output that is intended to be private, should be obvious. :-) It should be obvious. But it's not. A few billions of investment in smart cards says that it is anything but obvious. That assumes that the goal of smartcards is to increase security instead of to decrease liability. -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Ben, Ian Grigg wrote: It should be obvious. But it's not. A few billions of investment in smart cards says that it is anything but obvious. That assumes that the goal of smartcards is to increase security instead of to decrease liability. On whether the goal of smart cards is to reduce liability: a) Not with any systems I was familiar: the major Dutch systems were defensive, oriented to filling the space that was potentially threatened by other parties. The trials were goaled to increase security, which they did not by using smart cards, but by eliminating cash, which had created an unacceptable risk of serious theft in unattended petrol stations. The same happened with UK phone cards... I'm unfamiliar with Mondex or the Belgium/ Proton based motives, but their structures indicate that liability was not a question uppermost on their minds. b) Liability reduction cannot be a goal. If it was, then one could achieve the goal completely - eliminate liability - by not doing the project. Instead, liability and/or reduction of same is a _limitation_ on the goal of the system. c) Whether liability reduction entered into any smart card system as a limitation on their goals is a little uncertain. I would say no, as all the systems were early stage in the institutional model; in which case there was little or no liability. Instead, the only drivers in that vague area would have been future running costs reduction, which would have included well considered security models, and partially considered user support models, to reduce over all costs. Including all forms of risks, of course. d) Liability reduction generally comes into play when a system is mature and/or regulatory issues come into play. That is, liability reduction is something often seen when the desire is to avoid surprises, and to avoid any costs cropping up that weren't well built into the costs model. I.e., the risk models used by credit card operators are one example, and the customer agreement models (or whatever they are called) used by CAs are another example of liability reduction. e) Perversely, banks practice liability increase as well as reduction. In fact, a pure banking model is about the risk of a loan, and they specialise in measuring and managing the risk of that loan. But, as we are talking about payment systems, and loans are banking, and banking is not payment systems, that would be a change in business, so out of scope of the original topic. f) And, of course, all institutions will practice liability increase if they can turn it into a barrier to entry, that is, cartelise the industry so as to block new entrants. See the eMoney directive for the European barrier to entry, which was effectively coordinated by the Bundesbank on behalf of the banks, and resulted in the like a bank, but not a bank, and as costly as a bank approach to digital cash. All of which might or might not hit the target of liability as you wrote it? iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
At 10:41 PM +0200 10/23/04, Eugen Leitl wrote: No, that's going to be the mobile phone. Certainly getting to be like Chaum's ideal crypto device. You own it, it has its own I/O, and it never leaves your sight. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
At 9:30 AM -0400 10/25/04, Trei, Peter wrote: If we're going to insist on dedicated, trusted, physical devices for these bearer bonds, then how is this different than what Chaum proposed over 15 years ago? I don't think that face to face will be necessary. It just means keeping control of your keys, etc. You can stash bearer-bonds on the net in m-of-n storage, where nobody knows what's what, paid by the bit, etc. If you just add a requirment for face to face transactions, then I already have one of these - its called a wallet containing cash. Certainly bits are smaller. See above, though. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Alan Barrett wrote: On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... The risks of using *somebody else's keypad* to type passwords or instructions to your smartcard, or using *somebody else's display* to view output that is intended to be private, should be obvious. :-) It should be obvious. But it's not. A few billions of investment in smart cards says that it is anything but obvious. To be fair, the smart card investments I've been familiar with have been at least very well aware of the problem. It didn't stop them proceeding with papering over the symptoms, when they should have gone for the underlying causes. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Sun, 2004-10-24 at 09:35 -0400, [EMAIL PROTECTED] wrote: | [EMAIL PROTECTED] writes: | | I'm pretty sure that you are answering the question | Why did Microsoft buy Connectix? | | The answer to that one is actually To provide a | development environment for Windows CE (and later XP | Embedded) (the emulator that's used for development | in those environments is VirtualPC). Thank you for | playing. TILT No need to buy a company just to use its product in your development shop. Please insert additional coins. I'd thought it was so Microsoft could offer an emulation-based migration path to all the apps that would be broken by Longhorn. MS has since backed off on the new filesystem proposal that would have been the biggest source of breakage (if rumors of a single-rooted, more *nix-like filesystem turned out to be true). -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
