Re: On the orthogonality of anonymity to current market demand
Chris Palmer [EMAIL PROTECTED] writes: James A. Donald writes: Further, genuinely secure systems are now becoming available, notably Symbian. What does it mean for Symbian to be genuinely secure? How was this determined and achieved? By executive fiat. Peter.
Re: Multiple passports?
Gregory Hicks [EMAIL PROTECTED] writes: As for applying for one now, I think the deadline for the non-RFID passwords is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if your application is not in processing by 31 Oct, then you get the new, improved, RFID passport.) Ahh, but if you get one of the first passports issued then there are likely to still be some teething problems present, leading to sporadic failures of the first batch of RFID devices. I have a funny feeling that this is going to happen to my new passport when it arrives. Peter.
Any comments on BlueGem's LocalSSL?
http://www.bluegemsecurity.com/ claims that they can encrypt data from the keyboard to the web browser, bypassing trojans and sniffers, however the web pages are completely lacking in any detail on what they're actually doing. From reports published by West Coast Labs, it's a purely software-only solution that consists of some sort of (Win9x/Win2K/XP only) low-level keyboard driver interface that bypasses the standard Windows user-level interface and sends keystrokes directly to the application, in the same way that a number of OTFE packages directly access the keyboard driver to try and evade sniffers. The West Coast Labs tests report that they successfully evade all known sniffers, which doesn't actually mean much since all it proves is that LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The use of SSL to get the keystrokes from the driver to the target app seems somewhat silly, if sniffers don't know about LocalSSL then there's no need to encrypt the data, and once they do know about it then the encryption won't help, they'll just dive in before the encryption happens. Anyone else have any additional information/comments about this? Peter.
TEMPEST PC for sale on ebay
http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter.
Looking for crypto iButton specs
During a recent discussion about secure crypto device bootstrap and attestation capabilities, I realised that of the three devices for which this was implemented and for which documentation was available (Fortezza, IBM 4758, and Dallas Crypto iButton), I either don't have any documentation for the Crypto iButton or I've filed it under something sufficiently misleading that I can't find it any more. So: Does anyone still have the documentation for the DS1954 Crypto iButton? Note that I specifically mean the DS1954 Crypto iButton before its Javafuxation, which removed the very nice crypto security model and crypto transaction processing/scripting capability. Dallas systematically excised any traces of the pre-Javafuxated version from databooks and web pages, so it'd be a case of someone having a copy archived somewhere. It was a very nice design and I'd like to have some record of it outside the summary I put in my Godzilla security tutorial. (If whoever did the design is reading this, I'd be interested in hearing from them as well). Peter.
Neat security quote
From a private mailing list, therefore anonymised. A European visitor to the US is describing going through the US immigation procedure. His comment on the fingerprinting process: I waited at that moment for messages like freedom is slavery The response: Ignorance is strength already seems to have been adopted... Peter :-).
Checkbox security
http://news.yahoo.com/news?tmpl=storyu=/ap/20050607/ap_on_re_us/chain_saw_border Man With Chain Saw Allowed to Enter U.S. On April 25, Gregory Despres arrived at the U.S.-Canadian border crossing at Calais, Maine, carrying a homemade sword, a hatchet, a knife, brass knuckles and a chain saw stained with what appeared to be blood. U.S. customs agents confiscated the weapons and fingerprinted Despres. Then they let him into the United States. I guess he wasn't on the (possibly-a-)terrorist watchlist so they waved him through. Peter.
Re: Intel Adds DRM to New Chips part 2
DiSToAGe [EMAIL PROTECTED] writes: it seems now intel say there is no DRM in there chips. No, it's very careful to say that there is no *unannounced* DRM in their chips, in the same way that we have had no undetected penetrations of our security. Peter.
Re: SPKI Certs Usage
Jay Listo [EMAIL PROTECTED] writes: I am also not aware of any products or PKIs that use SPKI certs. I would really appreciate if someone could refer me to instances of actual usage of SPKI certs. They were never really used. The great feature of SPKI is that it's not X.509 (so it's a design fit for a purpose rather than being digital ancestor- worship of failed OSI standards from the 1980s). The great failing of SPKI is that it's not X.509 (it's impossible to get any cert mechanism accepted unless it's called X.509). Peter.
Re: On the road to truth and madness
We were somewhere around Barstow on the edge of the desert when the drugs began to take hold. The following was my variant on this from a few years ago, representing the 56th IETF PKIX meeting minutes. Note that this is from the book form, not the film version of the text: -- Snip -- We were somewhere in San Francisco on the edge of the 56th IETF when the drugs began to take hold. I remember saying something like I feel a bit lightheaded; maybe you should take notes And suddenly there was a terrible roar all around us and the sky was full of what looked like huge OIDs, all swooping and screeching and diving around the RFC, which was about a hundred pages long. And a voice was screaming: Holy Jesus! Where are these goddamn business cases? Then it was quiet again. My attorney had taken his shirt off and was pouring beer into his mouth, to facilitate the PKI standards-creation process. What the hell are you yelling about? he muttered, staring up at the neon lights with his eyes closed and covered with wraparound Spanish sunglasses. Never mind, I said. It.s your turn to figure out the interop requirements. I hit the brakes and dropped the Great Pile of Paperwork at the side of the room. No point mentioning those OIDs, I thought. The poor bastard will see them soon enough. We had two bags of X.509 standards, seventy-five pages of PKIX mailing list printouts, five sheets of high-powered constraints, a saltshaker half-full of vendor hype, and a whole galaxy of requirements, restrictions, promises, threats... Also, a quart of OSI, a quart of LDAP, a case of XML, a pint of raw X.500, and two dozen PGPs. Not that we needed all that for the trip, but once you get into a serious PKI RFC binge, the tendency is to push it as far as you can. The only thing that really worried me was the X.500. There is nothing in the world more helpless and irresponsible and depraved than a man in the depths of an X.500 binge, and I knew we'd get into that rotten stuff pretty soon. -- Snip -- Peter.
Re: I'll show you mine if you show me, er, mine
R.A. Hettinga [EMAIL PROTECTED] forwarded: Briefly, it works like this: point A transmits an encrypted message to point B. Point B can decrypt this, if it knows the password. The decrypted text is then sent back to point A, which can verify the decryption, and confirm that point B really does know point A's password. Point A then sends the password to point B to confirm that it really is point A, and knows its own password. Isn't this a Crypto 101 mutual authentication mechanism (or at least a somewhat broken reinvention of such)? If the exchange to prove knowledge of the PW has already been performed, why does A need to send the PW to B in the last step? You either use timestamps to prove freshness or add an extra message to exchange a nonce and then there's no need to send the PW. Also in the above B is acting as an oracle for password-guessing attacks, so you don't send back the decrypted text but a recognisable-by-A encrypted response, or garbage if you can't decrypt it, taking care to take the same time whether you get a valid or invalid message to avoid timing attacks. Blah blah Kerberos blah blah done twenty years ago blah blah a'om bomb blah blah. (Either this is a really bad idea or the details have been mangled by the Register). Peter.
Re: How to Stop Junk E-Mail: Charge for the Stamp
Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. Peter.
RE: Dell to Add Security Chip to PCs
Tyler Durden [EMAIL PROTECTED] writes: That chip...is it likely to be an ASIC or is there already such a thing as a security network processor? (ie, a cheaper network processor that only handles security apps, etc...) Or could it be an FPGA? Neither. Currently they've typically been smart-card cores glued to the MB and accessed via I2C/SMB. Peter.
Re: Anti-RFID outfit deflates Mexican VeriChip hype
R.A. Hettinga [EMAIL PROTECTED] forwarded: Promoting implanted RFID devices as a security measure is downright 'loco,' says Katherine Albrecht. Advertising you've got a chip in your arm that opens important doors is an invitation to kidnapping and mutilation. Since kidnapping is sort of an unofficial national sport in Mexico (or at least Mexico City), this is particularly apropos. An implanted RFID seems to be just asking for an express kidnap, something more traditionally used to get money from ATMs. Peter.
Re: Unintended Consequences
Steve Furlong [EMAIL PROTECTED] writes: I tried, years before _UC_ came out, to get some friends to name their daughter Chlamydia. They didn't know what the word meant, but for some reason didn't trust my advice. Nor did they like Pudenda. One of the characters in Hercules Returns is called Labia, and lives in the town of Chlamydia. There are a number of other characters with similar names. Peter.
Re: Cell Phone Jammer?
Tyler Durden [EMAIL PROTECTED] writes: Anyone know from first-hand experience about cellphone jammers? I need... 1) A nice little portable, and Try the SH066PL, a nice portable that looks exactly like a cellphone, it's one of the few portables I know of. 2) A higher-powered one that can black out cell phone calls within, say, 50 to 100 feet of a moving vehicle. Google is your friend, there are tons of these around, with varying degrees of sophistication. These are definitely not portable, taking several amps at 6-12V to power them. None of them are exactly cheap. Peter.
Re: This Memorable Day
ken [EMAIL PROTECTED] writes: James A. Donald wrote: So far the Pentagon has shattered the enemy while suffering casualties of about a thousand, which is roughly the same number of casualties as the British empire suffered doing regime change on the Zulu empire - an empire of a quarter of a million semi naked savages mostly armed with spears. Be fair. They had a trained and disciplined army. Most of whom would obey orders to the death. That's worth a hell of a lot in battle. You also had to look at what they were up against. Witness the complete massacre at Isandlwana (the classic Zulu bull-and-horns overran the British camp because the troops were too far away from their ammunition to resupply, no doubt copying Elphinstone's tactic in Afghanistan) vs. post-Isandlwana use of Gatling batteries and massed field artillery (some of which was converted Naval artillery), e.g. Ulundi, where post-battle reports were of piles of Zulu dead mown down by Gatlings. The British only thought that the Zulus were just semi-naked savages until Isandlwana. Peter.
