Re: Edinburgh Financial Cryptography Engineering 2002 - CFP
Dan Geer [EMAIL PROTECTED] writes: I founded this series in 1995 and was proud to have done so; we ran them in 1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's core and forte to where every conference organizer on the planet had an e- commerce workshop of some sort up and running. Unfortunately they've become either just another Crypto clone (FC in the last year or two) or a collection of XML/J2EE/buzzword-du-jour be-ins (all the rest). The world still needs a good, technical e-commerce security conference which isn't one of the above. I'm open to suggestions, of course, I'd love to see it resurrected. While I can't really organise it because of where I am, I'd be happy to referee papes or whatever. Having served on PCs for several other security conferences, I've seen enough papers of the appropriate kind submitted elsewhere to indicate that there'd be enough for an e-commerce security conference (in other words there's no shortage of material there). The Usenix one, during its short lifetime, attracted some really good papers. Peter.
Missing pieces?
What are the fundamental building blocks that we're missing for a bright 'n' shiny crypto-future?
Re: Missing pieces?
Mister Heex wrote: What are the fundamental building blocks that we're missing for a bright 'n' shiny crypto-future? Cluefull users. Politicians who aren't trying to grab power. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: IP: I know some will get angry at this one Thinking the Unthinkable 2002
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 5:59 PM -0400 on 5/27/02, Dave Farber wrote: We can no longer endure what you have tolerated. We will not allow you to be passive spectators at our steady destruction, or to content yourself with pro forma gestures. We are forced to make your survival depend upon our survival. Our problem must become your problem. The people who attack us are your coreligionists and your fellow nationals, and you are better situated to deal with it than we are. Root them out, or we will destory your cities as our cities have been destroyed. It has come to this, and we have no alternative. In three days we will destroy one of your cities in retaliation. And this, boys and girls, is how empires are created. I do not doubt this would work, and, frankly, it may be the West's only recourse for survival, someday, as detestable as it may be. Rome, or the British Empire, as Churchill notes in my .sig, below, wasn't built in a day. Empires are built by winning every time someone picks a fight, and, later, by picking fights on purpose and winning those, too, until, sooner or later, you don't win enough fights and you stop being an empire. I'm not sure what will break this cycle of power-inflation, but I like to think that Peter Huber's geodesic networks create, in turn, geodesic societies. That Moore's law reduces transaction cost -- price discovery, transaction execution, clearing and settlement -- so much, as Coases' theorem tells us, that firms -- and political units - -- become more efficient when they operate in recursively smaller units over time. That spinning off companies makes considerably more money than merging them, which is true, even now. That smaller companies create the newest, most high-paying jobs, and by far the most shareholder wealth, true even now. That just like mechanization changed agriculture into an industrial enterprise, and information technology turned manufacturing into an information enterprise, true even now, geodesic networks will reduce information technology into a wetware enterprise, where information, (software as Nobel Lauriate Kerry Packer calls anything you can copy) becomes asymptotically cheaper like commodities and manufactured goods did (hardware), and that the only thing that will matter is knowlege, non-replicable *decisions* about things. Wetware. Finally, that profit and loss will be become so molecular, if you will, that it will be driven to the device level instead of at the level of state-created persons called corporations. That markets will replace monopolies for physical force. That software like network and financial cryptography protocols will replace laws and guns as a way to absolutely control property, financial or real, commodity or production. On the other hand, it may be that there is no solution but to ride the tiger until we can't hold on anymore, no matter what the consequences are. Maybe life is just like that. It certainly has been that way from the time we became sedentary around wild grass crops in the fertile crescent tens of millennia ago, learned agriculture after that, and built cities at the intersections of our trading networks. We've been building ever-increasing power-hierarchies, cities, nations, empires, from then until the present day, Building larger and larger social hierarchies until those networks can't handle the load and crash, rebuilding in the rubble of the collapse, bigger, better, faster, cheaper, as time marches on. Lots of people on the net are working on the former scenario, and so am I. I agree with Huber that, contrary to recent evidence :-), Moore's law increasingly makes networks geodesic instead of hierarchical, and that process, in turn, creates *dis*economies, not