Trusting the Tools - was Re: Open Source ...

2003-10-11 Thread Bill Frantz
At 8:18 AM -0700 10/7/03, Rich Salz wrote: Are you validating the toolchain? (See Ken Thompson's Turing Aware lecture on trusting trust). With KeyKOS, we used the argument that since the assembler we were using was written and distributed before we designed KeyKOS, it was not feasible to include

Internal format of RSA private keys in microsoft keystore.

2003-10-11 Thread R.Sriram
Greetings, In the process of trying to work around some of the limitations of the m$-CAPI API, I'm trying to decipher the internal representation of private keys in the default m$ key store, in order to extract the private key out. The systems I'm working on are Win2K and XP, both on NTFS.

Re: Easy VPNs?

2003-10-11 Thread Ralf-Philipp Weinmann
Ian Grigg [EMAIL PROTECTED] writes: I'm curious - my understanding of a VPN was that it set up a network that all applications could transparently communicate over. Port forwarding appears not to be that, in practice each application has to be reconfigured to talk to the appropriate port,

Re: Easy VPNs?

2003-10-11 Thread Dave Howe
Ian Grigg wrote: I'm curious - my understanding of a VPN was that it set up a network that all applications could transparently communicate over. spot on. Port forwarding appears not to be that, in practice each application has to be reconfigured to talk to the appropriate port, or, each

Re: Monoculture

2003-10-11 Thread Ben Laurie
Thor Lancelot Simon wrote: On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: these operations. For example, there is no simple way to do the most common

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-11 Thread Ben Laurie
Peter Clay wrote: On Thu, 9 Oct 2003, Peter Gutmann wrote: I would add to this the observation that rather than writing yet another SSL library to join the eight hundred or so already out there, it might be more useful to create a user-friendly management interface to IPsec implementations

Re: NCipher Takes Hardware Security To Network Level

2003-10-11 Thread Anton Stiglic
- Original Message - From: Peter Gutmann [EMAIL PROTECTED] [...] The problem is that what we really need to be able to evaluate is how committed a vendor is to creating a truly secure product. [...] I agree 100% with what you said. Your 3 group classification seems accurate. But

Re: [e-lang] Re: Protocol implementation errors

2003-10-11 Thread Bill Frantz
At 5:36 PM -0700 10/5/03, Norman Hardy wrote: I can't recall Keykos security problems stemming from hostile message strings in a key invocation. I don't know why. Perhaps we always expected hostile messages as a cultural thing. I think there were several additional reasons for this: * Most of

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-11 Thread David Honig
At 12:08 AM 10/10/03 +0800, Ng Pheng Siong wrote: I believe SSL VPNs are easier than IPsec to deploy For the former, you give a password or two --maybe reuse a POP3 that your users already have-- and all your users get in fairly securely, and you can verify them. Easy for them because they

Software protection scheme may boost new game sales

2003-10-11 Thread Steve Schear
Companies are using a new software protection system, called Fade, to protect their intellectual property from software thieves. Fade is being introduced by Macrovision, which specializes in digital rights management, and the British games developer Codemasters. What the program does is make

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-11 Thread Florian Weimer
David Honig wrote: For the former, you give a password or two --maybe reuse a POP3 that your users already have-- and all your users get in fairly securely, and you can verify them. Easy for them because they already have a browser. Has anybody tried to revert the political decision not

VPN List Announcement

2003-10-11 Thread Ben Laurie
Since I'm sure Perry will eventually get tired of VPNs, before he does I should announce that I have, at the request of several participants in the recent discussions, set up a list for VPN theory discussion. It is currently unmoderated, though I reserve the option to change that if warranted.

Re: NCipher Takes Hardware Security To Network Level

2003-10-11 Thread Ian Grigg
Anton Stiglic wrote: - Original Message - From: Peter Gutmann [EMAIL PROTECTED] [...] The problem is that what we really need to be able to evaluate is how committed a vendor is to creating a truly secure product. [...] I agree 100% with what you said. Your 3 group

Re: Easy VPNs?

2003-10-11 Thread Ian Grigg
Dave Howe wrote: so as I say - think of vpn as two components - intercept (the virtual network functionality) and transport (a secure, authenticated, encapsulated communications standard) and how vpn over *anything* becomes more clear. Thanks. That's the key! Then, the answer might really

Re: Easy VPNs?

2003-10-11 Thread Dave Howe
Ian Grigg wrote: Dave Howe wrote: Thanks. That's the key! Then, the answer might really be that a good system would do the transport over UDP it if could, or it would fall back to a connection in the worst case. Exactly so, yes - however, the mechanics of doing so (and the protocols used)

Re: Software protection scheme may boost new game sales

2003-10-11 Thread Sunder
Yawn... This is no different than any of the copy protection schemes employed in the 1980's on then popular home computers such as the commodore 64. Hindsight is 20/20 and recalls, all of these were broken within weeks if not months. Nibbler copiers and other programs were quickly built that