Re: In a Sky Dark With Arrows, Death Rained Down
James A. Donald [EMAIL PROTECTED] writes: I find this very hard to believe. Post links, or give citations. Normally I'd dig up various refs, but since this topic has been beaten to death repeatedly in places like soc.history.medieval, and the debate could well go on endlessly in the manner of the standard What would have happened if the North/South had done X?, I'll just handwave and invite you to dig up whatever sources you feel like yourself. (There were other problems as well, e.g. the unusually high death toll and removal of ancient aristocratic lineages was caused by English commoners who weren't aware of the tradition of capturing opposing nobles and having them ransomed back, rather than hacking them to pieces on the spot. Wrong French nobles were taken prisoner in the usual fashion, but executed because the English King commanded them executed. Nobles expected to surrender to other nobles and be ransomed. Commoners didn't respect this, and almost never took prisoners. Henry's orders didn't make that much difference, at best they were a we'll turn a blind eye notification to his troops. When you have English commoner men-at-arms (front row) meeting French nobles (front row, hoping to nab Henry and other for- ransom nobles, and to some extent because it was unseemly to let the commoners do the fighting, although they should have learned their lesson for that at Courtrai) there's going to be a bloodbath no matter what your leader orders. For the peasants it's get him before he gets me, not a chivalric jousting match for the landed gentry. In addition the enemy nobles had weapons and armour that was worth something, while a ransom was useless to a non-noble (if Bob the Archer did manage to captured Sir Fromage, his lord would grab him, collect the ransom, and perhaps throw Bob a penny for his troubles). (There's a lot more to it than that, but I really don't want to get into an endless debate over this. Take it to soc.history if you must, and if anyone's still interested in debating this there). Peter.
Re: In a Sky Dark With Arrows, Death Rained Down
R.A. Hettinga [EMAIL PROTECTED] writes: These were not the sort of sporting arrows skillfully shot toward gayly colored targets by Victorian archery societies (charmingly described by Mr. Soar in later chapters) but heavy bodkin pointed battle shafts that went through the armor of man and horse. That's the traditional Agincourt interpretation. More modern ones (backed up by actual tests with arrows of the time against armour, in which the relatively soft metal of the arrows was rather ineffective against the armour) tend to favour the muddy ground trapping men and horses, lack of room to manoeuver/compression effects, and arrows killing horses out from under the knights, at which point see the muddy ground section. Obviously the machine- gun effect of the arrows was going to cause a number of minor injuries, and would be lethal to unarmoured troops, but they weren't quite the wonder-weapon they're made out to be. (There were other problems as well, e.g. the unusually high death toll and removal of ancient aristocratic lineages was caused by English commoners who weren't aware of the tradition of capturing opposing nobles and having them ransomed back, rather than hacking them to pieces on the spot. Again, arrows didn't have much to do with the loss of so many nobles). Peter.
Re: This Memorable Day
[EMAIL PROTECTED] (=?iso-8859-1?Q?Tiarn=E1n_=D3_Corr=E1in?=) writes: The Russians (for example) conquered Hitler's capital, Berlin. And I believe the Russian zone in Germany was larger than any of the others, reflecting the fact that Stalin bore most of entire burden of defeating Germany, uncomfortable as it may be. The figure that's usually quoted is that 80% of German's military force was directed against Russia. Of the remaining 20%, a lot had already been engaged by France, the UK (via the BEF, the RAF, North Africa), Greece, etc etc before the US got involved in Europe. So the Russians should get most of the credit. Peter.
Re: This Memorable Day
James A. Donald [EMAIL PROTECTED] writes: But it is hardly a matter of holding out. So far the Pentagon has shattered the enemy while suffering casualties of about a thousand, We're talking about different things, the War on Bogeymen vs. the War for Oil. In its war on bogeymen, the most notable thing the USG has achieved to date is to create vastly more of them. Its strategy is about as effective as the paras were on Bloody Sunday, i.e. its actions serve mostly as a recruitment drive for the opposition: I swear by Almighty God [...] to fight until we die in the field of red gore of the infidel tyrants and murderers. Of our glorious faith, if spared to fight until not a single trace is left to tell that the Holy soil of our country was trodden by these infidels. Also these robbers and brutes, these unbelievers of our faith, will be driven into the sea, by fire, the knife or by poison cup until we of the true faith clear these infidels from our lands. (Whoever wrote the original was definitely no English lit major). Peter.
Re: This Memorable Day
R.A. Hettinga [EMAIL PROTECTED] writes: Germany 1944 does not equal USA 2004, no matter how hard you twist the kaleidoscope. Fighting an unwinnable war always seems to produce the same type of rhetoric, whether it's the war on some drugs, the war on anyone Bush doesn't like, or the war on anything non-German. The only thing that changes over time are the identities of the bogeymen that are used to justify it. (Do you seriously think the war on bogey^H^H^Hterrorism can ever be won? Leaving aside the obvious debate that you can't even tell who you're at war with, how do you know when you've won?. We have always been at war with Terroristia) Peter.
Re: This Memorable Day
Eugen Leitl [EMAIL PROTECTED] writes: On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote: http://online.wsj.com/article_print/0,,SB109936293065461940,00.html No cypherpunks content. Just local politics. And it's not even original, they've mostly just translated it into English, updated it a bit (e.g. League of Nations - UN), and changed the Russian names and references to Middle Eastern ones. Peter.
Re: This Memorable Day
R.A. Hettinga [EMAIL PROTECTED] writes: At 3:32 AM +1300 11/3/04, Peter Gutmann wrote: Eugen Leitl [EMAIL PROTECTED] writes: On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote: http://online.wsj.com/article_print/0,,SB109936293065461940,00.html No cypherpunks content. Just local politics. And it's not even original, they've mostly just translated it into English, updated it a bit (e.g. League of Nations - UN), and changed the Russian names and references to Middle Eastern ones. Yup. That's Davis' point, actually. Fuck with the West, we kick your ass. Well it wasn't the point I was trying to make, which was comparing it to predictions made by (the propaganda division of) another super-power in the mid 1940s about winning an unwinnable war because God/righteousness/whatever was on their side, and all they had to do was hold out a bit longer. Compare the general tone of the WSJ article to the one in e.g. the first half of http://www.humanitas-international.org/showcase/chronography/documents/htestmnt.htm. Peter.
Re: Cyclotrimethylene trinitramine
John Young [EMAIL PROTECTED] writes: Generously, the US government offers a complete set of photos, drawings, process diagrams and descriptions for an RDX manufacturing plant. Library of Congress has the info in its Historic American Engineering Record. It's not all too hard to make from hexamine (although quite inefficient, the bulk manufacture isn't done that way) for someone with access to a bit of chemical equipment. I couldn't believe the fuss they're making over this, it's just another HE, although more brisant than most. The story is about as interesting as Stick of dynamite discovered in Baghdad parking lot, the media is making it sound like someone's absconded with a live nuke. I guess they couldn't spend the necessary 30 seconds or so it'd take to look it up somewhere and see what was involved. Peter.
Re: Cash, Credit -- or Prints?
Alan Barrett [EMAIL PROTECTED] writes: On Tue, 12 Oct 2004, John Kelsey wrote: but there doesn't seem to be a clean process for determining how skilled an attacker needs to be to, say, scan my finger once, and produce either a fake finger or a machine for projecting a fake fingerprint into the reader. ... or a replacement reader that fakes the signals to the rest of the security system. I've seen a number of smart card/PCMCIA combo devices that to this, they have a discrete fingerprint sensor device connected to a discrete crypto device. You can fake out the fingerprint check portion by tying one of the connecting lines to Vcc or GND. Peter.
At least there's some (attempt at) common sense in airline security
http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600794thesection=newsthesubsection=general Ease off says air security boss 15.10.2004 Security on domestic flights is too strict and should be downgraded, says the head of the Aviation Security Service. General manager Mark Everitt, a former police detective with 21 years' experience, said if he had his way passengers would be able to take Swiss Army knives and other small, sharp objects on board domestic flights. I'm actually an advocate for letting these things back on the aircraft. It's time to back up a little, he told delegates at the Police Association's annual conference yesterday. But New Zealand had to meet international security standards and his personal view was not enough to instigate a review of security standards. Knowing levels of risk was the key to ensuring flights were safe, said Mr Everitt. The banning of small knives did not stop attacks in the air. [...]
Vote-counting glitch in NZ local elections
Looks like you can mess up voting even if there is a paper trail. These are paper votes that are electronically counted, so the problem was in the electronic processing, not the actual voting procedure. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600391thesection=newsthesubsection=generalthesecondsubsection=reportid=1162640 Let me count the ways ... 14.10.2004 [...] An electronic processing and counting botch-up has left the results for seven city and district councils and 18 district health boards up in the air. Final results, due yesterday, have been delayed indefinitely. Mr Carter blamed the company Datamail, which was contracted by Electionz.com - the company hired by many councils to manage their elections - to count the votes from electronically scanned voting papers. [...] Peter.
Re: Foreign Travelers Face Fingerprints and Jet Lag
R. A. Hettinga [EMAIL PROTECTED] writes: NEWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris, and was jolted from her reverie when an immigration officer asked for her photograph and fingerprints along with her passport. The US now has the dubious distinction of being more obnoxious to get through the borders than the former East Germany (actually even without this measure, the checks had become at least as obnoxious as the East German ones). I wonder whether the next step will be building a wall... Peter (who'll be thinking really hard about any future conference trips to the US).