[EMAIL PROTECTED] writes: No need to buy a company just to use its product in your development shop. They're not using it in their development shop, that's their standard development environment that they ship to all Windows CE, Pocket PC, SmartPhone, and XP Embedded developers (and include free with every copy of MSDN). If an entire branch of my OS development was centered around a particular technology, I'd want to make sure I owned both the technology and the developers who created it and will be maintaining/updating it in the future. This isn't an optional add-on that MS uses internally, it's a core component of their embedded OS effort that they push out to anyone who'll take it in an attempt to dissuade them from going with QNX, embedded Linux, VxWorks, etc etc. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
This is what I love about the Internet -- ask a question and get silence but make a false claim and you get all the advice you can possibly eat. OK, I (quite happily) stand corrected about why Microsoft bought Connectix -- it was cheaper given their extensive dependence on the Virtual PC product, including redistribution to outside parties. That's fascinating, actually. Now the reason I brought this up was it seemed like a Heaven- sent bit of circumstantial evidence[1] to inference about a larger business strategy question. That question still stands, but I'll have to look harder for corroborating evidence. --dan, on the road [1] Some circumstantial evidence is very strong, like finding a trout in the milk. -- Henry David Thoreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
-- R.A. Hettinga wrote: [The mobile phone is] certainly getting to be like Chaum's ideal crypto device. You own it, it has its own I/O, and it never leaves your sight. Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? The ideal crypto device would be programmed by burning new proms, thus enabling easy reprogramming, while making it resistant to trojans and viruses. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Fkc1LRTOk91ROlSR8FZ74DmqbH7hISIn+MSojROa 4nrRtvxhCmqe2NdvICprDQBO78fHoQXljK45ROM2W - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
At 03:31 PM 10/25/2004, Ian Grigg wrote: :-) It should be obvious. But it's not. A few billions of investment in smart cards says that it is anything but obvious. To be fair, the smart card investments I've been familiar with have been at least very well aware of the problem. It didn't stop them proceeding with papering over the symptoms, when they should have gone for the underlying c iang my claim about the paradigm is that during the 80s, there was start of lot of investment by all sorts of parties into smartcards ... targeted for the portable computing market niche ... where the state of the art would allow relatively powerful computing and memory in such chips ... but the technology didn't exist for portable input/output technology as a result there also had to be ISO international standards for the input/output stations that would interoperate with the smartcards. that market niche started to disappear in the early 90s with the appearance of portable input/output technology associated with cellphones and PDAs. by this time, at least several billion dollars had been invested in the technology. somewhat to recoup (at least some portion of) the investment, there has been some searching for alternative market niches for the technology. In the early 90s, my wife and I consulted to some agencies on aspects of this. one such target was emergency medical information a person could carry their complete medical records in such a form factor and in a lifedeath emergency the emergency crews could pull out the victims card and insert it into their locak, offline, portable display technology and have access to the victims complete medical records. The problem in this scenario was that an emergency first responder isn't likely to be able to make use of the victims medical records in offline manner. First off, if it is a real emergency ... how does a first responder do other than triage. Typically for anything that involves anything more complicated ... the first responder has to go online to real doctors at some remote location. If you have a real online environment ... to real (remote) doctors ... then a much better solution is to have something that authenticates the victim ... and the consulting doctor then has some mechanism for locating and retrieving the online medical records (as opposed to first responder being able to make sense out of a victim's complete medical records). Another niche for the technology was offline financial transactions ... for parts of the world where online connectivity was difficult, non-existent and/or extremely expensive. the smartcard would contain the business rules and logic for performing (offline) financial transaction interacting with random merchant terminals. Two issues arise here there is a significant mutual suspicion (lack of trust) problem between random merchant terminals anywhere in the world and random consumer smartcards anywhere in the world; and the technology started to be deployed at a time when online connectivity was starting to become ubiquitous and easily available in most places in the world. An example is the european deployed stored-value (offline) smartcards in the 90s compared to the rapid market penetration of stored-value (online) magstripe (gift, affinity, merchant, etc) cards in the US making use of the ubiquitous nature of online connectivity available in the US. Again, which the availability of online the problem changes from requiring a very expensive and trusted distributed offline infrastructure and offline distributed business rules to the much more simple problem of requiring (increasingly strong) authentication. So the financial oriented infrastructure has seen some amount of skimming threats and exploits with the terminals and/or networks. Even if the smartcard paradigm is just reduced to a (dumb) chipcard that only provides strong authentication the issue is does the consumer