Re: Overcoming the potential downside of TCPA
At 10:58 PM 8/13/2002 -0700, Joseph Ashwood wrote: Lately on both of these lists there has been quite some discussion about TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :) However there is something that is very much worth noting, at least about TCPA. There is nothing stopping a virtualized version being created. The only thing to stop that is the certificate on the TCPA's built-in key. You would have to shave one TCPA chip and use its key in the virtualized version. If you distributed that shaved key publicly or just to too many people, then its compromise would likely be detected and its power to attest to S/W configuration would be revoked. However, if you kept the key yourself and used it only at the same frequency you normally would (for the normal set of actions), then the compromise could not be detected and you should be able to run virtualized very happily. That's one of the main problems with TCPA, IMHO, as a security mechanism: that its security depends on hardware tamper resistance -- but at the same time, the TPM needs to be a cheap part, so it can't be very tamper resistant. - Carl +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 | +---Officer, arrest that man. He's whistling a copyrighted song.---+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
the anvil problem
At 05:04 PM 5/29/2002 -0400, Adam Fields wrote: Hughes, James P says: Change the billboard for elevator music (which will be protected). Will you be able to play back your digital dictations *if* they were recorded in an environment that included background music. IMHO, Silly does not mean they will not be successful. Look at DMCA. I'm curious - I've never seen any discussion of this, but it hit home quite forcefully when I was ejected from my battery park apartment on 9/11 and needed to temporarily install some software on a new computer - has anyone made the point that enforced technological copyright protections are detrimental to security because they eliminate the possibility of using that technology in an emergency? We call this the anvil problem. Your copy protections must not prevent you from moving all your soft assets over to another computer when your first computer had an anvil dropped on it (or when it fell under the roller of a steam roller). +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: FC: Hollywood wants to plug analog hole, regulate A-D converters
At 01:14 PM 5/29/2002 -0500, [EMAIL PROTECTED] wrote: From: Pete Chown [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 8:05 AM David G. Koontz wrote: Can you imagine watermarks on billboard advertisements? How subliminal. Actually this would be weird. Suppose digital cameras had to be fitted with a watermark detection system. Suddenly, we have lost a much more fundamental fair use right -- the right to include copyright material as an incidental part of a photograph. [SNIP] I would like to buy some watermarked cloths please. Then I could be invisible :-) Cover your car with them, for running red lights that are monitored by cameras! +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: biometrics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 03:55 PM 1/26/2002 -0500, Perry E. Metzger wrote: [EMAIL PROTECTED] [EMAIL PROTECTED] writes: Not wanting to have extended contest over this, I'm afraid I'm not letting it drop. but all these absolutes in the comments are just too simplistic. Devices can be made as tamper-resistant as the threat- and value-model required. No, they can't. That's an engineering hope, not an engineering reality. The hope you're expressing is that well, maybe we can't make it impossible to break this design, but we can make it cost more to break the system than breaking it will bring the bad guy, and we can do that without said tamper-resistance costing us more than we can afford. I've heard rumor of an effort a while back to layer Thermite into a printed circuit board, so that a machine could self-destruct in case of tampering. I doubt it ever got reviewed by OSHA, however. :) -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBPFNoY3PxfjyW5ytxEQIvlgCgowahUTOiGYpWHu/YhuJpGSfWzs4An2Cm tiaRwxCxNE51RKtmS6F0f+UF =8jjr -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Authenticating logos
At 09:59 AM 1/17/2002 +0200, Amir Herzberg wrote: A very important goal of secure commerce is to provide alternate mechanisms in cyberspace. This is since when a hacker is using ATT's logo in her website, it may not be feasible for ATT to sue him (in particular he may reside in places where logos are not protected as well...). There's another problem, with the net. The company may not be aware of the mis-use of their logo. It's not on a brick and mortar building. It's delivered to individuals. It can also be put up and taken down rapidly. So, someone can mount an attack with misuse of a logo, run the attack for a short time, and then drop use of that logo before the company that owns it ever sees the misuse. +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
At 09:44 AM 1/14/2002 -0800, Eric Rescorla wrote:
Stef Caunter [EMAIL PROTECTED] writes:
Does a user of ssl services care to know absolutely that they are
communicating verifiably with whom they believe they have contacted, or does
the user care to know absolutely that their communication is completely
private?