Re: Foreign Travelers Face Fingerprints and Jet Lag
Steve Furlong [EMAIL PROTECTED] writes: On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: The US now has the dubious distinction of being more obnoxious to get through the borders than the former East Germany (actually even without this measure, the checks had become at least as obnoxious as the East German ones). I wonder whether the next step will be building a wall... Reign in the overheated rhetoric. The East German state built their wall to keep the East Germans from leaving, while the US policies are meant to keep out a demonstrated threat. I never made any comment about who's keeping what in or out (the wall was officially an anti-fascist protection barrier, also meant to keep out a demonstrated threat). What I was pointing out was that having been through both East German and US border controls, the US ones were more obnoxious. Peter.
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
Major Variola (ret) [EMAIL PROTECTED] writes: AN is extremely deliquescent; perhaps the sulphate was for that? No, it was specifically required as a desensitiser by the European nitrogen cartel, since they felt the pure nitrate was too dangerous for processing into fertiliser. Removing chunks with dynamite is trying rather hard for a Darwin award. As I said, at the time its explosive properties weren't known so this wasn't unreasonable. There are numerous stories of multi-thousand-ton ammonium nitrate piles burning for hours without exploding (Oppau was the first time there was any significant explosion involving it). Even after Texas City, there were cases of (embarrassed) firefighters watching warehouses full of ammonium nitrate quietly burn to the ground without incident. Peter.
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
Eugen Leitl [EMAIL PROTECTED] writes: About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the largest, if not *the* largest nonnuclear explosions ever. The largest man-made explosion is usually claimed to be Halifax (about 3000 tons of assorted HE's), but there are a pile of others that also count: Oppau, Texas City, Port Chicago, Lake Denmark, Silvertown, Fauld (more explosives involved than Halifax, but less loss of life, so Halifax seems to get all the publicity), etc etc etc. Peter.
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
J.A. Terranson [EMAIL PROTECTED] writes: Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, yes?) could produce that kind of result! How much was there? 4,500 tons, of which only 10% detonated. (The nitrate was desensitised with ammonium sulfate and stored outside, whenever anyone needed any they'd drill holes and blast off chunks with dynamite. Ammonium nitrate has a complex chemical reaction that wasn't really understood until after the Texas City disaster in 1947, there had previously been fires in several bulk ammonium nitrate stores without any explosions. At Oppau it was assumed that amatol (a standard military explosive, ammonium nitrate + TNT) had somehow got into the piles and that was what caused the explosion). Peter.
Cheesecloth security for hard drives
Globalwin has just introduced an external hard drive enclosure (http://www.htpcnews.com/main.php?id=dorri_1) with built-in 40-bit DES encryption (and if it's the HW I think it is, that's 40-bit DES in ECB mode, and the vendor generates the key for you). Peter.
Re: TERRORISTS ARE AMONG US! (Was: A close look at John Kerry's *real* tech agenda )
The threats on New York, New Jersey and Washington DC serve as a reminder that the terrorists are among us here at home. He went on to remind citizens to stay alert, trust no-one, and keep their lasers handy. Peter.
Re: Giesecke Devrient
Eugen Leitl [EMAIL PROTECTED] writes: Assuming I generate a key on a RSA smart card made by GD, what kind of prestige track do these people have? They seem to be pretty secretive, that's not a good sign. GD produce (or help produce) things like banknotes and passports (and have been doing so for more than a century), the secrecy comes with the territory. Peter.
Re: Giesecke Devrient
Eugen Leitl [EMAIL PROTECTED] writes: I have no smart card background, unfortunately. I've heard GD ignores requests from open source developer people, though. Yup. It's standard banking-industry stuff, unless you're a large bank/government/whatever and are prepared to sign over your firstborn and swear eternal secrecy, they won't talk to you. Are keywords like STARCOS SPK2.3 (Philips P8WE5032 chip), ITSEC E4 certification (with StarCert v 2.2.) etc. associated with a good security track? They're associated with good buzzword-compliance. Since it's impossible to get any technical details out of them, it's rather hard to say. If you've got something like a PKCS #11 driver off them then you should be OK, but if you want to do any low-level work with the card yourself, find another vendor. Features Nothing you can't get from a pile of other vendors who will actually talk to you. Unless you've got some business reason to deal with them, I wouldn't bother (I have nothing against them per se, they just do business in a way that isn't useful to me... and I'm sure they think the same of me). Peter.
Re: Texas oil refineries, a White Van, and Al Qaeda
Justin [EMAIL PROTECTED] writes: HOUSTON (Reuters) - Law enforcement officials said on Monday they are looking for a man seen taking pictures of two refineries in Texas City, Texas. At Usenix Security a few years back, we [a bunch of random security people, most of whom were foreign nationals] drove around Buckley AFB taking photos of the radomes, SCIF, etc etc. As we were doing this, we noticed a Chinese national doing the same thing. We wondered what the etiquette for this was, do we exchange business cards, offer to trade photos, etc etc? This was before 9/11, no-one took any notice of us at the time. Peter.
Re: Texas oil refineries, a White Van, and Al Qaeda
Tyler Durden [EMAIL PROTECTED] writes: *: A year or two ago someone posted about the blow up of Texas City back in the early 1950s. 1947. Apparently, some kind of tanker hit something else and set of a chain reaction killing thousands and wiping out the town After several earlier events (the biggest being Oppau in Germany in 1921, which left a crater the size of a city block), fire safety folk were given an incentive to discover the true chemistry of ammonium nitrate. Google for Texas city + Grandcamp (the ship carrying the ammonium nitrate) for the full story. Peter.
Re: vacuum-safe laptops ?
Thomas Shaddack [EMAIL PROTECTED] writes: There are many various embedded computers available on the market, eg. the one from http://www.gumstix.com/. (Question for the crowd: anybody knows other comparable or better Linux-ready affordable embedded computer solutions?) When I investigated this a while back, gumstix were about the best deal. They also have pretty good support, it's a small company and the techies directly answer queries on mailing lists. Peter.
Re: UBL is George Washington
Tyler Durden [EMAIL PROTECTED] writes: If they took out a few key COs downtown one morning the effect on the economy would be significant. It depends on what your goal is. As someone else on this list pointed out, terrorism is just another form of PR. If OBL took out (say) that huge ATT CO in the center of Manhattan (the skyscraper that looks like something out of a SF film), every cellphone user in the country who's had any dealings with ATT would help him pack the explosives. Sure, there'd be some economic damage, but Joe Sixpack would barely notice, and certainly wouldn't care. OTOH the WTC had enough significance and enough lives involved that everyone had to sit up and take notice. He knew exactly what target to hit to create the biggest mess (I offer the results in the last two years as proof). Peter.
Re: [IP] When police ask your name,
At 01:53 AM 6/25/2004, Eugen Leitl wrote: The transcription rules for furriner names are strict, too. No Phn'glui M'gl wna'f, Cthulhu R'lyeh Wgha Nagl Ftaghn for you. Just as well. They'd probably make you fill the form out in triplicate, In his house at R'lyeh, dead Cthulhu waits knitting? I think a few typos may have crept into that one. and that could be unwise No, you're thinking of Hast(%#^ Error: No route to host.
Re: crypto on *really* cheap hardware
I presume most people have by now read Cringely's piece on hacked Linux for Linksys WRT54G (and clones): [...] It does VoIP, prioritizes traffic, has currently VPN pass-through and will do IPsec on future mesh-supporting firmware. You forgot to mention sometimes it'll stay up for as long as several hours before crashing/locking up. I guess this is a security feature, if someone breaks in they'll only be able to use it for a short time before it locks up or crashes. Peter (who doesn't own one, but has heard horror stories from owners).
Re: Breaking Iranian Codes (Re: CRYPTO-GRAM, June 15, 2003)
R. A. Hettinga [EMAIL PROTECTED] forwarded: So now the NSA's secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret, and the snitch is certainly guilty of treason. Someone (half-)remembered reading the Crypto AG story in the Baltimore Sun several years ago, bragged to Chalabi that the US had compromised Iranian crypto, and the story snowballed from there. The story could have started out with a loquacious (Sun-reading) cab driver for all we know. Some reports have suggested the source was drunk, so maybe it was a drunk in a bar. Maybe Chalabi read the story himself and invented the snitch to make it seem more important than it was, or to drive the US security community nuts with an orgy of internal witch-hunting. Given the lack of further information, it could have been just about anything. Peter.
The life of a Kiwi contractor in Iraq
There's an interesting look at the situation in Iraq from the point of view of a third-party contractor, in an article in the Sunday Star Times, http://www.stuff.co.nz/stuff/sundaystartimes/0,2106,2908644a6442,00.html. Most quotable quote: The thing that pisses us off is the Yanks had no idea what to do after they'd taken out the Iraqi army. They rocked on in, took them out and then thought: OOh shit, what do we do now? Peter.
Re: Fortress America mans the ramparts
Major Variola (ret) [EMAIL PROTECTED] writes: PS: what happens if your passport's chip doesn't work? Do you get sent back and the airline fined $10K? Do you wait extra time while the still-readable passport number indexes your record online? How much extra time? (Anyone have experience with domestic eg traffic pigs discovering that your magstrip is corrupted?) Are all chip biometrics encrypted with the same key? How much does that cost on BlackNet these days?How much extra should our Seals Flaps and Documents dept charge? Details are available from sources like http://www.icao.int/mrtd/download/documents/Biometrics%20deployment%20of%20Machine%20Readable%20Travel%20Documents.pdf and http://www.icao.int/mrtd/download/documents/PKI%20Digital%20Signatures.PDF (in general the docs are at http://www.icao.int/mrtd/download/documents/, where MRTD = machine-readable travel documents) although you have to be careful what you reference since they're still frantically updating the designs as they go, so any document will be out of date in a few months. It's also being (as far as I can tell) designed by people with little or no security experience, under intense pressure from the US to Do Something About Security. Early technical drafts I saw (not the generic whitepapers on the site, which are pretty vague) were an appalling pile of kludgery. From what I've heard since then it hasn't gotten any better. I dunno whether this is because the work is being contracted out to the Usual Suspects, who don't know much about the area, or whether they did try and get experienced people in and were told that what they were trying to do wouldn't work and/or couldn't be done in less than 5-10 years. Peter.
