Re: Yahoo releases internet standard draft for using DNS as public key server
also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]: > It's "industry support". We know what it means: multiple, > conflicting approaches, slow, fragmented adoption --> will not > work. It would be better if the solution does NOT need industry > support at all, only user support. It should use what is already > available. While I fundamentally agree, a user-side approach will not work for two reasons, at least: - The technology is too complex to be grasped. users may be able to select encryption in their GUI, but they fail to understand the consequences. This is especially problematic on the receiver side, because no standard user knows how to handle a BAD SIGNATURE alert. - The infrastructure is not there. Two standards compete for email cryptography, and both need an infrastructure to back them up. Unless the governments do not settle on one standard and provide the necessary infrastructure, such as signing keycards or pocket devices capable of stream en/decryption, encryption is not going to be standard. If everyone and their mother is supposed to use cryptography, then the two points need to be addressed. And unless everyone (and their mother) uses cryptography consistently, email is not going to be safe. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! the unix philosophy basically involves giving you enough rope to hang yourself. and then some more, just to be sure. signature.asc Description: Digital signature
Re: The future of security
On Fri, 28 May 2004, Anne & Lynn Wheeler wrote: >connecting systems that were designed for fundamentally safe and isolated >environment to wide-open anarchy hostile operation exposes all sorts of >problems. somewhat analogous to not actually needing a helmet for riding a >motorcycle ... or seat belts and airbags to drive a car. Perspective on things... Where I grew up, safety equipment inside your car (or on your head on a motorcycle) was limited to that which prevented you from becoming more of a hazard to *OTHER* drivers. Motorcyclists didn't need helmets, because helmets don't prevent crashes or change the consequences of crashes for anyone who's not wearing them. But they did need eye protection, because eye protection reduced the probability of crashes that could be dangerous to others. I thought this was actually a well-considered system. The law required us to take whatever reasonable precautions we needed to protect others from our actions, but it was entirely up to us whether we attempted to protect ourselves from our own actions. Now, in most states, law doesn't work this way any more -- protecting people from each other has gotten fuzzed into the idea of protecting "the people" (monolithic unit) from "themselves" (monolithic unit). But I think there is some wisdom here that may apply to the spam situation. Have partial solutions been getting rejected because we're seeing that we can't protect users against their *own* stupidity? What we actually need is systems to protect *other* users from their stupidity. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Yahoo releases internet standard draft for using DNS as public key server
On Fri, May 28, 2004 at 03:20:52PM -0400, [EMAIL PROTECTED] wrote: [...] > How soon will the spammers get into the business of hosting free mailboxes > for people who actually buy spamvertized products. Much easier to send the > spam to their own users, let them indicate their preferences, set up > forwarded notifications, ... Er, doesn't this describe Gmail? > What things brings us to is that a major part of the problem are of course > the people who buy the spamvertized products. So long as there is a new > sucker born every minute, there will also be someone ready to take > advantage of same. Yeah... I'm curious about who these suckers actually are. I've never heard of anyone buying any spam crap except journalists researching whether or not you can actually buy spam crap. Does >anyone< personally know someone who's bought something from a spammer, for real? > Can spam be solved through end-user education? "Do not buy spammed > products" campaign signs right next to the public health signs against > smoking? "How to not be this minute's sucker" education in schools? :-) Put that sign right next to the Snapple machine. > Is spam really that important a societal ill, if the spammers had better > parenting, schooling and better career prospects would they still spam or > litter the sidewalk? Are human societies free of spam and more serious > ills possible or even desirable (what is the cost of eliminating the > ills)? > > We get too carried away with spam, as threats to our way of life there are > far more serious problems... -- - Adam - http://www.adamfields.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Satellite eavesdropping of 802.11b traffic
On Fri, May 28, 2004 at 01:19:15PM -0500, Matt Crawford wrote: > Don't dismiss possibilities for wireless data eavesdropping without > considering the possibilities of this new chip > > http://pr.caltech.edu/media/Press_Releases/PR12490.html > > and its friends > > http://www.chic.caltech.edu/ If you want to fly a LEO constellation of them, you need a very sparse structure (or a huge density of pongsats, which doesn't agree with observations). -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpjSdYUSaXAn.pgp Description: PGP signature
Re: Yahoo releases internet standard draft for using DNS as public key server
