Re: cryptographic ergodic sequence generators?

2003-09-07 Thread David Wagner
Perry E. Metzger wrote: I've noted to others on this before that for an application like the IP fragmentation id, it might be even better if no repeats occurred in any block of 2^31 (n being 32) but the sequence did not repeat itself (or at least could be harmlessly reseeded at very very long

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Anne Lynn Wheeler
At 03:01 AM 9/7/2003 -0400, Ian Grigg wrote: Reputedly, chargeback rates and fees in the fringe industries - adult for example - can reach 50%. But, instead of denying those uses of the card - hygiene - issuers have encouraged it (...until recently. There is now a movement, over the last year,

Code breakers crack GSM cellphone encryption

2003-09-07 Thread R. A. Hettinga
http://www.israel21c.org/bin/en.jsp?enPage=BlankPageenDisplay=viewenDispWhat=objectenDispWho=Articles%5El496enZone=TechnologyenVersion=0; Israel21c Code breakers crack GSM cellphone encryption By ISRAEL21c staffšššSeptember 07, 2003 The faults discovered in the 850 million cellphones could

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Ben Laurie
Eric Rescorla wrote: Incidentally, when designing SHTTP we envisioned that credit transactions would be done with signatures. I would say that the Netscape guys were right in believing that confidentiality for the CC number was good enough. I don't think so. One of the things I'm running into

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Ian Grigg
Eric Rescorla wrote: Ian Grigg [EMAIL PROTECTED] writes: Eric Rescorla wrote: ... The other thing to be aware of is that ecommerce itself is being stinted badly by the server and browser limits. There's little doubt that because servers and browsers made poorly contrived

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Ian Grigg
Ed, I've left your entire email here, because it needs to be re-read several times. Understanding it is key to developing protocols for security. Ed Gerck wrote: Arguments such as we don't want to reduce the fraud level because it would cost more to reduce the fraud than the fraud costs are

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Eric Rescorla
Ian Grigg [EMAIL PROTECTED] writes: Eric Rescorla wrote: Ian Grigg [EMAIL PROTECTED] writes: Eric Rescorla wrote: ... The other thing to be aware of is that ecommerce itself is being stinted badly by the server and browser limits. There's little doubt that because

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Eric Rescorla
James A. Donald [EMAIL PROTECTED] writes: -- On 7 Sep 2003 at 9:48, Eric Rescorla wrote: It seems to me that your issue is with the authentication model enforced by browsers in the HTTPS context, not with SSL proper. To the extent that trust information is centrally handled, as

Re: Code breakers crack GSM cellphone encryption

2003-09-07 Thread John Doe Number Two
It's nice to see someone 'discovering' what Lucky Green already figured-out years ago. I wonder if they'll cut him a check. -JD, II Also sprach R. A. Hettinga aka [EMAIL PROTECTED] on 07.9.03 14:32 : http://www.israel21c.org/bin/en.jsp?enPage=BlankPageenDisplay=viewenDispWha

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Anne Lynn Wheeler
At 09:44 AM 9/7/2003 -0700, Eric Rescorla wrote: Incidentally, when designing SHTTP we envisioned that credit transactions would be done with signatures. I would say that the Netscape guys were right in believing that confidentiality for the CC number was good enough. actually was supposedly no

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Anne Lynn Wheeler
At 12:30 PM 9/7/2003 -0700, James A. Donald wrote: To the extent that trust information is centrally handled, as it is handled by browsers, it will tend to be applied in ways that benefit the state and the central authority. Observe for example that today all individual certificates must be

Re: Code breakers crack GSM cellphone encryption

2003-09-07 Thread David Honig
At 03:32 PM 9/7/03 -0400, R. A. Hettinga wrote: If the cellphone companies in 197 countries want to correct the code errors that expose them to trickery and abuse, they will have to call in each customer to make a change in the cellphone's programming, or replace all of the cellular phones used by

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Bill Stewart
Ian Grigg wrote: Pretty much. Trust in the certificate world means that a CA has authorised a web server to conduct crypto stuff. and James Donald and Lynn Wheeler also brought up the issues of who's certifying what, True Names, etc. SSL certs are really addressing (I won't say solving, exactly)

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Ian Grigg
Eric Rescorla wrote: Elasticity is about how much consumption changes when price changes, not about what people who were already going to buy choose to buy. Sorry, Eric, I'm not quite with you on this... You said: Maybe, maybe not. You've never heard of price inelasticity? You haven't

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread James A. Donald
-- At 12:30 PM 9/7/2003 -0700, James A. Donald wrote: To the extent that trust information is centrally handled, as it is handled by browsers, it will tend to be applied in ways that benefit the state and the central authority On 7 Sep 2003 at 17:19, Anne Lynn Wheeler wrote: Out of