Re: Earthlink to Test Caller ID for E-Mail
Eugen Leitl [EMAIL PROTECTED] writes: A way that works would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time). A way that works *in theory* would involve The chances of any vendor of mass-market software shipping an MUA where the user has to enter a password just to send mail are approximately... zero. Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense. In that case you can just filter by sender IP address or something (anything) that's simpler than requiring a PKI. Again though, that's just another variant of the Build a big wall dream. In order to have perimeter security you first need a perimeter. If the spammer you're trying to defend against is your own mother (because she clicked on an attachment you sent her, it says so in the From: address, that's actually a spam-bot), you don't have a perimeter. All you have is a big pile of Manchurian candidates waiting to bite you. Peter.
Re: Earthlink to Test Caller ID for E-Mail
R. A. Hettinga [EMAIL PROTECTED] writes: If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to be blown away as a matter of course. I think you mean: If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to contain legit signatures from hacked PCs. This is just another variation of the To secure the Internet, build a big wall around it and only let the good guys in idea. Peter.
Re: U.S. in violation of Geneva convention?
Nomen Nescio [EMAIL PROTECTED] writes: After WWI the winners humiliated the loosers badly. This is one of the main reasons Hitler came to power and got support from the Germans for the aggressions that started the war. He managed to use these feelings of being treated as dogs and paying to heavy for the first war. Also they were very humiliated by the fact that France then occupied part of western Germany. After WWII the winners had learned their lesson from WWI pretty well. Now they did not humilate the people of Germany like after the first war. We got the Mar shal plan and so on. Unfortunately after GulfWarII the winners hadn't learned their lessons from WWII very well. At the end of the war, despite the bombing campaigns, Germany had a vaguely functional administration and (heavily rationed) food, coal, electricity, etc were available. The Allies systematically dismantled all of that, both through apathy (no real planning beyond Move in and occupy the place) and their zeal to rebuild the country in their own image. For example, they prevented anyone who'd ever been a Nazi party member from doing their job. Well the problem was that to do almost anything, you had to be a party member, so they instantly stopped all civil administration, engineering/maintenance work, teachers, the judicial system, the police, you couldn't even deliver the mail without being a party member (since they were government employees). Virtually every male over the age of about 16 had been in the military and had experience with weapons. So you now had a mass of unemployed ex-military who desperately wanted food and clothing, and had access to an almost infinite supply of weaponry. In addition Germany after the war attracted what one of the allied leaders (Eisenhower?) described as the scum of Europe, eager to make a quick buck (in Iraq it's folks eager to beat up the infidels). This lead to sizeable pitched battles between the armed gangs and the occupying military, with the military frequently being outgunned by the gangs. Substitute Germany - Iraq and profit / food - religion /nationalism and the same situation exists today. Peter.
RE: C3 Nehemia C5P with better hardware RNG and AES support
coderman [EMAIL PROTECTED] I have written some poor code and info regarding the C5XL (nehemiah) and linux: http://peertech.org/hardware/viarng/ I've got code to use it under Windows in the latest cryptlib snapshots (soon to be the 3.1 release), which you can grab via the download link at http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html. The RNG code is in misc/rndwin32.c, and is available under a dual license (BSD or GPL, your choice). Note though that I don't actually have a C5XL to play with, so at the moment I've only been able to verify that it won't crash when run on AMD and Intel CPUs. If anyone has a C5XL with Windows installed, I'd be interested in hearing about any problems. Peter.
RE: [Asrg] Re: [Politech] Congress finally poised to vote on anti -spam bill [sp]
Hallam-Baker, Phillip [EMAIL PROTECTED] writes: DNSSEC is not happening, blame Randy Bush and the IESG for refusing the working group consensus and imposing their own idea that cannot be deployed. An experimental protocol that increases the volume of data in the .com zone by an order of magnitude (read Gbs of data) is simply unacceptable. Do you have any more details on this for those who don't normally follow DNSSEC? Peter.
Re: Partition Encryptor
Stirling Westrup [EMAIL PROTECTED] writes: Does anyone know of a good partition encryptor for Windows? I know of an accountant who would like to encrypt her client's financial data. She's stuck with Windows until such time as a major company starts shipping yearly tax software for linux. Something like PGPdisk, only open source, would be best. ScramDisk (Win9x) or E4M (Win2K) will do it if she can handle a container- volume encryptor rather than a partition encryptor, both are open source. E4M needs some minor updates for XP by someone who knows about NT device drivers, otherwise you'll occasionally get problems unmounting volumes. Peter.
Re: Chaumian blinding public voting?
Tim May [EMAIL PROTECTED] writes: (I bought _one_ lottery ticket, for $1, just to see how the numbers were done. Lotteries are of course a tax on the gullible and stupid.) A friend of mine likes to say that lotteries are a tax on stupidity: The dumber you are, the more tax you have to pay. Peter.
Spelling corrections are now export-controlled
Looks like the USG is going to outdo its ITAR silliness of a few years ago with something even more ridiculous: Grammar and spelling corrections now require an export license. The following was forwarded to me by Clark Thomborson: -- Snip -- Dear colleagues, If I'm reading http://chronicle.com/free/2003/10/2003100201n.htm correctly, any US citizen must get a license (from the US State department) before providing editorial services to any citizen or resident of any country embargoed by the US. .. The Treasury Department's response on Wednesday, in a letter to the IEEE, affirmed its position that editing scholarly papers provides a service to authors. U.S. persons may not provide the Iranian author substantive or artistic alterations or enhancement of the manuscript, and IEEE may not facilitate the provision of such alterations or enhancements, wrote R. Richard Newcomb, director of the Office of Foreign Assets Control. Trade policy prohibits the reordering of paragraphs or sentences, correction of syntax, grammar, and replacement of inappropriate words by U.S. persons, according to the letter. The institute may apply for a license to edit papers, Mr. Newcomb wrote. .. I guess this embargo would apply to professors as well as to editors of technical journals headquartered in the US, although I'm not keen to ask the State department for a ruling on this! Apparently this embargo on editorial services applies to Iran, Cuba, Iraq, Libya, and Sudan. I guess I must check http://www.ustreas.gov/offices/eotffc/ofac/sanctions/index.html frequently, if I wanted to be a really obedient US citizen. Wow. I have to laugh, but of course it's not really funny unless you look for the humourous side. For example I have tried to infer the public-policy objectives that might be (in some bureaucrat's mind) served by this regulatory decision. Perhaps one of the objectives is to make it easier to recognise terrorists -- some terrorists will have bad grammar when they speak English, and no US citizen will dare to help them improve it! (This could be good new for the Kiwi English-education industry I guess, but if NZ did this in a big way there might be diplomatic repercussions or even trade sanctions.) Of course there'll be a lot of false positives in any terrorist recognition- by-grammar scheme but hey, it's apparently good public policy (from the perspective of the US Congress) to hassle (or maim, kill, or whatever seems appropriate at the time) a large number of non-US citizens if this might save a few US lives? Anyway I don't have to worry about being falsely recognised as a terrorist becuz my grammer and speling is alwys good. I don't think I'll bother to apply for a license to supply editorial services to citizens of embargoed countries. Still... it occurs to me that the State department is setting itself up for a DOS attack -- what would happen if 10% of all US academics were to apply for one of these licenses? Clark
Re: NSA Turns To Commercial Software For Encryption (fwd from brian-slashdotnews@hyperreal.org)
Dave Howe [EMAIL PROTECTED] writes: I was under the impression they had just licenced their *patent* Yup, and that's all they did. I've seen some downright bizarre interpretations of this particular portent on the web (cough slashdot/cough), but the simple fact is that the NSA, in its role as the agency responsible for overseeing crypto use by the USG, got a blanket Certicom patent license for cases where ECC (of the Certicom-patented variety) is used, just as they got a blanket DSA license for DSA, and would have had to get a blanket RSA license before that if it hadn't been USG-funded work and a blanket DES license if IBM hadn't made the patent freely usable. Certicom's PR folks, seeing an opportunity, put out a press release saying that the NSA had licensed their patent(s). This does not mean that the NSA is about the drop their own crypto for ECC (definitely the silliest interpretation of Certicom's press release I've seen), nor is it a sign that they believe RSA is dead or that the end of the world is nigh, etc etc etc. Peter.
Re: Walker: NAT means you are a consumer, not a peer
Thomas Shaddack [EMAIL PROTECTED] writes: Also Speak Freely maintenance is ending. Not really. The project is moved to Sourceforge. Isn't that synonymous with Speak Freely maintenance is ending? Peter :-).
Re: U.S. Drops 'E-Bomb' On Iraqi TV
Kevin S. Van Horn [EMAIL PROTECTED] writes: I can think of several entirely ethical uses of nuclear weapons, with the usage not motivated by hate but simple utility: 1. You have a large invading fleet approaching your nation. A few nukes out in the middle of the ocean could handily take out the fleet without getting any innocent bystanders. (This scenario occurs in one of Poul Anderson's novels.) 2. You have a large invading army crossing an uninhabited wasteland. Again, tactical nukes would be useful and ethical here. Use airbursts, though, to avoid producing a lot of fallout. The Wall of Stalin: Detonate a string of dirty nukes along the Iraqi border with Kuwait/Saudi Arabia. Suddenly Dubya decides there are much better places to play soldiers, he'll look at the Iraqi thing again in 6,000 years or so. Peter.