On Fri, 28 May 2004, Ed Gerck wrote: > The main problem with this approach is revealed in a mind slip by Yahoo > themselves at http://antispam.yahoo.com/domainkeys : > > For consumers, such as Yahoo! Mail users or a grandmother accessing email > through a small mid-western ISP, industry support for sender authentication > technologies will mean that they can start trusting email again > > It's "industry support". We know what it means: multiple, conflicting > approaches, slow, fragmented adoption --> will not work. And indeed some will view the various sender authentication proposals as misguided solutions for the wrong problems, while others will be simply disinclined to spend money to upgrade their working "just fine" MTAs so these will by no means be universally adopted. The spammers will increase the cost of receiving a clean mail stream, but if that increase is not too high and the filter accuracy is high enough, email will continue to work just fine. The bargain basement email providers may be disinclined to pay more to provide a commodity service where the competition often offers the service at no cost. There may in the future be a larger market for premium email services, with a second market for low to zero cost mailboxes subjected to a kinder, gentler spam stream (likely from the email provider). How soon will the spammers get into the business of hosting free mailboxes for people who actually buy spamvertized products. Much easier to send the spam to their own users, let them indicate their preferences, set up forwarded notifications, ... What things brings us to is that a major part of the problem are of course the people who buy the spamvertized products. So long as there is a new sucker born every minute, there will also be someone ready to take advantage of same. Can spam be solved through end-user education? "Do not buy spammed products" campaign signs right next to the public health signs against smoking? "How to not be this minute's sucker" education in schools? :-) Is spam really that important a societal ill, if the spammers had better parenting, schooling and better career prospects would they still spam or litter the sidewalk? Are human societies free of spam and more serious ills possible or even desirable (what is the cost of eliminating the ills)? We get too carried away with spam, as threats to our way of life there are far more serious problems... -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The future of security
On Fri, May 28, 2004 at 09:46:03AM -0700, bear wrote: > Spam won't stop until spam costs the spammers money. If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers will have only very few connections (through compromises, or human mistakes), which will rapidly sealed, once actually used to do something to lower their prestige ("I signed the key of a spammer, please kill me now"). Of course, tracking prestige globally, robustly in a p2p fashion is difficult, and will require agoric load levelling elements (to prevent bad nodes from DoSing the global store) which also requires prestige tracking. -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpnR1gxzugWi.pgp Description: PGP signature
Re: Satellite eavesdropping of 802.11b traffic
Don't dismiss possibilities for wireless data eavesdropping without considering the possibilities of this new chip http://pr.caltech.edu/media/Press_Releases/PR12490.html and its friends http://www.chic.caltech.edu/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Satellite eavesdropping of 802.11b traffic
At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote: "R. A. Hettinga" <[EMAIL PROTECTED]> writes: At 12:35 PM -0400 5/27/04, John Kelsey wrote: Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? It seems to me that you'd need a pretty big dish in orbit to get that kind of resolution. The Keyholes(?) are for microwaves, right? Dunno if it would work in orbit,, but you can get surprising results right here on earth using phased arrays. Vivato is selling very long range phased array equipment as long range/high quality 802.11 basestations, but you could do precisely the same trick to eavesdrop instead of to communicate. With enough computing power, one device could listen in on every 802.11 communication in a very large radius. I don't know how practical it would be to set up some sort of large scale phased array in orbit -- I suspect the answer is "not practical at all" -- but the principle could apply there, too. I would say quite practical. A huge advantage for the attacker is that 802.11b/g is in a fixed frequency band. A half-wave dipole is 6.25 cm long. A large phased array could be assembled out of printed circuit board tiles, each with many antennas. The outdoor range for 802.11 is up to 100 m. Low earth orbit is about 150 km. That is a factor of 1500. Power attenuation is the square of that, which works out to a 64 db loss. Throw in another 10 db for slant range, building attenuation, etc. The loss has to be made up by a combination of antenna gain, improved receiver performance and better signal processing. That doesn't sound undoable. A single LEO satellite would only have a few minutes of visibility per day over any one location on Earth. That suggests an active attack, where the satellite looks for files or even changes data. The satellite's ability to transmit at much higher power levels is an advantage. A third option is spot jamming. Here high power means one can get away with a smaller antenna, perhaps wrapped around a cheaper spin stabilized satellite. Such a system could be used to briefly disable 802.11-based security systems, perhaps allowing a spy to gain access to a building. Other interesting possibilities include long endurance remotely-piloted aircraft, balloons and small receiving stations that could be planted by spies or even parachuted into position. I'm sure 802.11 has given the SIGINT community much joy. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Satellite eavesdropping of 802.11b traffic
