ADMIN: the list...

2004-03-31 Thread Perry E. Metzger
No, I'm not dead, I've just been extremely delinquent in moderating the list. I should be sending out the queued messages that are still relevant over the next few days, and then we'll be back to normal. Perry - The

Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

2004-03-31 Thread Nicholas Bohm
At 11:42 07/01/2004 -0800, Ed Gerck wrote: Jerrold Leichter wrote: Now that we've trashed non-repudiation ... Huh? Processes that can be conclusive are useful and do exist, I read here, in the legal domain. It may not be so clear how such processes can exist in the technical domain and that's

PGP Corporation Releases PGP Universal 1.1 with Expanded Capabilities for Enterprise Secure Messaging

2004-03-31 Thread R. A. Hettinga
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_viewnewsId=20040126005200newsLang=en All Headlines January 26, 2004 08:30 AM US Eastern Timezone PGP Corporation Releases PGP Universal 1.1 with Expanded Capabilities for Enterprise Secure Messaging PALO ALTO,

FYI: 3 qubits encrypted

2004-03-31 Thread Michael_Heyman
Apparently, it is as hard (or harder) to produce random qubits as random bits. There are some sentences in this article that don't make sense so I am guessing the author doesn't really understand the subject. From: http://www.trnmag.com/Stories/2004/011404/Quantum_dice_debut_011404.htm l

Diffie Optimistic About Secure Computing Future

2004-03-31 Thread R. A. Hettinga
http://www.internetwk.com/shared/printableArticle.jhtml?articleID=17501559 Diffie Optimistic About Secure Computing Future By Paul Kapustka, NetworkingPipeline, InternetWeek Jan 27, 2004 (1:00 AM) URL: http://www.internetweek.com/story/showArticle.jhtml?articleID=17501559 Even as the MyDoom

Canon's Image Data Verification Kit DVK-E2 ?

2004-03-31 Thread Hadmut Danisch
Hi, Canon provides a so called Data Verification Kit which allegedly allows to detect whether a digital image has been tampered with since it has been taken with a digital camera. I found the announcement at http://www.dpreview.com/news/0401/04012903canondvke2.asp They say: How it works

[CSL Colloq] The Architecture of Colossus, the first PC * 4:15PM, Wed February 04, 2003 in Gates B03 (fwd)

2004-03-31 Thread Sean McGrath
[Note: Webcasts available live and from archives] -- Forwarded message -- Date: Fri, 30 Jan 2004 00:23:31 -0800 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [CSL Colloq] The Architecture of Colossus, the first PC * 4:15PM, Wed February

DIMACS Workshop on Electronic Voting -- Theory and Practice

2004-03-31 Thread Linda Casals
* DIMACS Workshop on Electronic Voting -- Theory and Practice May 26 - 27, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Markus Jakobsson, RSA Laboratories, [EMAIL PROTECTED] Ari Juels,

[IP] China Mandates Closed Security Standard

2004-03-31 Thread Gregory Hicks
Of interest to security folks... From Dave Farber's IP list.. - Begin Forwarded Message - Date: Tue, 03 Feb 2004 18:33:18 -0500 From: Dave Farber [EMAIL PROTECTED] China Mandates Closed Security Standard The Wi-Fi Alliance and IEEE were apparently taken by surprise

Did American slaves use steganography?

2004-03-31 Thread Chuck Hardin
Two historians say African American slaves may have used a quilt code to navigate the Underground Railroad. Quilts with patterns named 'wagon wheel,' 'tumbling blocks,' and 'bear's paw' appear to have contained secret messages that helped direct slaves to freedom, the pair claim.

Ancient clay stamp seals and sealings of Sri Lanka

2004-03-31 Thread R. A. Hettinga
http://www.sundayobserver.lk/2004/02/08/fea20.html Sunday, 8 February 2004 Online edition of Sunday Observer - Business Ancient clay stamp seals and sealings of Sri Lanka by Rajah M. Wickremesinghe The world's oldest clay stamp seal had been unearthed in 1990 in the ancient Mesopotamian

[Publicity-list]: DIMACS Workshop on Usable Privacy and Security Software

2004-03-31 Thread Linda Casals
* DIMACS Workshop on Usable Privacy and Security Software July 7 - 8, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Lorrie Cranor, Chair, Carnegie Mellon University, [EMAIL PROTECTED] Mark

RE: Verisign CRL single point of failure

2004-03-31 Thread dave kleiman
I don't think you understood my question. Why is crl.verisign.com getting overloaded *now.* What does the expiration of one of their CA certificates have to do with it? Once you see that a cert has expired, there's no need whatsoever to go look at the CRL. The point of a CRL is to revoke

Re: Verisign CRL single point of failure

2004-03-31 Thread Rich Salz
dave kleiman wrote: Because the client has a Certificate Revocation Checking function turned on in a particular app (i.e. IE or NAV). I don't think you understood my question. Why is crl.verisign.com getting overloaded *now.* What does the expiration of one of their CA certificates have to do

A possible explanation for the world's most enigmatic book

2004-03-31 Thread R. A. Hettinga
http://www.economist.com/science/PrinterFriendly.cfm?Story_ID=2329803 The Economist The Voynich manuscript Another twist in the tale Jan 8th 2004 From The Economist print edition A possible explanation for the world's most enigmatic book Worth 600 ducats of anybody's money! THE Voynich

Re: fun with CRLs!

2004-03-31 Thread Peter Gutmann
/. is reporting this, anyone know the real story? The CryptoAPI list has been lit up end to end with mail about this. The summary from one poster (Tim Anderson [EMAIL PROTECTED]) is: IE5.x's digital signature expired yesterday. Every computer that uses WinVerifyTrust now has to have the

Re: Verisign CRL single point of failure

2004-03-31 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Can someone explain to me why the expiring of a certificate causes new massive CRL queries? Here's the reply straight from Verisign: -- Snip -- We wanted to pass on a notification that we have determined what we feel is the root cause of the CRL outage

Re: Verisign CRL single point of failure

2004-03-31 Thread Rich Salz
I'm not sure what the no longer dynamically changing means, I assume they've made it even worse by giving it a much larger expiry period, so your online check gives you the status from last year instead of last week. It means that they learned the lesson when the erroneously issued

Crypto Law Survey updated - version 22.0

2004-03-31 Thread R. A. Hettinga
--- begin forwarded text Approved-By: Bert-Jaap Koops [EMAIL PROTECTED] Date: Wed, 14 Jan 2004 13:06:08 +0100 Reply-To: Bert-Jaap Koops [EMAIL PROTECTED] Sender: Mailinglist about existing and proposed laws and regulations on cryptography [EMAIL PROTECTED] From: Bert-Jaap Koops [EMAIL

[Publicity-list]: DIMACS Workshop on Mobile and Wireless Security

2004-03-31 Thread Linda Casals
* DIMACS Workshop on Mobile and Wireless Security June 15 - 17 , 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the

Re: Verisign CRL single point of failure

2004-03-31 Thread t . c . jones
Verisign incorrectly built the new certificate causing every SSL access on IE 5.x to request a new CRL (700k) on every single SSL access. This has been fixed, a new udated cert is available and the CRL storm is abating. See the versign site for more details on what they did to fix the