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Steve Schear [EMAIL PROTECTED] writes: At 01:46 AM 3/28/2003 +1200, Peter Gutmann wrote: John Young [EMAIL PROTECTED] writes: Whether either of these work as bragged or are psyop mirages is worth betting an WMD Indian nickle on. It's a cool toy, but I can't see someone using a $1M e-bomb when a $1000 Mk.82 will do the same thing, especially if there's any chance it'll be captured intact by an enemy who can... hmm, there's a thought: According to Carlo a E-WMD can be constructed, by a knowledgeable person, in a home garage machine shop from parts costing $5000. This is the Pentagon we're talking about here. The spanner used to tighten the bolts costs $5000. (I've also been told that a Mk.82 wholesales for around US$250, so I guess we're being overcharged at NZ$1K. Maybe it's because we don't buy 'em in bulk). Peter.
Re: Things are looking better all the time
Steve Schear [EMAIL PROTECTED] writes: I seem to recall that with sufficient knowledge and commonly available detonators shaped explosive charges can be configured to hurl heavy explosive payloads, much like a mortar, with fair accuracy, great distance or very high velocity. I can't seem to find the reference on-line but I vaguely recall that a 50kg payload could be accelerated to multi-mach speeds with a device that could be placed in a car trunk. A poor man's howitzer. It sounds like you're talking about explosively formed projectiles (EFPs), which are a means of creating high-velocity (several km/s) light projectiles, chiefly useful for armour penetration. Because of the way it works, it can't hurl heavy explosive payloads (neither heavy, not explosive). It's been around for awhile, but the first technology demonstrators didn't surface until the 1980s (Germany and France), and it's only starting to be adopted now (very tricky technology to get right). The RAF used an EFP in 1989 to assassinate the chairman of Deutsche Bank (it's typically reported as being a car bomb, but was actually done by parking a pushbike with a small bag on the back next to the road where the car was to pass. The projectile punched through the side of his armoured limo and killed him, but left everyone else alive. This is one of those feats which, if you had asked experts in 1989, would have told you was impossible to do). Peter.
Re: Things are looking better all the time
Bill Stewart [EMAIL PROTECTED] writes: At 04:14 PM 03/26/2003 +1200, Peter Gutmann wrote: The RAF used an EFP in 1989 to assassinate the chairman of Deutsche Bank I assume that's some Italian or German group's acronym and not Britain's Royal Air Force? :-) Red Army Faction, a German terrorist group active mostly in the 1970s, now disbanded. Peter.
Re: Brumley Boneh timing attack on OpenSSL
Bill Stewart [EMAIL PROTECTED] writes: Schmoo Group response on cryptonomicon.net http://www.cryptonomicon.net/modules.php?name=Newsfile=articlesid=263mode=order=0thold=0 Apparently OpenSSL has code to prevent the timing attack, but it's often not compiled in (I'm not sure how much that's for performance reasons as opposed to general ignorance?) I had blinding code included in my crypto code for about 3 years, when not a single person used it in all that time I removed it again (actually I think it's probably still there, but disconnected). I'm leaning strongly towards general ignorance here... Peter.
Re: Who Owns the News
Eric Cordian [EMAIL PROTECTED] writes: We've pretty much gotten to the point where the only places real news can be found in America these days is on Indymedia and The Daily Show with Jon Stewart. A sad situation for a country with an alleged free press. There was an article in some UK paper (Grauniad?) about the fact that some large percentage of people visiting the BBC site were from the US, with a marked increase in numbers in the last few months. The assumption was that they were after unbiased news coverage which they couldn't get in the US. On a related note, some of our TV stations broadcast foreign news programming during the graveyard shift for people who want access to that sort of thing, two larger channels do the BBC and ABC news, and smaller regional ones do a pile of other countries (India, France, Germany, and various others). One channel does half an hour or so of imported ABC news some time after midnight, I caught the start of it (or at least the end of the program that preceded it) last night and they ran an ad/voiceover by their (the NZ channel's) newscasters which pointed out that propaganda was propaganda, whether it came from Washington or Baghdad, and their (the NZ channel's) evening news wouldn't become biased because of this. This was immediately followed by the ABC evening news program. Maybe it was just pure coincidence that they ran this right before the piped-in US news, but I interpreted it as The following program is a paid advertisement by the US Ministry of Truth. Peter.
Re: Cavium Security Processor
Mike Rosing [EMAIL PROTECTED] writes: From http://www.cavium.com/newsevents_Nitrox2PR.htm: Product pricing at 1KU lot quantities ranges from $295 for the CN2130 to $795 for the CN2560. The NITROX II Software Development Kit is priced at $9995. Not priced for a huge number of implementors. They probably hope to sell a few hundred develoment kits and maybe 10,000 to 100,000 chips. They don't even put their data sheets online. Maybe they're just a scam? They're for real all right, and have a pretty nice product, but they've fallen into the same trap that many smart card vendors fall into where they want to sell their cards for $20 each but price the SDK at $995 and then wonder why no-one's supporting their hardware. (Hint to vendors: The cutoff in most organisations at which implementors have to get 15 levels of management approval to get something is $70-100. If your SDK costs more than that, you're practically guaranteeing that it's not going to be used. If you want your hardware supported, give away the SDK, or at most charge some token amount to deter freeloaders if you're worried about that). Peter.
Re: Ethnomathematics
John Bethencourt [EMAIL PROTECTED] writes: On Wed, Feb 26, 2003 at 10:02:05PM +1300, Peter Gutmann wrote: Well, I made a start a few years ago with Network Security: A Feminist Perspective (done when people ask me to do security talks for them without bothering to specify which aspect of security they want me to talk about) about halfway down my home page. The direct link to the slides is http://www.cs.auckland.ac.nz/~pgut001/pubs/fhealth.pdf. Hilarious! I loved it, but it was so short. You should do an extended, in depth treatment of this subject in the spirit of Sokal. I could never maintain that for more than a page or two (although I do have an upcoming X.509 RFC with a paragraph of two of Marxist philosophy taking the place of the usual rambling philosophising over why the RFC is needed). If someone else wants to take over from/extend the above work, they're welcome to. Peter.
Re: Ethnomathematics
Bill Stewart [EMAIL PROTECTED] writes: Actually doing a female-oriented physics or teaching curriculum is fine, if somebody can do a good job of it. Well, I made a start a few years ago with Network Security: A Feminist Perspective (done when people ask me to do security talks for them without bothering to specify which aspect of security they want me to talk about) about halfway down my home page. The direct link to the slides is http://www.cs.auckland.ac.nz/~pgut001/pubs/fhealth.pdf. Peter.
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
Thomas Shaddack [EMAIL PROTECTED] writes: Second, where did the number 7 really come from? From the OSI 7-layer model, which took it from the fact that the number 7 is sacred to a certain tribe in Borneo (see The Elements of Networking Style, by Mike Padlipsky). Peter.
The Crypto Gardening Guide and Planting Tips
After much procrastination I recently put the Crypto Gardening Guide and Planting Tips online at http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt, this may be of interest to readers. From the introduction: There has been a great deal of difficulty experienced in getting research performed by cryptographers in the last decade or so (beyond basic algorithms such as SHA and AES) applied in practice. The reason for this is that cryptographers don't work on things that implementors need because it's not cool, and implementors don't use what cryptographers design because it's not useful or sufficiently aligned with real-world considerations to be practical. As a result, security standards are being created with mechanisms that have had little or no security analysis, often homebrew mechanisms or the standards editor's pet scheme. The problem is a lack of communication: Cryptographers often don't seem aware of the real-world constraints that their design will need to work within in order to be successfully deployed. The intent of this document is to cover some of those real-world constraints for cryptographers, to point out problems that their designs will run into when attempts are made to deploy them. Also included is a motivational list of extremely uncool problems that implementors have been building ad-hoc solutions for since no formal ones exist. Peter.
Re: Big Brotherish Laws
Bill Stewart [EMAIL PROTECTED] writes: I have heard of one case where somebody was stopped in Nevada, and instead of presenting his California driver's license, if any, he presented his somewhere-in-the-Caribbean non-photo license and an international driver's license, and that was just fine for Nevada. That's because non-US licenses constitute automatic permission for minor traffic law violations. The scenario is something like the following: [Driver gets pulled over]. Driver: Gidday mate, hows it going? [Cop asks for license, looks at it] Cop: A, screw it, too much paperwork. Don't do it again. HAND. Peter.
Re: Dossiers and Customer Courtesy Cards
Tim May [EMAIL PROTECTED] writes: Collecting valid name information costs a vendor money (both in labor, computerization/records, and in driving some customers elsewhere). It also deters some people from completing transactions. To see an example of data collection done on a grand scale, have a look at http://www.flybuys.com.au/information/fly_web_inf_pa_002.asp. The information they collect is (from their web page): * name, address telephone number(s) * e-mail address * names of additional cardholders * date of birth * ages of household members * transaction details associated with the collection of Fly Buys points * points collected and awards provided. Members' signatures/authorities are also collected by Fly Buys. where transaction details cover everything you buy over $5, not just the usual groceries and whatnot but extending to things like travel, phonecalls, power bills, car rentals, petrol, banking, hotels, etc etc etc. The usage is: Information about members and supplementary cardholders (whether provided on application, or by participating companies and/or reward providers about member transactions) will be collected by Fly Buys [...] This information will be used by Fly Buys, and its agents, to provide services relating to the Fly Buys programme including to provide a telephone service centre, membership and supplementary cards, Point Summaries and market research. Information from the database will also be used by Fly Buys for marketing purposes, planning, product development and research. Someone looked at some of the details a few years back and found that its agents seemed to be a maze of affiliated companies that were difficult to trace. At the moment it's targeted purely at customer loyalty and to a much lesser extent marketing, but it's a ready-made TIA facility if the government ever decides they need it (actually knowing the Australian government, ASIO may have already decided they need it). Peter (who gets sick of being asked if he's been assimilated yet on every purchase he makes).