"Trei, Peter" <[EMAIL PROTECTED]> writes: > I suspect that eavesdropping on 802.11b/g from > orbit is pretty hard. The power levels are very > low, and there may be several nets running on the same > channel within a satellites' antenna footprint. As I mentioned, phased arrays are very good at getting out from under the "too many users of the same channel" problem while eavesdropping. They allow you to focus on multiple sources simultaneously. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Satellite eavesdropping of 802.11b traffic
R. A. Hettinga > At 12:35 PM -0400 5/27/04, John Kelsey wrote: > >Does anyone know whether the low-power nature of wireless > LANs protects > >them from eavesdropping by satellite? > > It seems to me that you'd need a pretty big dish in orbit to > get that kind > of resolution. > > The Keyholes(?) are for microwaves, right? > > Cheers, > RAH I don't claim great expertise, but 802.11b/g operates in the microwave range - My home net falls over every time my kid heats up a burrito (It comes right back, though). GSM phones run at a MAX of 0.25 watts (GSM900) or 0.125 watts (GSM1800), but it is normal for the power used to be one hundredth of this maximum or less. However, the base stations are much more powerful - 50 watts. I suspect the spy-from-orbit stuff looks at this, not the phone transmitter. 802.11b/g typically runs around 0.1 watt, and there is no high-power base station. If this is the case, then the power in an 802.11b/g net is 1/500th of that for GSM phones - which seems to fit in with the difference in range. Phones operate with kilometers to the base station, while 802.11b/g is lucky to cover a whole house. A big antenna would obviously be a lot of help, but a smaller one a lot closer would be better. If you insist on listening from orbit, geosync is probably not the way to go - you'd want something like the Iridium constellation of low-orbit sats (600 miles up). Clarke orbit (geosync) is about 35800 km up. You'd get a 10,000 fold advantage by putting your spysats at only 358km. I suspect that eavesdropping on 802.11b/g from orbit is pretty hard. The power levels are very low, and there may be several nets running on the same channel within a satellites' antenna footprint. My summary: Very tough. Probably not impossible. Peter - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Yahoo releases internet standard draft for using DNS as public key server
On Thu, May 20, 2004 at 10:07:43AM -0400, R. A. Hettinga wrote: yahoo draft internet standard for using DNS as a public key server http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt The main problem with this approach is revealed in a mind slip by Yahoo themselves at http://antispam.yahoo.com/domainkeys : For consumers, such as Yahoo! Mail users or a grandmother accessing email through a small mid-western ISP, industry support for sender authentication technologies will mean that they can start trusting email again It's "industry support". We know what it means: multiple, conflicting approaches, slow, fragmented adoption --> will not work. It would be better if the solution does NOT need industry support at all, only user support. It should use what is already available. Cheers--/Ed Gerck - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The future of security
On Sat, 29 May 2004, Peter Gutmann wrote: >"Anton Stiglic" <[EMAIL PROTECTED]> writes: > >>I think cryptography techniques can provide a partial solution to spam. > >No they won't. All the ones I've seen are some variant on the "build a big >wall around the Internet and only let the good guys in", which will never work >because the Internet doesn't contain any definable inside and outside, only >800 million Manchurian candidates waiting to activate. I tend to agree with Mr. Stiglic. Cryptographic techniques can provide a few partial solutions to spam. What cryptography *can* do is limit the possible senders to a known list. This has positive, but limited, utility. If there's a single, general list that more than a few people all use, then spammers will be on it (or at the very least people whose machines spammers use will be on it) and the situation is generally unchanged. If everybody maintains their own list of people whom they will accept email from, then email becomes much less valuable because it's no longer a way to reach anyone who hasn't put you on their "good senders" list or hear from anyone whom you haven't put on your "good senders" list. Another thing cryptography can do is make it much harder (perhaps even impossible) to spoof mail headers. Imagine, for example, a protocol where your machine recieves a "can I mail you?" message from some machine out there in untrusted space, responds by sending a unique password or key to the address in the "can I mail you?" message, and then recieves email using that password or key. This ensures that every piece of spam you get must correspond to a password or key that you know where you sent. However, this is also of limited utility. It hasn't actually stopped any spam; it's just fixed it so you know whence a message comes. How can you use that knowledge? If you know where spam comes from, you can send a spambounce message that names a particular machine. It's probably not the spammer's machine. It's probably just a machine out there that was running windows or something so the spammer took it over and is