At 11:49 AM -0800 12/28/03, Jim Gillogly wrote:
wouldn't it be preferable to prove that you've contributed
the same amount of power to a useful compute-bound project, such as
NFSNET.org or GIMPS or [EMAIL PROTECTED] or [EMAIL PROTECTED]
Simple economics. If you're going to go so far as using some
Amir Herzberg wrote:
Ian proposes below two draft-definitions for non-repudiation - legal and
technical. Lynn also sent us a bunch of definitions. Let's focus on the
technical/crypto one for now - after all this is a crypto forum (I agree
the legal one is also somewhat relevant to this forum).
Carl Ellison wrote:
If you want to use cryptography for e-commerce, then IMHO you need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/he accepts liability for any digitally signed
Carl Ellison wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
Sent: Tuesday, December 23, 2003 1:44 AM
To: [EMAIL PROTECTED]
Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
Ah. That's why they're trying to rename the
Amir Herzberg wrote:
At 04:20 25/12/2003, Carl Ellison wrote:
...
If you want to use cryptography for e-commerce, then IMHO you
need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that
Ian's message gave a summary that's in my accord with how courts work. Since
lawyers learn by example - and the law grow by and example - here's a case
that I think closely parallels the legal issues in repudiation of digital
signature cases. The case, which if I remember right (from hearing
On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote:
Note that there is no theoretical reason that it should be possible
to figure out the public key given the private key, either, but it so
happens that it is generally possible to do so
So what's this generally possible business about?
Well, AFAIK
I asked the guy making the presentation about the similarity to Kerberos
message flows and he said something to the effect of ah yes, kerberos.
Not sure what the guy meant by that. But yes, SAML flows are just
like Kerberos flows. And Liberty and WS-Federation look a lot like DCE
cross-cell
| Note that there is no theoretical reason that it should be
| possible to figure out the public key given the private key,
| either, but it so happens that it is generally possible to
| do so
|
| So what's this generally possible business about?
|
| Well, AFAIK its always possible, but I
On Mon, 2003-12-29 at 10:16, Rich Salz wrote:
Not sure what the guy meant by that. But yes, SAML flows are just
like Kerberos flows. And Liberty and WS-Federation look a lot like DCE
cross-cell (er, Kerberos inter-realm) flows. After all, there's only not
many ways to do secure online
On 29 Dec 2003, at 19:29, Paul A.S. Ward wrote:
This first case is actually quite amusing. I was recently the subject
of identity theft.
Specifically, the thieves had my SSN (SIN, actually, since it is in
Canada), and my
driver's licence number. They produced a fake driver's licence, and
Jerrold Leichter [EMAIL PROTECTED] writes:
| Note that there is no theoretical reason that it should be
| possible to figure out the public key given the private key,
| either, but it so happens that it is generally possible to
| do so
|
| So what's this generally possible business
At 09:37 PM 12/26/2003 -0500, Adam Back wrote:
The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
flaw in in the first memory-bound function paper (by Adabi, Burrows,
Manasse, and Wobber) which admits a time-space trade-off, proposes an
improved memory-bound function and also in
On Tue, 23 Dec 2003, Seth David Schoen wrote:
When attestation is used, it likely will be passed in a service like
HTTP, but in a documented way (for example, using a protocol based on
XML-RPC). There isn't really any security benefit obtained by hiding
the content of the attestation _from the
| On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote:
| Note that there is no theoretical reason that it should be possible
| to figure out the public key given the private key, either, but it so
| happens that it is generally possible to do so
| So what's this generally possible business about?
|
Jerrold Leichter wrote:
| *Any* secure computing kernel that can do
| the kinds of things we want out of secure computing kernels, can also
| do the kinds of things we *don't* want out of secure computing kernels.
David Wagner wrote:
| It's not hard to build a secure kernel that doesn't provide
Rick Wash wrote:
There are many legitimate uses of remote attestation that I would like to
see. For example, as a sysadmin, I'd love to be able to verify that my
servers are running the appropriate software before I trust them to access
my files for me. Remote attestation is a good technical
Ed Reed wrote:
There are many business uses for such things, like checking to see
if locked down kiosk computers have been modified (either hardware
or software),
I'm a bit puzzled why you'd settle for detecting changes when you
can prevent them. Any change you can detect, you can also prevent
18 matches
Mail list logo
