Re: efficiency?? vs security with symmetric crypto? (Re: Tinc's response to Linux's answer to MS-PPTP)

2003-09-27 Thread Sandy Harris
Adam Back wrote: What conceivable trade-offs could you have to make to get acceptable performance out of symmetric crypto encrypted+authenticated tunnel? All ciphers you should be using are like 50MB/sec on a 1Ghz machine!! There's fairly detailed performance data for Linux FreeS/WAN IPsec

Re: Tinc's response to Linux's answer to MS-PPTP

2003-09-27 Thread Guus Sliepen
On Fri, Sep 26, 2003 at 06:26:16PM -0700, Joseph Ashwood wrote: I would have CC'd the author of the response page, but it fails to mention an author, in spite of the Comments are welcome statement at the beginning. There is a Contact link left of it. You could've replied to me as well.

Re: Reliance on Microsoft called risk to U.S. security

2003-09-27 Thread Victor . Duchovni
On Fri, 26 Sep 2003, Bill Frantz wrote: The real problem is that the viewer software, whether it is an editor, PDF viewer, or a computer language interpreter, runs with ALL the user's privileges. If we ran these programs with a minimum of privilege, most of the problems would just go away.

Re: Reliance on Microsoft called risk to U.S. security

2003-09-27 Thread Jeroen C . van Gelderen
On Saturday, Sep 27, 2003, at 11:12 US/Eastern, [EMAIL PROTECTED] wrote: On Fri, 26 Sep 2003, Bill Frantz wrote: The real problem is that the viewer software, whether it is an editor, PDF viewer, or a computer language interpreter, runs with ALL the user's privileges. If we ran these programs

Re: Tinc's response to Linux's answer to MS-PPTP

2003-09-27 Thread M Taylor
On Fri, Sep 26, 2003 at 06:26:16PM -0700, Joseph Ashwood wrote: Truncated MAC tinc will continue to use only the first 32 bits by default. Simply put this is unacceptable from a security standpoint. The view taken is that the extra 128 bits represents a significant overhead in the

Re: Reliance on Microsoft called risk to U.S. security

2003-09-27 Thread Victor . Duchovni
On Sat, 27 Sep 2003, Jeroen C.van Gelderen wrote: I continue to believe that few users would grant an email message access to both the Internet and the Address Book when they are asked those two questions, provided that the user had not been conditioned to clicking YES in order to get any

Geer: It was a surprise.

2003-09-27 Thread R. A. Hettinga
http://business.bostonherald.com/businessNews/business.bg?articleid=363format=text Boston Herald MARKET RESEARCH Enter company symbol below: Complete Market Summary Critique of Microsoft eyed in firing: Ex-tech officer claims report cost his job By Jay Fitzgerald Saturday, September 27, 2003

@stake Uproots Geer's Career After Anti-Microsoft Report

2003-09-27 Thread R. A. Hettinga
http://www.ecommercetimes.com/perl/story/31693.html September 27, 2003 @stake Uproots Geer's Career After Anti-Microsoft Report By Robyn Weisman E-Commerce Times September 26, 2003 Nothing Geer said was particularly radical, Will Rodger, director of public policy at the CCIA, told the

Re: Reliance on Microsoft called risk to U.S. security

2003-09-27 Thread Will Rodger
The report, written by many a crypto list member, is at: http://www.ccianet.org/papers/cyberinsecurity.pdf Will Rodger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Reliance on Microsoft called risk to U.S. security

2003-09-27 Thread Jeroen C . van Gelderen
On Saturday, Sep 27, 2003, at 15:48 US/Eastern, [EMAIL PROTECTED] wrote: On Sat, 27 Sep 2003, Jeroen C.van Gelderen wrote: I continue to believe that few users would grant an email message access to both the Internet and the Address Book when they are asked those two questions, provided that