> Hmmm, I have a "voter registration card" and I believe that is the case
> across the USA.
It is not.
/r$
[True enough. --Perry]
R sent me a nice note pointing out that it was actually a bachelor's
thesis, supervised by A. Apparently unpublished.
/r$ (not S, and certainly not *that* S :)
> @unpublished{Kohnfelder78,
> author = {Kohnfelder, Loren M.},
> title ={Towards a Practical Public-Key Cryptosys
> Here's the BibTeX entry for the paper that apparently "started it all"..
The D-H paper is the public start of public-key crypto. The scientific
American article by Gardner explained, pre-patent-issuance, RSA to the
world. The start of PKI is an MIT Master's Thesis that created
certificates.
S
"DUBLIN, Ireland--(BUSINESS WIRE)--Jan. 8, 2001-- Hush Communications
(www.hush.com), a leading global provider of managed security solutions
and encryption key serving technology, today announced it has been
granted a patent for its revolutionary key pair management technology
that enables person
> No word, of course, on how the thing actually works, or whether they
> intend to patent it.
Not so. Search your nearest IETF internet-drafts repository for
draft-jutla-ietf-ipsec-esp-iapm-00.txt
And in there you will find
5. Intellectual Property Issues
IBM has f
SWIG (www.swig.org) is a scripting-interface generator; it reads C/C++ header
files and generates stubs for python,java(bleeding edge),tcl,perl. m2crypto
(http://www.post1.com/home/ngps) is a nice swig'd set of openssl header files.
oriented for python, it should work with java too.
/r$
Thanks, all, for the review; I greatly appreciate it.
The overall system will be online, and on the net, generating keys 24x7. I can
follow best practices to firewall the network, and physical access by an
adversary is impossible (I now this is a strong statement, but it *is* outside
of my threat
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds turn the network card into promiscuous mode,
> I'm the inventor of SRP. The version of the protocol described in RFC
> 2945 (see http://srp.stanford.edu/) is royalty-free for worldwide use.
I've heard from two sources that the Stanford licensing office believes
otherwise.
> The only time the client signs something is when the
> server requests client auth. In TLS, the client signs MD5 and/or SHA1
> hashes of the TLS handshake messages that have passed between
> the client and server at that point in the protocol.
>
> In SSLv3, it signs an MD5 and/or SHA1 HMAC-lik
> the OpenSSL project was not accepting code from US sources. Has this policy changed?
Yes. The various members of the openssl-core team either
agree that the current regulations remove their concern; or
feel that even though there are issues it's not worth dealing with now
US co
> This effectively exempts things like signature-only smartcards and similar
> tokens.
I would not want to risk things on strict technical interpretation.
I would go solely by intent, which often seems obvious.
"I don't know what cryptography is, but I know it when I see it."
/r$
> It doesn't seem intuitively like the federal government
> ought to need a special financial incentive to disclose its research.
> But maybe I'm missing something.
This is probably what's called a defensive patent. It's common practice
to patent something so that nobody else can lock you out,
> If the US federal government owns this algorithm, then it can't be
> patented.
I'm not sure if you are referring to SHA1 in particular, or in general.
While I don't know about SHA-1, the US Government *can* own patents.
For example, here's one that's actually kinda relevent. :)
Workflow mana
> I do not understand what is meant by "provably secure".
An unfortunate admission for a would-be cryptographer. For what it's
worth, this is a mark against your credibility and might mean that fewer
real crypto types will look at your work. (And no, I don't qualify as a
crypto type.)
/
> However, given the, ah, acrimonious nature of this corner of this
> marketplace, it seems prudent to consider another name.
RSADSI (or whatever their name was back then) once tried to get the IEEE
crypto committee to use a generic term, rather than their trademark for
the "RSA encryption syste
> Their "speciality" in this case is making laws. If they are not capable of
> or willing to make an effort to comprehend that which they are
> legislating, then they are negligent in their duties.
That seems a little disingenuous. My specialty is computers, yet
I can't fix my modem driver. "Ma
> I now believe you've decoded the below incorrectly because the leading bit
> is set, making this a signed number
Then it should have a leading zero byte.
This appears to be a widespread bug within Microsoft products.
/r$
> According to the AP, U.S. House and Senate negotiators have reached a
> compromise on legislation that will set national standards for digital
> signatures and the like. Details are in
>
>http://www.nandotimes.com/no_frames/technology/story/0,4500,500213819-500301920-501670828-0,00.html
Here'
Any comments on Arcot, www.arcot.com?
A handful of press releases, including
http://www.whitehouse.gov/library/ThisWeek.cgi?type=p&date=1&briefing=0
Which starts...
Today, I am pleased to announce that the United States will stop the
intentional degradation of the Global Positioning System (GPS) signals
available to t
> proposed it but I think the example passphrase given was "the happy duck
> slowly kisses the yellow book".
A la Chomsky: "Colorless green ideas sleep furiously." :)
For a bit of whimsy, I posted a program in 1989 to comp.sources.games
that generated sonnets. Might be of interest. You can fi
It used to be that giving export control advice consisted of helping
clients to comprehend unbelievably ridiculous statements in the
present tense. Giving such advice now largely consists of helping
clients to comprehend unbelievably ridiculous statements in the future
condit
Anyone know anything about these guys?
[I may be having a knee jerk reaction, but this smells snake oily. --pm]
Anyone get the snail-mail invite?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John I Jones
Sent: Thursday, January 13, 2000 8:58 AM
To:
Good note. Shows why we (should) all get paid the big bucks to create
secure systems. :) Everything's a trade-off.
I was assuming the adversary had physical access to the machine's console
and could reboot, etc., at will, which seems to make your defense moot,
at least for the (very few) system
> Does that double the number of systems? Surely all the adversary has to
> do is substitute his own s/w for the thing that receives the passphrase
> and reboot A, not requiring a crack of B at all.
That's why I said S/Key. Rebooting A would get the two out of sync
and while the adversary might
> Your comments about locking down the server host are correct. I think the
> distinction becomes realistic in a worst case scenario.
I disagree, but that's what makes a horse race. :)
If the private key is ondisk, then the adversary can snarf it and
try various passphrases at their leisure unti
> Is there a good solution to the problem of starting up a network server that
> needs access to an encrypted database?
> (They also give
> you the option of having the server store the pass phrase on disk, although
> they warn you that this is completely insecure.)
Is it really? That's not cl
> unless, of course, there's a built-in list of trusted CAs.
That's exactly what it is. Patching the list is apparently pretty
easy for Netscape Navigator -- instructions are included in the
mod_ssl Apache patch -- but it's not currently known what needs to
be done to make IE add a trusted CA.
> > It works
> > better to patch out NSA's key with your own -- then you can load both
> > your own crypto code and all the standard MS stuff.
I'm sorry, but my original followup apparently wasn't clear enough.
In a very important sense, it doesn't matter who actually "owns"
the NSAKEY. What ma
> The motivations around Bidzos/RSA's recent public
> pro-export-control stance are quite clear.
Hm, I read the quote as "yeah, right, like herding cats it will happen."
Seeing "Bad" ulterior motives in RSA/Australia is also impugning Eric
and Tim, remember.
Bidzos and RSA have a pretty good r
www.aus.ras.com, I think.
Curious. Two years ago OSF's outside counsel, bright folks at
Hale&Dorr, advised us that a wholly-owned subsidiary of a US
company was subject to the US regulations.
32 matches
Mail list logo