completely provide their own environment ... or do they have to depend on (and trust) randomly located terminals at random locations around the world. Part of the authentication issue ... is the 3-factor authentication model * something you have * something you know * something you are the card (or chip) provides the something you have piece. in order to add something you know ... requires the consumer entering a pin or password; the issue then becomes does the consumer trust some randomly located pin-pad. there is a similar issue with whether the consumer trust their own biometric sensor or would they trust somebody else's biometric sensor. a consumer owned cell phone could presumably provide both a consumer trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera cell phone could be used for sensor for various kinds of biometric info. some part of the issue is that the original target market niche for smartcards (portable computing with fixed interoperable input/output stations) started to
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... The risks of using *somebody else's keypad* to type passwords or instructions to your smartcard, or using *somebody else's display* to view output that is intended to be private, should be obvious. --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
| [EMAIL PROTECTED] writes: | | I'm pretty sure that you are answering the question | Why did Microsoft buy Connectix? | | The answer to that one is actually To provide a | development environment for Windows CE (and later XP | Embedded) (the emulator that's used for development | in those environments is VirtualPC). Thank you for | playing. TILT No need to buy a company just to use its product in your development shop. Please insert additional coins. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
http://www.financialcryptography.com/mt/archives/000219.html [EMAIL PROTECTED] wrote: ... to break the conundrum Ballmer finds himself in where the road forks towards (1) fix the security problem but lose backward compatibility, or (2) keep the backward compatibility but never fix the problem. I think the recent decision by Microsoft to not upgrade browsers indicates that they are plumbing for your choice (1). Backwards compatibility takes a back seat. I wrote more about it here: http://www.financialcryptography.com/mt/archives/000219.html His Board would prefer (2), the annuity of locked-in users, but it forces a bet that software liability never happens. Fixing the problem, for which the calls grow more strident daily, puts the desktop platform into play even more than it is now as it asks the users (who, having lost compatibility, thus have nothing to lose) to marry Redmond a second time. A VM-cures-all strategy is then an attempt to avoid having to choose between (1) and (2) by breaking backward compatibility for new things but bridging the old things with a magic box that both preserves the annuity revenue stream from locked-in users while it keeps the liability bar at bay. I have two questions: Does he have a board? I never heard of anyone but Bill Gates telling Ballmer what to do. Just curious! Secondly, is a VM strategy likely to work? Assuming that Microsoft can make it work nicely, it also opens the door for other OSs to be added into the mix, something that Microsoft wouldn't be that keen to promote. (I don't disagree with your comments, though!) iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse Sent: Saturday, October 23, 2004 1:58 AM To: Ian Grigg Cc: [EMAIL PROTECTED] Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money) Ian Grigg wrote: James A. Donald wrote: we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust? None. But a machine that had one purpose in life: to manage the bearer bond, that could be trusted to a reasonable degree. The trick is to stop thinking of the machine as a general purpose computer and think of it as a platform for one single application. Then secure that machine/OS/ stack/application combination. Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. iang How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... That would seem to me a more realistic expectation on consumers who are going to have, before too long, credit cards that fit that description and quite possibly the readers to go with them. Aaron If we're going to insist on dedicated, trusted, physical devices for these bearer bonds, then how is this different than what Chaum proposed over 15 years ago? If you just add a requirment for face to face transactions, then I already have one of these - its called a wallet containing cash. Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
| What machine, attached to a network, using a web browser, and | sending and receiving mail, would you trust? | | I would suggest pursuing work along the lines of a Virtual Machine Monitor | (VMM) like VMWare. This way you can run a legacy OS, even Windows, | alongside a high security simplified OS which handles your transactions. Hal, I'm pretty sure that you are answering the question Why did Microsoft buy Connectix?[1] -- the answer was not, in other words, to screw Mac OS X users but to break the conundrum Ballmer finds himself in where the road forks towards (1) fix the security problem but lose backward compatibility, or (2) keep the backward compatibility but never fix the problem. His Board would prefer (2), the annuity of locked-in users, but it forces a bet that software liability never happens. Fixing the problem, for which the calls grow more strident daily, puts the desktop platform into play even more than it is now as it asks the users (who, having lost compatibility, thus have nothing to lose) to marry Redmond a second time. A VM-cures-all strategy is then an attempt to avoid having to choose between (1) and (2) by breaking backward compatibility for new things but bridging the old things with a magic box that both preserves the annuity revenue stream from locked-in users while it keeps the liability bar at bay. Or so I think. --dan [1] http://www.microsoft.com/windows/virtualpc/previous/default.mspx - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
