Re: [e-lang] Re: Protocol implementation errors

2003-10-06 Thread Mark S. Miller
At 02:41 PM 10/5/2003 Sunday, Tyler Close wrote: On Sunday 05 October 2003 11:03, Jonathan S. Shapiro wrote: Peter: I agree that ASN.1 is statically checkable, and that this is an important property. What exactly does it mean for a format to be statically checkable? Peter's statement was:

Interlock protocol chat program source code

2003-10-06 Thread Anonymous
/* interchat.c * * Two player chat program using the Interlock Protocol * * Based on Rivest and Shamir, How to expose an eavesdropper, * Communications of the ACM, v 27 no 4 (Apr 1984), pp 393-395. * * Requires the free OpenSSL crypto library, from www.openssl.org. * * Warning: this is a

Seth Schoen posts paper on trusted computing

2003-10-06 Thread Udhay Shankar N
via boingboing: http://boingboing.net/2003_10_01_archive.html#106512302120071226 EFF's Trusted Computing white-paper My colleague Seth Schoen has finished his long-awaited, brilliant white-paper on Trusted Computing. Seth has been briefed as an outside technical analyst by all the companies

Re: Protocol implementation errors

2003-10-06 Thread Peter Gutmann
Jerrold Leichter [EMAIL PROTECTED] writes: Both of these are helped by a well-specified low-level syntax. TLV encoding lets you cross-check all sorts of stuff automatically, once, in low-level calls. Ad hoc protocols scatter the validation all over the place - and some of it will inevitably be

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Eric Rescorla
Jill Ramonsky [EMAIL PROTECTED] writes: Eric raised some points which I should address. First, he asked me You have read the RFC, right?. Well I guess I should be honest here and say no, I hadn't done that yet. Maybe that's where I went wrong, and would have asked fewer dumb questions if I

nCipher netHSM

2003-10-06 Thread R. A. Hettinga
http://www.emediawire.com/printer.php?prid=83048 New nCipher netHSM Strengthens Market Leadership in Cryptographic Hardware Security nCipher redefines ROI for cryptographic security with first FIPS-validated shareable hardware security module nCipher plc (LSE:NCH) today announced the

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Zooko O'Whielacronx
Jill Ramonsky [EMAIL PROTECTED] wrote: I confess ignorance in matters concerning licensing. The basic rules which I want, and which I believe are appropriate are: (i) Anyone can use it, royalty free. Even commercial applications. (ii) Anyone can get the source code, and should be able to

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Eric Rescorla
Florian Weimer [EMAIL PROTECTED] writes: Jill Ramonsky wrote: My question is, how much of a problem is this for the embedded market? Have you looked at GNU Pth? It's a non-preemptive threading package which should be reasonably portable. I don't know the TLS/ASN.1 formats by heart, but

Re: anonymous DH MITM

2003-10-06 Thread Taral
On Mon, Oct 06, 2003 at 11:43:21AM -0400, Anton Stiglic wrote: You started by talking about anonymous communication, but ended up suggesting a scheme for pseudonymous communication. Anonymous != pseudonymous. Let us be clear on that! It is an important difference. Yes it is. An anonymous

NCipher Takes Hardware Security To Network Level

2003-10-06 Thread R. A. Hettinga
http://www.crn.com/Components/printArticle.asp?ArticleID=44909 CRN -- Print This Article NCipher Takes Hardware Security To Network Level By Charlene O'Hanlon CRN 9:35 AM EST Mon., Oct. 06, 2003 NCipher Monday unveiled a network-level version of its nShield Hardware Security Module, a

Re: [e-lang] Protocol implementation errors

2003-10-06 Thread Jeroen C . van Gelderen
On Thursday, Oct 2, 2003, at 17:50 US/Eastern, Bill Frantz wrote: From: -- Security Alert Consensus -- Number 039 (03.39) Thursday, October 2, 2003 Network Computing and the SANS Institute Powered by Neohapsis

Re: nCipher netHSM

2003-10-06 Thread Ronald Perez
This looks like new packaging of an old/previously-announced product. The NIST FIPS 140 site ( http://csrc.nist.gov/cryptval/140-1/1401val2003.htm) does not list this device as having undergone any FIPS validation. And from the pictures and specs, it looks like what they did was to put one of

