Re: SSL and Malicious Hardware/Software

2008-05-03 Thread Steven M. Bellovin
On Fri, 2 May 2008 08:33:19 +0100 Arcane Jill [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Phillips Sent: 28 April 2008 23:13 To: Cryptography Subject: SSL and Malicious Hardware/Software I can't think of a great

New result in predicate encryption: disjunction support

2008-05-03 Thread Ivan Krstić
This is fairly interesting: AFAIK the first generalization of predicate encryption to support disjunctions. I find the result mostly interesting mathematically, since I expect we won't be seeing predicate encryption in widespread use anytime soon due to complexity and regulatory concerns.

Re: User interface, security, and simplicity

2008-05-03 Thread Peter Gutmann
Thor Lancelot Simon [EMAIL PROTECTED] writes: The upshot is that, indeed, at least as shown here, this particular configuration frontend to OpenVPN is very easy to configure -- if you are willing to settle for much less security than OpenVPN was designed to provide, I think you mean: ]... if

Re: User interface, security, and simplicity

2008-05-03 Thread Jeff Simmons
On Saturday 03 May 2008 14:00, Perry E. Metzger wrote: Right now, to use SSH to remotely connect to a machine using public keys, all I have to do is type ssh-keygen and copy the locally generated public key to a remote machine's authorized keys file. When there is an IPSEC system that is

RE: New result in predicate encryption: disjunction support

2008-05-03 Thread Scott Guthery
Those interested in predicate encryption might also enjoy Group Authentication Using The Naccache-Stern Public-Key Cryptosystem http://arxiv.org/abs/cs/0307059 which takes a different approach and handles negation. A group authentication protocol authenticates pre-defined groups of

Re: User interface, security, and simplicity

2008-05-03 Thread Steven M. Bellovin
On Sat, 03 May 2008 17:00:48 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Peter Gutmann) writes: I am left with the strong suspicion that SSL VPNs are easier to configure and use because a large percentage of their user population simply is not very sensitive to how

Re: User interface, security, and simplicity

2008-05-03 Thread Perry E. Metzger
Steven M. Bellovin [EMAIL PROTECTED] writes: There's a technical/philosophical issue lurking here. We tried to solve it in IPsec; not only do I think we didn't succeed, I'm not at all clear we could or should have succeeded. IPsec operates at layer 3, where there are (generally) no user