economies, of scale, and that, sooner or later, as the processing density per square meter of civilization increases, we'll get better, faster and cheaper, all without getting bigger firms, if you will, political or otherwise. All without increasingly larger nation-states killing millions of innocent civilians in the process, like they did to obscene excess in the last century. Without billions of people this century if the trend continue, just, as the obscene joke about the dog goes, because they can. Cheers, RAH -BEGIN PGP SIGNATURE- Version: PGP 7.5 iQA/AwUBPPMAjcPxH8jf3ohaEQJHXwCcCgCurPTbW8dnkIdSbtPaXb+Hk8cAnjTc i0Y/77desBaSCkUdbOf9AIXN =6PJD -END PGP SIGNATURE- -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ...our claim to be left in the unmolested enjoyment of vast and splendid possessions, mainly acquired by violence, largely maintained by force, often seems less reasonable to others than to us. -- Winston Churchill, January 1914
RE: NAI pulls out the DMCA stick
[EMAIL PROTECTED] writes: On 27 May 2002 at 19:56, Peter Gutmann wrote: [EMAIL PROTECTED] writes: My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent. I'll say this one more time, slowly for those at the back: What you're criticising is PEM circa 1991, not S/MIME. Things have moved on a bit since then. You need a certification authority. Every one you deal with has to acknowledge whatever certification authority gave you your certificate. [etc etc - standard description of original 10-year-old PEM certification model] No, as I said before, what you're describing is PEM circa 1991, not S/MIME. In the S/MIME model, anyone can issue certs (just like PGP), including yourself. In addition, many large CAs will issue certs in any name to anyone, so even if you don't want to do your own keys a la PGP you can still get a Verisign cert which behaves like a PGP key. Rather than wasting all this bandwidth in a lets-bash-S/MIME-by-pretending- it's-still-PEM debate (what is it with this irrational fear of S/MIME?), I'd be more interested in a serious discussion on which key-handling model is less ineffective, WoT or X.509-free-for-all. At the moment both of them seem to work by using personal/direct contact to exchange keys, with one side pretending to be WoT-based (although no-one ever relies on this) and the other pretending to be CA-based (although no-one ever relies on this [0]). The end result is that they're more or less the same thing, the only major differentiating factor being that most X.509-using products don't allow you to distribute your own certs the way PGP does. Peter. [0] With my earlier caveat about exceptions for government orgs who have been instructed to rely on it, or else.
Re: Missing pieces?
Mike Rosing wrote: Speaking of power grabs, I just sent a 4 page letter to my senator on the Judiciary committee on S.2048 - the bill to make A/D converters test for copyright notice. We can't stop power grabs, but we can at least educate clueless politicians. Probably won't change anything, but at least we can try! My senators are Clinton and Schumer. Makes me damn proud to be an American, I tell you. Neither's office has responded to any of my letters, probably because I didn't include money with my missives. I guess there's no point to further letters to my senators, unless I can get my hands on some anthrax. (Note to hypothetical snoop: that was a joke. Get a life, idiot girl.) -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Forward-secure public-key encryption eprint
Forward-secure public-key encryption has been discussed here, on sci.crypt, and elsewhere. To recap - the goal is that an adversary who breaks into your computer today can't read messages sent/received yesterday. In the interactive case, you use ephermal Diffie-Hellman. The non-interactive case is more complicated and has had some ideas considered by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks relevance: forward security is nice for remailers. Anyway, there's a new eprint up which shows how to construct such a scheme starting from an ID-based encryption scheme by Boneh + Franklin. A Forward-Secure Public-Key Encryption Scheme Jonathan Katz http://eprint.iacr.org/2002/060/ It's worth noting that the scheme this is based on has code available. http://crypto.stanford.edu/ibe/download.html -David
Re: NYT: Techies Now Respect Government
Sounds like more of the same kinds of words inserted into Phil Zimmermann mouth by Ariana Cha to me. Hmmm, smells like bullshit, looks like bullshit, there's a bull looking a bit relieved a few feet away, I wonder what it could be? --Kaos-Keraunos-Kybernetos--- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ --*--:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net On Sun, 26 May 2002, John Young wrote: Thomas Friedman in the New York Times today: http://www.nytimes.com/2002/05/26/opinion/26FRIE.html Webbed, Wired and Worried, May 26, 2002 SNIP Silicon Valley staunchly opposed the Clipper Chip, which would have given the government a back-door key to all U.S. encrypted data. Now some wonder whether they shouldn't have opposed it. John Doerr, the venture capitalist, said, Culturally, the Valley was already maturing before 9/11, but since then it's definitely developed a deeper respect for leaders and government institutions.