Hi John, John Kelsey wrote: Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich. Imagine a world where there are a few hundred million dollars in untraceable assets waiting to be stolen, but only on Windows XP boxes with the latest patches, firewalls and scanners installed, and reasonable security settings. IMO, that's a world where every day is day zero. All bugs are shallow, given enough qualified eyeballs, and with that kind of money on the table, there would be plenty of eyeballs looking. We are way way past that point in security, phishing is happening on an industrial scale, and the virus, phish and spam people are united, or at least working together. Internet payment systems are being DDOS/extorted on a regular basis, and hack attempts are routine. We literally already have that world. And once it's done, several thousand early adopters are out thousands of dollars each. This isn't much of an advertisement for the payment system. It's anonymous and based on bearer instruments, so there's no way to run the fraudulent transactions back. The money's gone, and the attackers are richer, and the next, more demanding round of attacks has been capitalized. Again, we're well past that point. There have been hundreds and hundreds of payment systems out there, and maybe order of a thousand have failed by now, mostly due to business reasons. Some simply due to hacks and attacks, but it is rare, because: What happens is that beyond a certain threshold, the payment system delivers valuable payments. At that point, it starts getting attacked. If those attacks are survived, then it moves on to the next phase. Which would be more attacks of a different nature... (In fact, one seems to have failed in the last few days - EvoCash - and another is on the watch list for failure - DMT/Alta. Both of them suffered from business style attacks it seemed, rather than what we would call security hacks.) The notion that suddenly it's all over isn't what happens. It's a trickle, then it builds up to a flood. Some small hacks come in, and people either look at them or they don't. Those that are diligent and keep an eye on these things respond. Those that don't go out of business. There are more dead payment systems than people on this list, I'd guess, we do have plenty of experience in this. In practice, we've also seen what happens when money that gets stolen can't be traced or stopped. Even though not bearer, systems like e-gold are plenty anon enough, and they don't easily reverse. I doubt bearer systems would necessarily face a problem because of users losing their bearer tokens (but there are plenty of other problems out there like the rather hard insider theft problem). They also have to be able to do something about it. What would you tell a reasonably bright computer programmer with no particular expertise in security about how to keep a bearer asset as valuable as his car stored securely on a networked computer? If you can't give him an answer that will really work in a world where these bearer assets are common, you're just not going to get a widespread bearer payment system working, for the same reason that there's probably nobody jogging with an iPod through random the streets of Sadr City, no matter how careful they're being. When we get to that point, we will have an answer for him. I can assert that with a fair degree of confidence, because a) we can't ever get to that point until we have an answer, and b) we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
-- On 19 Oct 2004 at 21:30, Ian Grigg wrote: (In fact, one seems to have failed in the last few days - EvoCash - and another is on the watch list for failure - DMT/Alta. Both of them suffered from business style attacks it seemed, rather than what we would call security hacks.) To clarify, EvoCash was subjected to DDoS attacks, and persistent attack upon its reputation, both of these seemingly originating from the operator of a ponzi scheme, presumably for the purposes of extortion. we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG hrZ6lTrAZYICXnGqF8vLx7tZ1wcjKkoF7d/jKJbF 4WFPME/Dy9Losvs1g9ZsxwxI0oIYThq0dwJCNpLX9 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
James A. Donald wrote: we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust? None. But a machine that had one purpose in life: to manage the bearer bond, that could be trusted to a reasonable degree. The trick is to stop thinking of the machine as a general purpose computer and think of it as a platform for one single application. Then secure that machine/OS/ stack/application combination. Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
James Donald writes: On 19 Oct 2004 at 21:30, Ian Grigg wrote: we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust? I would suggest pursuing work along the lines of a Virtual Machine Monitor (VMM) like VMWare. This way you can run a legacy OS, even Windows, alongside a high security simplified OS which handles your transactions. You run your regular buggy OS as usual, then hit a function key to switch into secure mode, which enables access to your financial data. The VMM does introduces some performance overhead but for typical web browsing and email tasks it will not be significant. This seems more promising than waiting for Windows to become secure, or for everyone to switch to Linux. I believe there are a number of academic projects along these lines, for example the Terra project, http://www.stanford.edu/~talg/papers/SOSP03/abstract.html , which uses a hardware security chip to try to protect one VM's data from another. I don't know if the extra complexity buys you much in this application though. Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