sending email from it. The owner of the machine has no knowledge whatsoever that his machine is trying to email you. What will your spambounce mean? Here's where it all breaks down. In some cases, we've seen people trying to claim they'll arrange it so spambounces cost the sender money. But here we get to repudiation of charges; if a thousand spambounces cost fred a thousand dollars, and all he did was run windows and connect his machine to the internet, fred's going to fight the charges. He may win. And whatever happens at that point, it's not going to be costing the spammer any money. In other cases, we've seen ideas for fred to post a separate bond for everyone he sends email to; the idea being that his "can I mail you?" message contains the address of some bank somewhere that can be checked for the existence of the appropriate bond before the "okay you can mail me" response goes back. The idea here is that if fred does not actually want to mail you, then fred will not have put up money for the privelege of mailing you, so you will simply reject his request. The problem here is twofold; first, it means you have to put up some money (amount indeterminate) for every email address you send mail to. This doesn't fly real well in countries with a steep currency exchange rate. It stops a spammer who can't get into fred's wallet from using fred's machine to send you spam, but invites the usual suspects to develop "integrated" mail clients that will automate the bond-posting, enabling the spammer to get into fred's wallet. At that point, email fraud has escalated to financial fraud, and fred is the victim. The spammer who is able to get fred's machine to post bonds can clean out fred's wallet. There are partial solutions. Each has problems. As Mr. Gutman writes, it's a social problem and doesn't really admit purely technical solutions. What technology can do is shift the problem around a little, and *try* to shift the problem onto the spammers - but the successes are always partial and in some way unsatisfactory. Spam won't stop until spam costs the spammers money. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The future of security
At 09:27 AM 5/28/2004, Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the "build a big wall around the Internet and only let the good guys in", which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these "spammers" are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months. The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed. the caveat to that is many of the infected machines were originally infected by spam with spoofed origin ... somehow convincing users to click on something. authentication would help somewhat with that ... and, in fact, some of the spam being sent out by the infected machines, in turn uses spoofed origin. authentication might also help address the identity-theft oriented spam ... claiming to be your bank and needing personal information. it doesn't help with ... click on this to get the latest, greatest game ... where there isn't any attention at all paid to the origin ... just looking for instant gratification. the 60s/70s time-sharing systems nominally had some assurance applied to the introduction of executables into the environment. this is my comment about the desktop systems having diametrically opposing requirements ... the original design point of totally unconnected, stand alone environment where an introduced executable could take over the whole machine ... and at the same time fully wired to an increasingly hostile environment needing signficant safeguards and processes associated with assurance of introduced executables. the intermediate step was that some of these stand-alone machines acquired interconnect capability for a local, safe, isolated departmental/office network. This had hardly any restricted execution and access capability ... again not worrying about protection against a hostile and unsafe operation. the shared environment analogy is highway traffic and rules about operating an unsafe vehicle could result in both having your license revoked and the vehicle confiscated (it doesn't require the driver to be a highly trained car mechanic ... it just holds the driver responsible). connecting systems that were designed for fundamentally safe and isolated environment to wide-open anarchy hostile operation exposes all sorts of problems. somewhat analogous to not actually needing a helmet for riding a motorcycle ... or seat belts and airbags to drive a car. -- Anne & Lynn Wheelerhttp://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The future of security
"Anton Stiglic" <[EMAIL PROTECTED]> writes: >I think cryptography techniques can provide a partial solution to spam. No they won't. All the ones I've seen are some variant on the "build a big wall around the Internet and only let the good guys in", which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these "spammers" are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months. The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed. There is one technological solution which would help things a bit, which is Microsoft implementing virus throttling in the Windows TCP stack. Like a firebreak, you can never prevent fires, but you can at least limit the damage when they do occur. Unfortunately I don't see this happening too soon, both because MS aren't exactly at the forefront of implementing security features (it took them how many years to add the most basic popup-blocking?), and because of liability issues - adding virus throttling would be an admission that Windows is a petri dish. The problem we're facing