Re: NCipher Takes Hardware Security To Network Level

2003-10-06 Thread R. A. Hettinga
--- begin forwarded text Status: U Date: Mon, 06 Oct 2003 12:40:41 -0400 From: Somebody To: R. A. Hettinga [EMAIL PROTECTED] Subject: Re: NCipher Takes Hardware Security To Network Level Don't identify me, since I'm not sure what parts of my NDA are still in force now that they've announced

Re: nCipher netHSM

2003-10-06 Thread R. A. Hettinga
--- begin forwarded text Status: U To: R. A. Hettinga [EMAIL PROTECTED] Subject: Re: nCipher netHSM From: Ronald Perez [EMAIL PROTECTED] Date: Mon, 6 Oct 2003 13:32:48 -0400 This looks like new packaging of an old/previously-announced product. The NIST FIPS 140 site

Re: how to defeat MITM using plain DH, Re: anonymous DH MITM

2003-10-06 Thread Ed Gerck
Jerrold Leichter wrote: [Using multiple channels on the assumption that the MITM can't always get all of them.] This is starting to sound like some very old work ...[example deleted] 1948 sounds right? The mathematical basis for this approach is Shannon's Tenth Theorem of 1948. We are

Other OpenSSL-based crypto modules FIPS 140 validated?

2003-10-06 Thread Ronald Perez
While at the NIST FIPS 140 site earlier today (looking for that mysterious nCipher certificate), I noticed that certificate #350 was issued last Friday -- for IBM Crypto for C (ICC). I think that the interesting thing about this crypto [SW] module and cert is that it's based on OpenSSL. I know

Re: anonymous DH MITM

2003-10-06 Thread Ian Grigg
Taral wrote: On Mon, Oct 06, 2003 at 11:43:21AM -0400, Anton Stiglic wrote: You started by talking about anonymous communication, but ended up suggesting a scheme for pseudonymous communication. Anonymous != pseudonymous. Let us be clear on that! It is an important difference.

Re: Other OpenSSL-based crypto modules FIPS 140 validated?

2003-10-06 Thread Nathan P. Bardsley
Anecdotally, I've heard that there are many, but almost all of them were done by vendors for embedding in their proprietary products. At 12:38 PM 10/6/2003, Ronald Perez wrote: While at the NIST FIPS 140 site earlier today (looking for that mysterious nCipher certificate), I noticed that

Re: anonymous DH MITM

2003-10-06 Thread David Honig
At 03:38 PM 10/6/03 -0400, Ian Grigg wrote: I'm asking myself whether anonymous DH is confusingly named. Perhaps it should be called psuedonymous DH because it creates psuedonyms for the life of the session? Or, we need a name that describes the creation of psuedonyms, de novo, from an anonymous

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Ian Grigg
Jill Ramonsky wrote: First, the primary design goal is simple to use. This is the highest goal of all. If it is not simple to use, it misses out on a lot of opportunities. And missing out results in less crypto being deployed. If you have to choose between simple-but-incomplete, versus

Re: anonymity +- credentials

2003-10-06 Thread Ian Grigg
Anton Stiglic wrote: We need a practical system for anonymous/pseudonymous credentials. Can somebody tell us, what's the state of the art? What's currently deployed? What's on the drawing boards? The state of the art, AFAIK, is Chaum's credential system. The state of the art is

Re: NCipher Takes Hardware Security To Network Level

2003-10-06 Thread Joshua Hill
In fact, if you're clever, you can manage to not trouble yourself to get the key-management, etc. certified, getting only the simple, symmetric-cipher stuff run through the process. You can, but that doesn't mean that it's ok. Key management is explicitly covered under FIPS 140-2. If you

Gmane -- Re: Why is Freenet so sick at the moment?

2003-10-06 Thread R. A. Hettinga
http://article.gmane.org/gmane.network.freenet.devel/6092 Re: Why is Freenet so sick at the moment? Subject : Re: Why is Freenet so sick at the moment? From : Tracy R Reed [EMAIL PROTECTED] Date : Mon, 6 Oct 2003 00:29:41 -0700 Newsgroups :gmane.network.freenet.devel Reply-to : Discussion