Re: Dossiers and Customer Courtesy Cards
Tim May [EMAIL PROTECTED] writes: On Tuesday, December 31, 2002, at 09:49 AM, Kevin Elliott wrote: At 12:12 -0500 on 12/31/02, Adam Shostack wrote: Rummaging through my wallet...a grocery card in the name of Hughes, a credit card with the name Shostack, and an expired membership card in the name Doe. Interesting point on grocery cards... Why do they have your name at all? Every grocery card I've ever gotten they've said here's your card and application, please fill out the application and mail it in. I say thank you ma'am, walk out the door and toss the application in the trash. Not exactly strong (or any) name linkage... * No store I have used has ever _checked_ that a name is valid...they don't even care when my credit card or check says Timothy C. May but my Customer Courtesy Card says J. Random Cypher, or Eric Hughes, or Vlad the Impaler...or is just unattached to any name. I was book-shopping with a friend a few years back when he remembered he had a discount card for that store. In front of the person at the checkout, he pulled a large stack of the store's discount cards out of his pocket, picked one at random from the pile, and handed it to her. She didn't bat an eyelid, nor was she concerned that he had the cards and I was buying the books. Not My Problem. Peter.
Re: ACLU funds Total Awareness of State Abuse
[Apologies if you've seen this before, one of our machines has been quietly dropping outgoing mail...] Major Variola (ret) [EMAIL PROTECTED] writes: It's a mirror image to the government's plan to empower some Americans to check on their neighbors, under a program known as the Terrorism Information and Prevention System. Is that the American Neighbourhood Watch? That lead to the following post on the ukcrypto list a while back: -- Snip -- Graham [EMAIL PROTECTED] writes: Beware! traitors are everywhere! You must immediately report any terrorists treasonous behaviour or any suspicion of treasonous behaviour to the terrorist Computer. Failure to do so is treason. American Neighbourhood Watch Some of your brother Troubleshooters may serve the Computer as Guardians neigbours A.N.W. neigbourhood Of Internal Security. They are present for your protection. They will wardens report any treasonous behaviour or hint of treasonous behaviour or terrorist terrorist suspicion that treasonous behavour might take place at some time in the terrorist future, to the Computer. Rejoice in the assurance that any treason A.N.W. terrorism among your companions will be discovered and punished. Devote your service to the Computer. Your loyalty will be generously A.N.W. rewarded. So there we have the real explanation - Dubya wants a live roleplaying version of the game. Peter. -- Snip -- Peter.
Re: sleep deprivation was Re: Torture done correctly is a terminal process
Steve Schear [EMAIL PROTECTED] writes: I read some books in my youth on SH and found I could put myself in a self- induced altered reality state from which I could not be easily awakened. I've had that too, listening to pre-election party political broadcasts. physical abuse might be thwarted as well for the well conditioned. Time to start listening to election speeches... Peter.
Re: Did you *really* zeroize that key?
David Honig [EMAIL PROTECTED] writes: Wouldn't a crypto coder be using paranoid-programming skills, like *checking* that the memory is actually zeroed? (Ie, read it back..) I suppose that caching could still deceive you though? You can't, in general, assume the compiler won't optimise this away (it's just been zeroised, there's no need to check for zero). You could make it volatile *and* do the check, which should be safe from being optimised. It's worth reading the full thread on vuln-dev, which starts at http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0. This discusses lots of fool-the-compiler tricks, along with rebuttals on why they could fail. Peter.
Re: Did you *really* zeroize that key?
[Moderator's note: FYI: no pragma is needed. This is what C's volatile keyword is for. No it isn't. This was done to death on vuln-dev, see the list archives for the discussion. Peter.
Re: Using mobile phone masts to track things
Scribe [EMAIL PROTECTED] writes: The technology 'sees' the shapes made when radio waves emitted by mobile phone masts meet an obstruction. Signals bounced back by immobile objects, such as walls or trees, are filtered out by the receiver. This allows anything moving, such as cars or people, to be tracked. Previously, radar needed massive fixed equipment to work and transmissions from mobile phone masts were thought too weak to be useful. Isn't this what CDMA already does using RAKE receivers (different fingers track multiple signals, so it uses multipath as a feature rather than a problem). Presumably, with rather more signal processing than is simply used to improve signal quality, it'd be possible to use the capability to track interfering objects. Peter.
Interesting KPMG report on DRM
KPMG have a report The Digital Challenge: Are You Prepared? available at http://www.kpmg.com/news/index.asp?cid=660 in which they surveyed execs at media companies and conclude that they're focusing too much on (trying to) lock up content using encryption rather than how to do something useful with it: Digital content is getting a lot of attention - but not at the board level, where it is urgently needed. As a recent KPMG survey of top executives shows, media companies are focusing too much on encryption and other defensive technologies while failing to develop proactive strategies that recognize and leverage their online intellectual property assets. [...] But the industry.s efforts to grapple with losses on this scale by locking away content behind multiple layers of protection - whether encryption, copyright protection, or authentication - have tended to detract from the user experience while failing to deliver the hoped-for revenue streams. Indeed, for all the publicity, expert attention, and corporate ingenuity devoted to digital piracy, it is striking that global content companies have not yet been able to find a working solution. This white paper, organized around a survey conducted for KPMG by The Economist Intelligence Unit, takes the industry.s pulse on The bottom line is that media companies need to shift their focus from a circle-the-wagons defense of digital intellectual property to innovative strategies for managing online content as a core revenue source. To achieve this shift, digital intellectual property needs to be valued properly, just like other assets on the balance sheet. Also, its protection needs to be treated as a key issue of corporate governance and given sustained and dedicated board- level attention. It is clear from the survey that media executives are trying to remain optimistic about the potential of digital content - but securing intellectual property rights is an uphill battle. In the quest for the right mix of measures to fight piracy, executives are relying heavily on encryption as well as reactive steps to police and punish violators. At the same time, however, many companies fail to conduct systematic accounting for their digital assets, or to pursue more proactive strategies to build new revenue streams from their online content. [...] Media companies have so far failed to pioneer new business models that would rob piracy of its appeal. Preoccupied with defending the barricades against pirates, the industry has shown a deficit of creativity and innovation in rolling out products and services that can compete with the pirates. This was clear in KPMG.s survey, where only a handful of respondents saw offering potential abusers the chance to distribute content legally as a way of protecting digital intellectual property. In addition, the content industry remains hostage to its own strict interpretations of copyright laws and definitions of intellectual property. Most leading media organizations have their roots in traditional media formats - they still consider every bit of content they produce to be subject to copyright and they defend it - tooth and nail. However, today.s Internet world conflicts with this business model, as consumers expect more fluid boundaries and demand a free flow of information. Good stuff, read the whole thing at http://www.kpmg.com/news/index.asp?cid=660. Peter.
Real-world steganography
I recently came across a real-world use of steganography which hides extra data in the LSB of CD audio tracks to allow (according to the vendor) the equivalent of 20-bit samples instead of 16-bit and assorted other features. According to the vendors, HDCD has been used in the recording of more than 5,000 CD titles, which include more than 250 Billboard Top 200 recordings and more than 175 GRAMMY nominations, so it's already fairly widely deployed. From http://www.hdcd.com/partners/proaudio/overview.html: [...] Hidden Code Addition/Output Dither/Quantization The final step in the reduction to 16 bits is to add high-frequency weighted dither and round the signal to 16-bit precision. The dither increases in amplitude in the frequency range of 16 to 22.05 kHz, leaving the noise floor flat below 16 kHz where the critical bands of hearing associated with tonality occur. As part of the final quantization, a pseudo-random noise hidden code is inserted as needed into the least significant bit (LSB) of the audio data. The hidden code carries the decimation filter selection and Peak Extend and Low Level Range Extend parameters. Inserted only 2?5 percent of the time, the hidden code is completely inaudible-effectively producing full 16-bit undecoded playback resolution. The result is an industry-standard 44.1-kHz, 16-bit recording compatible with all CD replication equipment and consumer CD players. [...] The paper describing the process is available under the somewhat misleading name http://www.hdcd.com/partners/proaudio/AES_Paper.pdf. The description of the stego en/decoding process is on p.15 (it's a rather long excerpt, but it's interesting stuff): As part of the final quantization, a hidden code side channel is inserted into the LSB when it is necessary for the encoder to inform the decoder of any change in the encoding algorithm. It takes the form of a pseudo-random noise encoded bit stream which occupies the least significant bit temporarily, leaving the full 16 bits for the program material most of the time. Normally, the LSB is used for the command function less than five percent of the time, typically only one to two percent for most music. Because the hidden code is present for a small fraction of the time and because it is used as dither for the remaining 15 bits when it is inserted, it is inaudible. This was confirmed experimentally with insertion at several times the normal fraction of time. [...] The mechanism which allows insertion of commands only when needed consists of encapsulating the command word and parameter data in a packet. A synchronizing pattern is prepended to the data and a checksum is appended. The resulting packet is then scrambled using a feedback shift register with a maximal length sequence and inserted serially, one bit per sample, into the LSB of the audio data. The decoder sends the LSB's of the audio data to a complementary shift register to unscramble the command data. A pattern matching circuit looks for the synchronizing pattern in the output of the descrambler, and when it finds it, it attempts to recover a command. If the command has a legal format and the checksum matches, it is registered as a valid packet for that channel. The arrival of a valid packet for a channel resets a code detect timer for that channel. If both channels have active timers, then code is deemed to be present and the filter select data is considered valid immediately. However, any command data which would effect the level of the signal must match between the two channels in order to take effect. The primary reason for this is to handle the case where an error on one channel destroys the code. In such a case, the decoder will mistrack for a short time until the next command comes along, which is much less audible than a change in gain on only one channel, causing a shift in balance and lateral image movement. If either of the code detect timers times out, then code is deemed not to be present, and all commands are canceled, returning the decode system to its default state. If the conditions on the encoder side are not changing, then command packets are inserted on a regular basis to keep the code detect timers in the decoder active and to update the decoder if one starts playing a selection in the middle of a continuous recording. Since the decoder is constantly scanning the output of the de-scrambler shift register for valid command packets even when none are present, the possibility exists that there may be a false trigger. For audio generated by the encoder, this possibility is eliminated in the absence of storage and transmission errors by having the encoder scan the LSB of the audio data looking for a match. If a match to the synchronizing pattern is found, the encoder inverts one LSB to destroy it. Modern digital storage and transmission media incorporate fairly sophisticated error detection and correction systems. Therefore, we felt that only moderate precautions were necessary in
Re: What email encryption is actually in use?