is social, not technological, so no there's no technological fix. The problem is that neither users nor vendors have any natural incentive to fix things. In the long run, only legislation will help: penalise vendors for selling spam-enabling software (MS Outlook, via viruses/worms), and penalise users for running software in a spam-enabling manner (open relays). This is equivalent to standard corporate-governance legislation that sets auditing/environmental/due diligence/etc requirements. Unfortunately this is unlikely to pass in the US (where it matters most) due to software industry lobbying, it'd require an Enron-style debacle to pass over there, perhaps a virus-induced reactor meltdown or something similar. (Much of the above was lifted from "Why isn't the Internet secure yet, dammit?", http://www.cs.auckland.ac.nz/~pgut001/pubs/dammit.pdf, with the section on spam starting at page 5. Apologies for the PDF link, but there are some diagrams in there that don't translate well to text). Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Satellite eavesdropping of 802.11b traffic
Why worry about satellites when car/plane/neighbor unpiloted remote controlled airplanes work so well? You're free-radiating electronic emissions. That's all a determined adversary needs. Or an opportunistic war-driving script-kiddie, for that matter. >>> John Kelsey <[EMAIL PROTECTED]> 5/27/2004 12:35:00 PM >>> Guys, Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? Is there some simple reference that would easily let me figure out whether transmitters at a given power are in danger of eavesdropping by satellite? Thanks, --John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: The future of security
Ian Grigg writes: > Email will continue to defy the mass employment of crypto, although > if someone were to add a "create self-signed cert now" button, > things might improve. Working on it: http://antispam.yahoo.com/domainkeys > j. a cryptographic solution for spam and > viruses won't be found. Nor for DRM. Of course, I hope that you're wrong. -- --My blog is at angry-economist.russnelson.com | You know you have a Crynwr sells support for free software | PGPok | politician that can't hurt 521 Pleasant Valley Rd. | +1 315 268 1925 voice | you when you see the hearse Potsdam, NY 13676-3213 | FWD# 404529 via VOIP | go by. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Examining the Encryption Threat
"Peter Parker" <[EMAIL PROTECTED]> writes: >In one of the issue of ijde found at >http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed >various encryption applications and discussed results for few sample >applications. Does any one have the complete results. Tried mailing the >author but no response. Any one having further info. To save people downloading the PDF, it's an 11-page article that reinvents the 'file' command. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Satellite eavesdropping of 802.11b traffic
Guys, Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? Is there some simple reference that would easily let me figure out whether transmitters at a given power are in danger of eavesdropping by satellite? Thanks, --John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Examining the Encryption Threat
Hi, In one of the issue of ijde found at http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed various encryption applications and discussed results for few sample applications. Does any one have the complete results. Tried mailing the author but no response. Any one having further info. Abstract from the paper "This paper is the result of an intensive six-month investigation into encryption technologies conducted at the Computer Forensic Research & Development Center (CFRDC) at Utica College. A significant number of encryption applications were collected and cataloged. A roadmap for the identification of the unique characteristics of encrypted file formats was created. A number of avenues were explored and the results documented. The actual process is not outlined comprehensively due to proprietary needs; however, the following briefly details the process and the significance of our findings." Regards, -- peter [EMAIL PROTECTED] -- http://www.fastmail.fm - And now for something completely differentÂ… - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [ijccr] Re: DELL ships "CryptoPDA"
"R. A. Hettinga" <[EMAIL PROTECTED]> writes: >But PXA270 is a part of the Trusted Computing Platform concept and will *when >implemented* seriously challenge "secure end devices" not only feature-wise >but also from a security perspective. From a session I will hold at the >Wireless Connectivity Word in Amsterdam RAI the 8:th of June 2004 I take this >PPT picture: *when implemented* is the key phrase. This thing seems to be vapourware, after two months of poking around via various channels I have yet to find anyone at Intel who can tell me anything about this device. The only info on it is in a whitepaper, the XScale developer network, Intel security folks, Intel tech support, no-one knows anything about it. OTOH what's described in the whitepaper is pretty cool, this'll be wonderful for building small secure embedded devices, if it ever materialises. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: CAs for spies?
Steve Bellovin <[EMAIL PROTECTED]> writes: >Have you ever wondered what CA a spy agency would trust? In the case of the >Mossad, it's Thawte. Minor nitpick: That should really be phrased as "Have you ever wondered what CA a spy agency would select to make the browser warning dialogs go away?". Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]