At 11:49 AM -0800 12/28/03, Jim Gillogly wrote:
>wouldn't it be preferable to prove that you've contributed
>the same amount of power to a useful compute-bound project, such as
>NFSNET.org or GIMPS or [EMAIL PROTECTED] or [EMAIL PROTECTED]
Simple economics. If you're going to go so far as using so
Amir Herzberg wrote:
Ian proposes below two draft-definitions for non-repudiation - legal and
technical. Lynn also sent us a bunch of definitions. Let's focus on the
technical/crypto one for now - after all this is a crypto forum (I agree
the legal one is also somewhat relevant to this forum).
Carl Ellison wrote:
If you want to use cryptography for e-commerce, then IMHO you need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/he accepts liability for any digitally signed sta
Carl Ellison wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
Sent: Tuesday, December 23, 2003 1:44 AM
To: [EMAIL PROTECTED]
Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
Ah. That's why they're trying to rename the correspon
Amir Herzberg wrote:
At 04:20 25/12/2003, Carl Ellison wrote:
...
If you want to use cryptography for e-commerce, then IMHO you
need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/h
Ian's message gave a summary that's in my accord with how courts work. Since
lawyers learn by example - and the law grow by and example - here's a case
that I think closely parallels the legal issues in repudiation of digital
signature cases. The case, which if I remember right (from hearing abou
On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote:
"Note that there is no theoretical reason that it should be possible
to figure out the public key given the private key, either, but it so
happens that it is generally possible to do so"
So what's this "generally possible" business about?
Well, AFAI
I asked the guy making the presentation about the similarity to Kerberos
message flows and he said something to the effect of ah yes, kerberos.
Not sure what the guy meant by that. But yes, SAML flows are "just
like" Kerberos flows. And Liberty and WS-Federation look a lot like DCE
cross-cell
| > "Note that there is no theoretical reason that it should be
| > possible to figure out the public key given the private key,
| > either, but it so happens that it is generally possible to
| > do so"
| >
| > So what's this "generally possible" business about?
|
| Well, AFAIK its always possible,
Jerrold Leichter wrote:
D. Self-authentication: A few types of documents are
"self-authenticating," because they are so likely to be what they
seem, that no testimony or other evidence of their genuineness need be
produced. [474 - 475]
1. State provisions: Under m
On Mon, 2003-12-29 at 10:16, Rich Salz wrote:
> Not sure what the guy meant by that. But yes, SAML flows are "just
> like" Kerberos flows. And Liberty and WS-Federation look a lot like DCE
> cross-cell (er, Kerberos inter-realm) flows. After all, there's only not
> many ways to do secure onlin
On 29 Dec 2003, at 19:29, Paul A.S. Ward wrote:
This first case is actually quite amusing. I was recently the subject
of identity theft.
Specifically, the thieves had my SSN (SIN, actually, since it is in
Canada), and my
driver's licence number. They produced a fake driver's licence, and
used
Jerrold Leichter <[EMAIL PROTECTED]> writes:
> | > "Note that there is no theoretical reason that it should be
> | > possible to figure out the public key given the private key,
> | > either, but it so happens that it is generally possible to
> | > do so"
> | >
> | > So what's this "generally poss
At 09:37 PM 12/26/2003 -0500, Adam Back wrote:
The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
flaw in in the first memory-bound function paper (by Adabi, Burrows,
Manasse, and Wobber) which admits a time-space trade-off, proposes an
improved memory-bound function and also in th
Bill Stewart wrote:
At 09:37 PM 12/26/2003 -0500, Adam Back wrote:
The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
flaw in in the first memory-bound function paper (by Adabi, Burrows,
Manasse, and Wobber) which admits a time-space trade-off, proposes an
improved memory-bound f
On Tue, 23 Dec 2003, Seth David Schoen wrote:
>When attestation is used, it likely will be passed in a service like
>HTTP, but in a documented way (for example, using a protocol based on
>XML-RPC). There isn't really any security benefit obtained by hiding
>the content of the attestation _from
| On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote:
| >> "Note that there is no theoretical reason that it should be possible
| >> to figure out the public key given the private key, either, but it so
| >> happens that it is generally possible to do so"
| >> So what's this "generally possible" busine
Jerrold Leichter wrote:
>|> *Any* secure computing kernel that can do
>|> the kinds of things we want out of secure computing kernels, can also
>|> do the kinds of things we *don't* want out of secure computing kernels.
David Wagner wrote:
>| It's not hard to build a secure kernel that doesn't pro
Rick Wash wrote:
>There are many legitimate uses of remote attestation that I would like to
>see. For example, as a sysadmin, I'd love to be able to verify that my
>servers are running the appropriate software before I trust them to access
>my files for me. Remote attestation is a good technical
Ed Reed wrote:
>There are many business uses for such things, like checking to see
>if locked down kiosk computers have been modified (either hardware
>or software),
I'm a bit puzzled why you'd settle for detecting changes when you
can prevent them. Any change you can detect, you can also prevent
20 matches
Mail list logo