James A. Donald [EMAIL PROTECTED] writes: To the extent that real people are using digitally signed and or encrypted messages for real purposes, what is the dominant technology, or is use so sporadic that no network effect is functioning, so nothing can be said to be dominant? For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. If I don't know you, whether it's signed or not is irrelevant. That leaves a few highly specialised applications which don't really qualify as use by real people (e.g. pgpmoose, EDI, etc etc, where any random proprietary format is fine, since it's decided by mutual agreement of both parties). Peter.
Re: What good are smartcard readers for PCs
At most, it'll contain a name+password for HTTP basic-auth (and to identify users to the site so they can be connected with the info they supplied at purchase time). You've spent too long in the crypto world. Having poked around in the FAQ (I can't believe I'm wasting my time on this), it could be one of three things: 1. Dumb memory card. 2. As (1) but with basic PIN-protected memory region (unlikely, since the user isn't asked to enter a PIN and unique PINs means they can't hardcode it into the access software). 3. Eurochip-type challenge-response card. In other words, a phone card. Also not too likely, since you can't do this via basic-auth. The FAQ handwaves the details, so it could be either 1 or 3. Can someone who has one of these things try reading the ATR off it? (You can also see, from the large number of FAQ entries covering potential problems and all the warnings about things to look out for when you use the card/reader, how not-ready-for-prime-time smart cards still are). Peter.
Re: What good are smartcard readers for PCs
James A. Donald [EMAIL PROTECTED] writes: Peter Gutmann wrote: All they're doing is reading a URL off a USB dongle (technically a 256-byte I2C memory card plugged into a reader, but in effect the combination is a USB dongle). That's a no-brainer, I can do that with two wires taped to the card contacts and poked into the PC's parallel port, and around 50 bytes of code on the PC. If all they were doing is reading the URL, presumably you can already get to the site without owning the smartcard. Yup, but that wouldn't be Cool(tm) any more. I believe the card cryptographically proves its presence to the site to show that the user is authorized to hit the site. That would be a considerable feat for a 256-byte dumb memory card. At most, it'll contain a name+password for HTTP basic-auth (and to identify users to the site so they can be connected with the info they supplied at purchase time). You've spent too long in the crypto world. Peter.
Re: What good are smartcard readers for PCs
James A. Donald [EMAIL PROTECTED] writes: On 25 Sep 2002 at 18:36, Neil Johnson wrote: Hey don't forget you can still buy a smart card reader from that most cypherpunkish of babes BRITNEY SPEARS ! Only $30 ! https://www.visiblevisitors.com/mltest/order_form.asp A previous poster suggested that the smart card industry had usuability problems. If these guys are selling to that market, they must have solved those problems -- or believe that they have. All they're doing is reading a URL off a USB dongle (technically a 256-byte I2C memory card plugged into a reader, but in effect the combination is a USB dongle). That's a no-brainer, I can do that with two wires taped to the card contacts and poked into the PC's parallel port, and around 50 bytes of code on the PC. Getting a general-purpose crypto smart card working usefully, now that's a challenge. Peter.
Re: What good are smartcard readers for PCs
I wrote: The FAQ handwaves the details, so it could be either 1 or 3. Can someone who has one of these things try reading the ATR off it? He Who has No Shame [0] reports that it's a GemClub memory card, which is reasonably similar to the old SLE4428-style cards: 256 bytes of memory, some of it PIN-protected. Available commands are read, write, and verify PIN. Given the info in the FAQ, it would appear that the PIN is fixed/hardcoded into the driver, since there's no indication that users are asked for it, and it mentions that if someone else finds your card, they get access (or they may just use the non-protected storage in the card). I'm guessing this was a marketing decision, expecting x-teen-year-old kids (whatever the target market for these things is) to remember and enter PINs, not to mention the UI issues involved in obtaining the things, would make it unworkable, while reading off a URL and password and poking it into a browser is something which is a lot safer to deploy. Access control is by an XML version of basic-auth. In other words, it's (effectively) a dumb memory card with (effectively) HTTP basic-auth. It does however use the T=0 serial protocol and not I2C, which is a bit trickier to read with wires poked in the parallel port :-). Peter. [0] He actually bought it under his own name, without pretending it was for his nieces or something.
FIB workstation photos
As part of its tour of Nvidia, Anandtech got to look at an FIB workstation of the kind used for (among other things) reverse-engineering and modifying semiconductors. For those who have never seen one of these things, there are photos at http://www.anandtech.com/video/showdoc.html?i=1711p=9 Peter.
Re: What good are smartcard readers for PCs
James A. Donald [EMAIL PROTECTED] writes: Increasingly however, we see smartcard interfaces sold for PCs. What for, I wonder? Companies buy a few readers for their developers who write software to work with the cards. They may even roll out a few in pilots, and put out a stack of press releases and print brochures advertising how hip they are for using smart cards. Eventually the clients discover how much of a bitch they are to work with (installation problems/buggy drivers/incompatibilities/not having your card when you need it/etc, not helped by the fact that smart card vendor after- sales support is the most client-hostile of any PC hardware type I know of) that users decide to live with software-only crypto until the smart card scene is a bit more mature. Given that n_users n_card_vendors, this situation can keep going for quite some time. Peter.
Re: Cypherpunks and Irish Travellers
another woman, Rose Ann Carroll, were arrested March 27 at a Kohls department store in Fort Worth on charges of theft $50 to $500. I wasn't follownig the news ... they didn't get Osama, did they ? No, although there was a brief scare when it was reported that bed Linen had been spotted in another part of the store. Peter.
RE: DNA databases to be classified
Lucky Green [EMAIL PROTECTED] quoted: The feat proves that even if all the polio virus in the world were destroyed, it would be easily possible to resurrect the crippling disease. It also raises the worrying possibility that bioterrorists could use a similar approach to create devastating diseases such as ebola and smallpox without having to gain access to protected viral stocks. I saw this on BBC news. It took a very sophisticated lab two years work to produce polio. They thought they might be able to do smallpox given about 20 years work. They even managed to slip in an Internet reference in the story. I guess We synthesised polio from RNA just isn't newsworthy enough on its own. Peter.
Re: Ross's TCPA paper
Eric Murray [EMAIL PROTECTED] writes: On Fri, Jul 12, 2002 at 07:14:55PM +1200, Peter Gutmann wrote: From a purely economic perspectice, I can't see how this will fly. I'll pull a random figure of $5 out of thin air (well, I saw it mentioned somewhere but can't remember the source) as the additional manufacturing cost for the TCPA hardware components. Motherboard manufacturers go through redesigns in order to save cents in manufacturing costs, and they're expected to add $5 to their manufacturing cost just to help Microsoft manage its piracy problem? Motherboard makers don't pay for it. Microsoft pays for it. Hmm, I can just see it now, Windows 2005 ships as three CDs, a 400-page EULA, a fine-tip soldering iron, a magnifying glass, an EMBASSY chip, and a copy of SMD Soldering for Dummies. Peter.
Re: Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design
R. A. Hettinga [EMAIL PROTECTED] writes: WAVE, some of you might remember, was started by a former NatSemi Chairman back before the internet got popular. It was going to be a dial-up book-entry- to-the-screen content control system with special boards and chips patented to down to it's socks. Think of it as DIVX for PCs, with a similar chance of success (see my earlier post about TCPA being a dumping ground for failed crypto hardware initiatives from various vendors). Its only real contribution is that the WAVEoid board on Ragingbull (alongside the Rambus one) is occasionally amusing to read, mostly because it shows that the dot-com sharemarket situation would be better investigated by the DEA than the FTC. Peter.
Good quote on biometric ID
I was reading a late-70's paper on computer security recently when I saw that it contains a nice quote about the futility of trying to use biometrics to prevent Sept.11-type attacks, I thought I'd share it with people: When a highway patrolman is sent to his duty, he has to be given the authority to cite traffic violators. This cannot be done explicitly for each violator because at the time that the patrolman is sent to his duty, the traffic violator does not exist, and the identity of the future violators is not known, so that it is impossible to construct individual access rights for the violators at that time. The point is that the patrolman's authority has to do with the behaviour of motorists, not their identity. - Naftaly Minsky, An Operation-Control Scheme for Authorisation in Computer Systems, International Journal of Computer and Information Sciences, Vol.2, No.2, June 1978, p.157. Peter.
Re: Sci Journals, authors, internet
Greg Newby [EMAIL PROTECTED] writes: Some electronic journals, some conferences and some print journals now let authors retain copyright or, if they keep copyright, allow authors to do what they please with their work. Usenix is really good with this. You agree not to re-publish anything for a period of one year (to cover their print distribution), although you're allowed to put a copy on your home page. After that, you're free to do what you like. They also make all their stuff available online at no charge after a year. This is why I preferentially submit papers to Usenix rather than ACM or IEEE, I want to get the information out there where it does some good, not have it locked up in a copyright prison for all eternity. I can't imagine that the ACM is going to make much (if anything) from the reprint rights of a ten-year-old article on distributed search algorithms, but by locking it up, very few people ever have access to it. (Hmm, I wonder if it can be argued that making stuff intended for public distribution inaccessible violates the creator's moral rights? I know that doesn't apply in the US, but in other countries it might work. Moral rights can't be assigned, so no publisher can take that away from you. Any lawyers out there?). It's far more typical, though, for the journal to get all rights, except perhaps classroom use (aka fair use) by the author. That's more traditional for publishers like IEEE and ACM. OTOH they seem to turn a blind eye to people making papers available on their home pages, even if the publishing agreement says you shouldn't do that. I suspect the backlash would be too strong if they tried to clamp down on this, although I wish it'd be formalised in some way rather than leaving it as a grey area. Peter.
