At 8:18 AM -0700 10/7/03, Rich Salz wrote:
>Are you validating the toolchain? (See Ken Thompson's
>Turing Aware lecture on trusting trust).
With KeyKOS, we used the argument that since the assembler we were using
was written and distributed before we designed KeyKOS, it was not feasible
to includ
At 5:56 AM -0700 10/8/03, Peter Gutmann wrote:
>... it might be more
>useful to create a user-friendly management interface to IPsec implementations
>to join the zero or so already out there. The difficulty in setting up any
>IPsec tunnel is what's been motivating the creation of (often insecure)
Greetings,
In the process of trying to work around some of the limitations
of the m$-CAPI API, I'm trying to decipher the internal representation
of private keys in the default m$ key store, in order to extract
the private key out.
The systems I'm working on are Win2K and XP, both on NTFS.
Google
Ian Grigg <[EMAIL PROTECTED]> writes:
> I'm curious - my understanding of a VPN was that
> it set up a network that all applications could
> transparently communicate over.
>
> Port forwarding appears not to be that, in
> practice each application has to be reconfigured
> to talk to the appropria
Ian Grigg wrote:
> I'm curious - my understanding of a VPN was that
> it set up a network that all applications could
> transparently communicate over.
spot on.
> Port forwarding appears not to be that, in
> practice each application has to be reconfigured
> to talk to the appropriate port, or, ea
Thor Lancelot Simon wrote:
> On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote:
>
>>Thor Lancelot Simon wrote:
>>
>>
>>>On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote:
>>>
>>>
Thor Lancelot Simon wrote:
>these operations. For example, there is no simple way
Peter Clay wrote:
> On Thu, 9 Oct 2003, Peter Gutmann wrote:
>
>
>>I would add to this the observation that rather than writing yet another SSL
>>library to join the eight hundred or so already out there, it might be more
>>useful to create a user-friendly management interface to IPsec implement
- Original Message -
From: "Peter Gutmann" <[EMAIL PROTECTED]>
> [...]
>
> The problem is
> that what we really need to be able to evaluate is how committed a vendor
is
> to creating a truly secure product.
> [...]
I agree 100% with what you said. Your 3 group classification seems
accur
Rich $alz said:
> it might be more useful to create a user-friendly management
> interface to IPsec implementations to join the zero or so already
> out there. The difficulty in setting up any IPsec tunnel is what's
> been motivating the creation of (often insecure) non- IPsec VPN
> software, so w
At 5:36 PM -0700 10/5/03, Norman Hardy wrote:
>I can't recall Keykos security problems stemming from hostile message
>strings in a key invocation.
>I don't know why. Perhaps we always expected hostile messages as a
>cultural thing.
I think there were several additional reasons for this:
* Most of
At 12:08 AM 10/10/03 +0800, Ng Pheng Siong wrote:
>I believe SSL VPNs are easier than IPsec to deploy
For the former, you give a password or two --maybe
reuse a POP3 that your users already have-- and all your
users get in fairly securely, and you can verify them.
Easy for them because they alr
Companies are using a new software protection system, called Fade, to
protect their intellectual property from software thieves. Fade is being
introduced by Macrovision, which specializes in digital rights management,
and the British games developer Codemasters. What the program does is make
unauth
David Honig wrote:
> For the former, you give a password or two --maybe
> reuse a POP3 that your users already have-- and all your
> users get in fairly securely, and you can verify them.
> Easy for them because they already have a browser.
Has anybody tried to revert the political decision n
Since I'm sure Perry will eventually get tired of VPNs, before he does I
should announce that I have, at the request of several participants in
the recent discussions, set up a list for VPN theory discussion. It is
currently unmoderated, though I reserve the option to change that if
warranted.
The
Anton Stiglic wrote:
>
> - Original Message -
> From: "Peter Gutmann" <[EMAIL PROTECTED]>
> > [...]
> >
> > The problem is
> > that what we really need to be able to evaluate is how committed a vendor
> is
> > to creating a truly secure product.
> > [...]
>
> I agree 100% with what you sa
Dave Howe wrote:
> so as I say - think of vpn as two components - intercept (the virtual
> network functionality) and transport (a secure, authenticated,
> encapsulated communications standard) and how vpn over *anything* becomes
> more clear.
Thanks. That's the key! Then, the answer
might rea
Ian Grigg wrote:
> Dave Howe wrote:
> Thanks. That's the key! Then, the answer
> might really be that a good system would
> do the transport over UDP it if could, or
> it would fall back to a connection in the
> worst case.
Exactly so, yes - however, the mechanics of doing so (and the protocols
u
Yawn... This is no different than any of the copy protection schemes
employed in the 1980's on then popular home computers such as the
commodore 64.
Hindsight is 20/20 and recalls, all of these were broken within weeks if
not months. "Nibbler" copiers and other programs were quickly built tha
18 matches
Mail list logo