Re: Missing pieces?
On Tue, 28 May 2002, Steve Furlong wrote: My senators are Clinton and Schumer. Makes me damn proud to be an American, I tell you. Neither's office has responded to any of my Yeah, that's a grim position to be in. At least my congress critters write back. letters, probably because I didn't include money with my missives. I guess there's no point to further letters to my senators, unless I can get my hands on some anthrax. (Note to hypothetical snoop: that was a joke. Get a life, idiot girl.) Good luck, robots aren't too great with jokes :-) Patience, persistence, truth, Dr. mike
Re: Edinburgh Financial Cryptography Engineering 2002 - CFP
Peter, Does anyone know what happened to the Usenix e-commerce conferences? They were in the vein of what FC used to be ... there's also the EC-Web conference, although that has more of an emphasis on web technology than EC. I founded this series in 1995 and was proud to have done so; we ran them in 1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's core and forte to where every conference organizer on the planet had an e-commerce workshop of some sort up and running. Whether these were technical, financial or sheer hype, the noise factor was too great and we (USENIX Board of Directors) moved on to other things where we could make a difference without having to wage an advertising war in the middle of an investment bubble. I'm open to suggestions, of course, but in the meantime you might enjoy reminiscing about 1995 as seen through this lens: http://www.usenix.org/publications/library/proceedings/ec95/index.html --dan (current usenix president)
Anti-snooping operating system close to launch
Anti-snooping operating system close to launch 16:28 28 May 02 NewScientist.com news service Computer activists in Britain are close to completing an operating system that could undermine government efforts to the wiretap the internet. The UK Home Office has condemned the project as potentially providing a new tool for criminals. Electronic communications can be kept private using encryption. But new UK legislation will soon give law enforcers the right to demand encryption keys from anyone suspected of illegal activity. The Regulation of Investigatory Powers Act (RIPA) was introduced to update UK surveillance laws to include electronic communications. But privacy campaigners say it gives too much power to law enforcers and permits intrusive eavesdropping. Peter Fairbrother, a mathematician and computer enthusiast, is programming the new operating system, called M-o-o-t. It is aimed at anybody who's concerned about the government being nosey, he says. http://www.newscientist.com/news/news.jsp?id=ns2335
Re: Anti-snooping operating system close to launch
An interesting thread concerning M-o-o-t can be found at http://www.topica.com/lists/m-o-o-t-os-group/read Of particular interest to cypherpunks may be the Threats and Weaknesses analysis begun in Dec 2000 Threats and Weaknesses == Workstation: · Hardware/firmware traps either built-in or add-on (eg keystroke data capture plugs) · Execution on a virtual machine designed to compromise the application · Surveillance techniques (camera, electronic monitoring, Tempest) · Trojan horse software via doctored compiler · Trojan horse software via doctored CD Server: · Undetected impostors or other subversion of security software · Key captures · Billing/Account/Payment tracing and trawling Network: · Denial of service attacks on the havens · DNS and routing attacks (eg via ARPS, spoofing etc) · false packet etc protocol attacks · traffic analysis · monkey in the middle attacks User: · Criminalise this product · Criminalise encryption · Problem of creating a personal identifier that cannot be copied, forged or usurped by force · Billing systems may expose usage details Data: · Data entry and exit to the unsecure world - need to have anonymous methods for this · Is the data going to be locked up too tightly to be useful? · Can the data be manageable but still secure? Eg, individual directories may be necessary but a security risk. If there is no good built-in management system, people will create hazardous insecure out-of-system ones. · How can data availability be guaranteed over long periods of time? Encryption: · How can keys be securely created, managed and protected from mis-use? · Are there sufficiently top-class cryptographers on tap to implement new secure systems? Project: · Is it too ambitious for the resources? · Can it be staged to produce useful (and profitable) subsets more quickly? · Does it conflict with other similar developments? · Can it be managed in an insecure environment in a jurisdiction that is hostile to its purpose? steve