Re: CAs for spies?

2004-05-28 Thread Peter Gutmann
Steve Bellovin [EMAIL PROTECTED] writes: Have you ever wondered what CA a spy agency would trust? In the case of the Mossad, it's Thawte. Minor nitpick: That should really be phrased as Have you ever wondered what CA a spy agency would select to make the browser warning dialogs go away?.

Re: Examining the Encryption Threat

2004-05-28 Thread Peter Gutmann
Peter Parker [EMAIL PROTECTED] writes: In one of the issue of ijde found at http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed various encryption applications and discussed results for few sample applications. Does any one have the complete results. Tried mailing the

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Ed Reed
Why worry about satellites when car/plane/neighbor unpiloted remote controlled airplanes work so well? You're free-radiating electronic emissions. That's all a determined adversary needs. Or an opportunistic war-driving script-kiddie, for that matter. John Kelsey [EMAIL PROTECTED] 5/27/2004

Re: The future of security

2004-05-28 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: I think cryptography techniques can provide a partial solution to spam. No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't

Re: The future of security

2004-05-28 Thread Anne Lynn Wheeler
At 09:27 AM 5/28/2004, Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Ed Gerck
On Thu, May 20, 2004 at 10:07:43AM -0400, R. A. Hettinga wrote: yahoo draft internet standard for using DNS as a public key server http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt The main problem with this approach is revealed in a mind slip by Yahoo themselves at

RE: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Trei, Peter
R. A. Hettinga At 12:35 PM -0400 5/27/04, John Kelsey wrote: Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? It seems to me that you'd need a pretty big dish in orbit to get that kind of resolution. The Keyholes(?) are

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Perry E. Metzger
Trei, Peter [EMAIL PROTECTED] writes: I suspect that eavesdropping on 802.11b/g from orbit is pretty hard. The power levels are very low, and there may be several nets running on the same channel within a satellites' antenna footprint. As I mentioned, phased arrays are very good at

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Arnold G. Reinhold
At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote: R. A. Hettinga [EMAIL PROTECTED] writes: At 12:35 PM -0400 5/27/04, John Kelsey wrote: Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? It seems to me that you'd need a pretty big dish

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Matt Crawford
Don't dismiss possibilities for wireless data eavesdropping without considering the possibilities of this new chip http://pr.caltech.edu/media/Press_Releases/PR12490.html and its friends http://www.chic.caltech.edu/ - The

Re: The future of security

2004-05-28 Thread Eugen Leitl
On Fri, May 28, 2004 at 09:46:03AM -0700, bear wrote: Spam won't stop until spam costs the spammers money. If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Victor . Duchovni
On Fri, 28 May 2004, Ed Gerck wrote: The main problem with this approach is revealed in a mind slip by Yahoo themselves at http://antispam.yahoo.com/domainkeys : For consumers, such as Yahoo! Mail users or a grandmother accessing email through a small mid-western ISP, industry support

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Eugen Leitl
On Fri, May 28, 2004 at 01:19:15PM -0500, Matt Crawford wrote: Don't dismiss possibilities for wireless data eavesdropping without considering the possibilities of this new chip http://pr.caltech.edu/media/Press_Releases/PR12490.html and its friends http://www.chic.caltech.edu/ If you

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Adam Fields
On Fri, May 28, 2004 at 03:20:52PM -0400, [EMAIL PROTECTED] wrote: [...] How soon will the spammers get into the business of hosting free mailboxes for people who actually buy spamvertized products. Much easier to send the spam to their own users, let them indicate their preferences, set up

Re: The future of security

2004-05-28 Thread bear
On Fri, 28 May 2004, Anne Lynn Wheeler wrote: connecting systems that were designed for fundamentally safe and isolated environment to wide-open anarchy hostile operation exposes all sorts of problems. somewhat analogous to not actually needing a helmet for riding a motorcycle ... or seat

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread martin f krafft
also sprach Ed Gerck [EMAIL PROTECTED] [2004.05.28.1853 +0200]: It's industry support. We know what it means: multiple, conflicting approaches, slow, fragmented adoption -- will not work. It would be better if the solution does NOT need industry support at all, only user support. It should use