These are inextricably connected. If you want to know that
your communications are private in the face of active attack
you need to know who you're talking to as well.
Of course you do. That's why https://store.palm.com/ is such a problem. You thought
you were talking to (and wanted to talk to) Palm Computing, just like the logos and
page layout said you were. You're not. You're talking to a MITM. Palm hired them to
run the store? The certificates don't say that.
[snip]
Why can't self-verification be promoted? Why can't an nslookup call be built
into certificate presentations?
What are you talking about? An nslookup call wouldn't help anything.
The essential problem is establishing that the public key you receive
over the network actually belongs to the person you think it does.
In the absence of a prior arrangement, the only way we know how
to do this is to have that binding vouched for by a third-party.
Actually, Eric, the third party might confuse that for you. The function it performs
with respect to naming is not totally unlike the function of early anonymizers. The
TTP chooses a name to bind to the public key that might have only a tenuous relation
to the name by which you know the keyholder. As a result, when you do a name
comparison between the certificate Subject and what you know about this person, the
person you think it does, you may have to make a guess about whether the match is
correct.
Here we spend all this effort to reduce the probability of error, in the cryptography,
to values like 2^{-128} and then make the security decision depend just as much on a
guess with a much greater probability of error. From the point of view of error
probability, we should have left out the cryptographic part entirely.
- Carl
P.S. the workshop where we should (and probably will) be discussing this is
http://www.cs.dartmouth.edu/~pki02/ and there are still two weeks before papers are
due.
++
|Carl Ellison Intel E: [EMAIL PROTECTED] |
|2111 NE 25th Ave M/S JF3-212 T: +1-503-264-2900 |
|Hillsboro OR 97124 F: +1-503-264-6225 |
|PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 |
| 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240|
++
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
At 02:47 PM 1/14/2002 -0800, Eric Rescorla wrote: Meanwhile, the information that the user really looks at to make a security decision (the Palm logo and the little padlock) aren't related at all. No possible security system can protect people who trust whatever logo happens to be transmitted to them in web pages. That is certainly true today, but that is precisely how users decide whether or not to give up their credit card numbers or more sensitive information. It's a good thing that the user is absolved of liability in case the credit card is stolen. I disagree that it's not possible to secure logos. It's a MMOP (mere matter of programming). :) - Carl ++ |Carl Ellison Intel E: [EMAIL PROTECTED] | |2111 NE 25th Ave M/S JF3-212 T: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-6225 | |PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 | | 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240| ++ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
At 05:45 PM 12/26/2001 -0500, Perry E. Metzger wrote: Phillip Hallam-Baker [EMAIL PROTECTED] writes: Methinks you complain too much. PKI is in widespread use, it is just not that noticeable when you use it. This is how it should be. SSL is widely used to secure internet payment transactions. HTTPS SSL does not use PKI. SSL at best has this weird system in which Verisign has somehow managed to charge web sites a toll for the use of SSL even though for the most part the certificates assure the users of nothing whatsoever. (If you don't believe me about the assurance levels, read a Verisign cert practice statement sometime.) If that's not good enough for you, go to https://store.palm.com/ where you have an SSL secured page. SSL prevents a man in the middle attack, right? This means your credit card info goes to Palm Computing, right? Check the certificate. +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
Ray, if you look at PKI as a financial mechanism (like credit cards), then I see two major problems: 1. the PKI vendors aren't financial institutions, so they aren't in a position to assume risk and make money from that 2. the current PKI thinking (e.g., with rebuttable presumption of non-repudiation) is anti-consumer, when viewed as a financial mechanism, and I can't imagine that succeeding even if the vendors were banks. - Carl ++ |Carl Ellison Intel E: [EMAIL PROTECTED] | |2111 NE 25th Ave M/S JF3-212 T: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-6225 | |PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 | | 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240| ++ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Workshop on Public Key Authentication / Authorization Research