Re: PKI: Only Mostly Dead
Derek Atkins [EMAIL PROTECTED] [EMAIL PROTECTED] (Peter Gutmann) writes: For example the value 1234567890 taken in isolation could be anything from my ICQ number to my shoe size in kilo-angstroms, but if you view it as the pair { ICQ domain, locally unique number } then it makes sense (disclaimer: I have no idea whether that's either a valid ICQ number or my shoe size in kilo-angstroms). It's clearly not your shoe size in kilo-angstroms, unless you have MIGHTY large feet. According to 'units', that works out to 4860 inches. Obviously it's my hat size then. Peter.
Re: PKI: Only Mostly Dead
Peter Gutmann should be declared an international resource. Thankyou Nobody. You should have found the e-gold in your acount by now :-). Only one little thing mars this picture. PKI IS A TREMENDOUS SUCCESS WHICH IS USED EVERY DAY BY MILLIONS OF PEOPLE. Of course this is in reference to the use of public key certificates to secure ecommerce web sites. Every one of those https connections is secured by an X.509 certificate infrastructure. That's PKI. Opinion is divided on the subject -- Captain Rum, Blackadder, Potato. The use with SSL is what Anne|Lynn Wheeler refer to as certificate manufacturing (marvellous term). You send the CA (and lets face it, that's going to be Verisign) your name and credit card number, and get back a cert. It's just an expensive way of doing authenticated DNS lookups with a ttl of one year. Plenty of PK, precious little I. The truth is that we are surrounded by globally unique identifiers and we use them every day. URLs, email addresses, DNS host names, Freenet selection keys, ICQ numbers, MojoIDs, all of these are globally unique! [EMAIL PROTECTED] is a globally unique name; you can use that address from anywhere in the world and it will get to the same mailbox. You can play with semantics here and claim the exact opposite. All of the cases you've cited are actually examples of global distinguisher + locally unique name. For example the value 1234567890 taken in isolation could be anything from my ICQ number to my shoe size in kilo-angstroms, but if you view it as the pair { ICQ domain, locally unique number } then it makes sense (disclaimer: I have no idea whether that's either a valid ICQ number or my shoe size in kilo-angstroms). (This is very much a philosophical issue. Someone on ietf-pkix a year or two back tried to claim that X.500 DNs must be a Good Thing because RFC 822 email address and DNS names and whatnot are hierarchical like DNs and therefore can't be bad. I would suspect that most people view them as just dumb text strings rather than a hierarchically structured set of attributes like a DN. The debate sort of fizzled out when no-one could agree on a particular view). I think the unified view is that what you need for a cert is a global distinguisher and a locally meaningful name, rather than some complex hierarchical thing which tries to be universally meaningful. Frequently the distinguisher is implied (eg with DNS names, email addresses, for use within XYZ Copy only, etc), and the definition of local really means local to the domain specified in the global distinguisher. I'm not sure whether I can easily fit all that into the paper without getting too philosophical - it was really meant as a guide for users of PKI technology. Peter.
Re: Edinburgh Financial Cryptography Engineering 2002 - CFP
Dan Geer [EMAIL PROTECTED] writes: I founded this series in 1995 and was proud to have done so; we ran them in 1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's core and forte to where every conference organizer on the planet had an e- commerce workshop of some sort up and running. Unfortunately they've become either just another Crypto clone (FC in the last year or two) or a collection of XML/J2EE/buzzword-du-jour be-ins (all the rest). The world still needs a good, technical e-commerce security conference which isn't one of the above. I'm open to suggestions, of course, I'd love to see it resurrected. While I can't really organise it because of where I am, I'd be happy to referee papes or whatever. Having served on PCs for several other security conferences, I've seen enough papers of the appropriate kind submitted elsewhere to indicate that there'd be enough for an e-commerce security conference (in other words there's no shortage of material there). The Usenix one, during its short lifetime, attracted some really good papers. Peter.
RE: NAI pulls out the DMCA stick
[EMAIL PROTECTED] writes: On 27 May 2002 at 19:56, Peter Gutmann wrote: [EMAIL PROTECTED] writes: My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent. I'll say this one more time, slowly for those at the back: What you're criticising is PEM circa 1991, not S/MIME. Things have moved on a bit since then. You need a certification authority. Every one you deal with has to acknowledge whatever certification authority gave you your certificate. [etc etc - standard description of original 10-year-old PEM certification model] No, as I said before, what you're describing is PEM circa 1991, not S/MIME. In the S/MIME model, anyone can issue certs (just like PGP), including yourself. In addition, many large CAs will issue certs in any name to anyone, so even if you don't want to do your own keys a la PGP you can still get a Verisign cert which behaves like a PGP key. Rather than wasting all this bandwidth in a lets-bash-S/MIME-by-pretending- it's-still-PEM debate (what is it with this irrational fear of S/MIME?), I'd be more interested in a serious discussion on which key-handling model is less ineffective, WoT or X.509-free-for-all. At the moment both of them seem to work by using personal/direct contact to exchange keys, with one side pretending to be WoT-based (although no-one ever relies on this) and the other pretending to be CA-based (although no-one ever relies on this [0]). The end result is that they're more or less the same thing, the only major differentiating factor being that most X.509-using products don't allow you to distribute your own certs the way PGP does. Peter. [0] With my earlier caveat about exceptions for government orgs who have been instructed to rely on it, or else.
Re: S/MIME and web of trust (was Re: NAI pulls out the DMCA stick)
Eric Murray [EMAIL PROTECTED] writes: Additionally, there is nothing that prevents one from issuing certs that can be used to sign other certs. Sure, there are key usage bits etc but its possible to ignore them. It should be possible to create a PGP style web of trust using X.509 certs, given an appropriate set of cert extensions. I proposed some very simple additions to X.509 which would allow you to use the certs in the same way as PGP keys a year or two back. Unfortunately the PKIX WG chair is about as open to PGP-style additions to X.509 as some PGP people are towards S/MIME. (You can also do PGP using X.509 certs, I've been doing that for awhile just out of sheer bloody-mindedness :-). Peter.
RE: NAI pulls out the DMCA stick
[EMAIL PROTECTED] writes: My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent. I'll say this one more time, slowly for those at the back: What you're criticising is PEM circa 1991, not S/MIME. Things have moved on a bit since then. Peter.
RE: NAI pulls out the DMCA stick
Curt Smith [EMAIL PROTECTED] writes: 1. How do you create a X.509 signing hierarchy? Grab whatever crypto software you feel most comfortable with that does X.509 and start cranking out certs. 2. Can you add additional algorithms (ie. Twofish)? Certs are for public-key algorithms, so Twofish would never appear in there (well, I guess you could certify a Twofish key, but I'm not sure what the point would be). 3. Is a relavent developer reference is available for X.509? You have to distinguish between the X.509 format and tools to use X.509. I assume you're after a manual for the tools, rather than RFC 3280, for the same reason that most PGP users don't start by reading RFC 2440. In that case, refer to the docs for your crypto toolkit. Peter.
RE: NAI pulls out the DMCA stick
contrary [EMAIL PROTECTED] writes: As long as you obtain your S/MIME certificate from an apporved CA, using an approved payment method and appropriate identification. The only CA-issued certs I've ever used were free, and under a bogus name. Usually I just issue my own. You really need to find a better strawman than this if you want to criticise S/MIME. Peter.
RE: NAI pulls out the DMCA stick
Curt Smith [EMAIL PROTECTED] writes: Certificate Authorities issue certificates complete with CA imposed expiration dates and usage limitations. (I prefer independent systems with unrestricted certificates) So issue your own. Honestly, why would anyone want to *pay* some random CA for this? Certificate Authorities match individuals to keys (Thanks, but no thanks) And PGP doesn't? Anyway, X.509 certs can be as anonymous as PGP keys. Certificate Authorities can revoke certificates at anytime (CA-driven DOS attack) Most implementations ignore revocation, and in any case it's not an issue if you issue your own. Peter.
Re: Joe Sixpack doesn't run Linux
Meyer Wolfsheim [EMAIL PROTECTED] writes: S/MIME support is in just about every popular email client out of the box. Why is PGP more widely used? [Good reasons snipped] Those who care about security [0] use PGP, the rest use S/MIME. To steal a line from Hexed: S/MIME: For people who could care less. Actually it's not even that, it's closer to: Plaintext: For people who could care less. I have yet to exchange an encrypted S/MIME message of any significance with anyone, ever. Even if the other side is using an S/MIME-enabled mailer, we usually end up using PGP even if it means having to try half a dozen different versions to find one which will process the other side's messages. While I'm in a quoting mood, there's also Marshall Rose's comment about X.400 to steal: Two people meet at a conference and exchange email addresses. They get back to their offices and want to communicate securely. If both sides are using PGP x.y.z, they communicate securely. If one side is using PGP x.y.z and the other isn't, they wait for a message and then keep trying different PGP versions until they find one which will process the message. If they aren't using PGP, they communicate in plaintext and hope no-one's listening. (In case that's forwarded or quoted out of context, this is a comment on a social issue, not a software issue). Peter. [0] With the corollary: and aren't government users, S/MIME is used a fair bit in certain areas, it just doesn't get much public exposure.