Re: Challenge to David Wagner on TCPA
On Wed, Jul 31, 2002 at 11:45:35PM -0700, AARG! Anonymous wrote: Peter Trei writes: AARG!, our anonymous Pangloss, is strictly correct - Wagner should have said could rather than would. So TCPA and Palladium could restrict which software you could run. TCPA (when it isn't turned off) WILL restrict the software that you can run. Software that has an invalid or missing signature won't be able to access sensitive data[1]. Meaning that unapproved software won't work. Ok, technically it will run but can't access the data, but that it a very fine hair to split, and depending on the nature of the data that it can't access, it may not be able to run in truth. If TCPA allows all software to run, it defeats its purpose. Therefore Wagner's statement is logically correct. Yes, the spec says that it can be turned off. At that point you can run anything that doesn't need any of the protected data or other TCPA services. But, why would a software vendor that wants the protection that TCPA provides allow his software to run without TCPA as well, abandoning those protections? I doubt many would do so, the majority of TCPA-enabled software will be TCPA-only. Perhaps not at first, but eventually when there are enough TCPA machines out there. More likely, spiffy new content and features will be enabled if one has TCPA and is properly authenticated, disabled otherwise. But as we have seen time after time, today's spiffy new content is tomorrows virtual standard. This will require the majority of people to run with TCPA turned on if they want the content. TCPA doesn't need to be required by law, the market will require it. At some point, running without TCPA will be as difficult as avoiding MS software in an otherwise all-MS office theoretically possible, but difficult in practice. TCPA could be required by the government or MS or insert evil company here is, I agree, a red herring. It is not outside the realm of possibility, in fact I'd bet that someone at MS has seriously thought through the implications. But to my mind the requirement by defacto standard scenerio I outline above is much more likely, in fact it is certain to happen if TCPA gets in more than say 50% of computers. I worked for a short while on a very early version of TCPA with Geoff Strongin from AMD. We were both concerned that TCPA not be able to be used to restrict user's freedom, and at the time I thought that you can always turn it off was good enough. Now I'm not so sure. If someday all the stuff that you do with your computer touches data that can only be operated on by TCPA-enabled software, what are you going to do? BTW, what's your credentials? You seem familiar with the TCPA spec, which is no mean feat considering that it seems to have been written to make it as difficult to understand as possible (or perhaps someone hired an out-of-work ISO standards writer). I think that Peter's guess is spot on. Of course having you participate as a nym is much preferable to not having you participate at all, so don't feel as though you have to out yourself or stop posting. [1] TCPAmain_20v1_1a.pdf, section 2.2 Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 1024-bit RSA keys in danger of compromise
Here's the distribution of RSA key sizes in SSL servers, as recorded by my SSL server survey in June 2000 and June 2001 RSA Server Key size Key bits2000 2001 2048 .2% .2% 1024 70% 80% = 1000 2% .7% = 768 2% 1% 512 - 0% = 512 25% 17% Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fingerprints (was: Re: biometrics)
On Mon, Jan 28, 2002 at 02:54:57PM -0700, [EMAIL PROTECTED] wrote: I believe NIST published something about FBI needing 40 minutia standard for registration in their database. [reasons why the FBI wants so many minutae deleted] As an example of the real world, a couple years ago I put together a working demo of a smartcard authenticated by a fingerprint (the card then went on to participate in SET). The pre-release fingerprint chip I used would regularly grab about 20 minutae, more like 10 on a bad scan (dirty finger, poor position, etc). If you set the macthing parameters to require all minutae to match, you'd get a positive (i.e. match all minutae) on about one in ten scans. And of course the other reason for wanting such good prints is simply that the FBI can demand them. Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto hardware
On Tue, Jul 10, 2001 at 02:28:08PM -0700, Kent Crispin wrote: A couple of years ago at the RSA conference one of the vendors was exhibiting a tamperproof that would keep a secret key and perform encryptions/signatures using the key. Since the key never left the box, in theory security reduced to physical security around the box. The intended use of the box was as a master for a CA. I thought the vendor was GTE, but I didn't find anything definitive on their site. Does this description trigger any recollection? Are there similar devices on the market from other sources? Was it the BBN Safekeeper? I haven't seen one, but I have had it described to me as a PC welded into a box, intended for use as a CA. Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptobox (was Re: Edupage, June 20, 2001)
On Thu, Jun 21, 2001 at 02:36:05PM +0100, R. A. Hettinga wrote: At 5:08 PM -0600 on 6/20/01, EDUCAUSE wrote: PRIVATE LIFE Researchers at Ottawa University are developing Cryptobox, a program that encrypts e-mail, instant messages, and other Internet communications. The program works by sending transmissions over a peer-to-peer network, scrambling each end of the transmission with an encryption code and hiding it underneath a stream of junk traffic. The system automatically decodes the transmissions once they reach their destinations. The researchers have already tested Cryptobox in a network of 40 real and 200 virtual clients and report that the test succeeded. Independent researchers are skeptical, however. Richard Clayton, a computer scientist at Cambridge University, noted, It's unclear whether they can make this work and keep it stable in the real world with millions of systems. The program could, if successful on a large scale, solve one of the main security vulnerabilities of the Internet. Currently, e-mails, instant messages, and many other transmissions can be easily intercepted by those with access to key areas of a network. ...unless they're running one of the myriad existing solutions (like IPSEC, PGP, S/MIME, SMTPS). I love it when journalists regurgitate press releases without doing even the most basic research. More on Cryptobox at: http://www.osopinion.com/perl/story/11281.html and http://cryptobox.sourceforge.net/new/index.html Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lie in X.BlaBla...
On Fri, Jun 01, 2001 at 09:43:50AM -0700, Greg Broiles wrote: At 09:58 AM 6/1/2001 +0800, Enzo Michelangeli wrote: At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote: Besides, it would be idiotic to grant access to information or authorization for a transaction to someone, just because he or she has presented a public key certificate: authentication protocols require possession of the private key. Those legislators just don't know what they are talking about. Scary. The statute didn't say just because or describe a technical architecture for an access control system - it criminalized the presentation of a certificate without owning the corresponding private key. Uhm... So, which devious use of someone else's certificate were those guys trying to address? Also a bona fide certificate server could fall afoul of such law. They were trying to address any fraudulent (not devious) use of a certificate to gain access or information, without regard to the technical details. I'm not a lawyer but I read it the way Greg does. Intent is required, so simply sending a cert that's part of a chain and which you don't hold the corresponding private key for, or acting as a directory, isn't illegal. But I'd bet that some enterprising DA, given a case where someone sends four certs in a chain and got the EE cert by fraudulent means, will charge them with four counts of violating this law. Eric - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