http://www.cs.dartmouth.edu/~pki02/cfp.pdf We're looking for papers to be submitted by the end of January '02 and we're especially interested in papers on the real ways to use public key technology to solve real problems. Please pass the word to researchers you know who might not have heard of this workshop yet. Thanks, - Carl +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Security Research (Was: Scarfo keylogger, PGP )
At 08:52 PM 10/16/2001 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Ben Laurie writes: Trei, Peter wrote: Windows XP at least checks for drivers not signed by MS, but whose security this promotes is an open question. Errr ... surely this promotes MS's bottom line and no-one's security? It is also a major pain if you happen to want to write a device driver, of course. Microsoft? See their view of how to deal with security at http://www.newsbytes.com/news/01/171173.html -- I wonder if they think it should apply to crypto research, too? From that link: It's high time the security community stopped providing blueprints for building these weapons, he said. === Remember after the OK City bombing, there were calls to remove instructions on bomb making from the Internet? That failed when people pointed out the USDA and public library sources, although some went on to claim they should be removed from there, too. Free speech, anyone? With bug reports, there are none coming from USDA or to be found in public libraries, so it looks like we're a lot more vulnerable. When will the Internet be so ingrained in American life that it's no longer vulnerable like this? +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
anon. registration (was Re: Computer Security Division Activities)
At 12:35 AM 10/14/2001 GMT, David Wagner wrote: Mike Brodhead wrote: Just about all of the private-sector conferences I have attended require registration. I think this is a poor example. I expect you'd be welcome to use the name 'John Smith' and pay cash, if you like. Using the name John Smith should be fine. I don't remember ever being carded at a conference. Using cash might be a hassle. What if they don't have a cash box? BTW, the counter person at my local post office explained to me recently that they're pushing for credit card payments rather than cash, because it's cheaper for them to process. I find that really hard to believe, but it's the story I'm getting. +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: AGAINST ID CARDS
Declan, we already have a national ID card: a passport. Knowing that some government (or forger) has attached some name to a picture that looks like the person holding the card gives you some information about that person, with a non-0 probability. But, is it the information you want? At least some of the 9/11 hijackers had passports. - Carl +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to ban crypto?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 05:26 PM 9/16/2001 +0100, Peter Fairbrother wrote: Bin-Laden was at one time said to use stego in posted images for comms. I heard that restated today on NPR by an ex-FBI commentator. I think it is ironic that Congress passed a law a while ago that discourages crypto researchers from studying and publishing how to detect and defeat stego systems. Of course, terrorists won't use watermarking stego systems, but the discouragement of researchers in one area of stego is likely to discourage them in another (or in cryptography in general). -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBO6UVx3PxfjyW5ytxEQItqgCfZcOv3rI6i6kGpQ/RfHvhqbcILfoAoJ1Q AYjmfg8XVYynTsx+CMXXP6gJ =ochU -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto backdoors = terrorisms free reign
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 07:46 PM 9/14/2001 -0500, [EMAIL PROTECTED] wrote: I don't understand why anyone would choose to vote for an individual that doesn't understand the above logic. I wish people voted for people who understood any kind of logic. As Matt Blaze pointed out at USENIX Security this year, politicians aren't scientists. We value logic and truth. Politicians value getting people to agree. A scientist's pursuit of logic and truth uses disagreement. To a politician, disagreement is a tool of attack. - Carl -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBO6OOyXPxfjyW5ytxEQKrDwCeLml5tYeixa75g1KGndS7g7jyv1UAoJzz ppmtNzb9h3DKVUpbiX/hBQfW =Gswr -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Congress mulls crypto restrictions in response to attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 12:23 AM 9/15/2001 -0700, Bram Cohen wrote: People in cells probably forego electronic communications completely for highly sensitive information - face to face communication works fine and doesn't involve anywhere near the risks. According to the author of a biography on bin Laden, interviewed on this morning's NPR coverage, he uses only person-to-person communication with people bound to him by blood. That interview should be available on the archive soon. -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBO6OP4nPxfjyW5ytxEQKMWgCgj60RzQP02W5lS/J8B9MImZ16SAsAoJe8 gcvEl1R25DOydLW917wte62D =yin5 -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
