Re: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-04 Thread Alexander Klimov
On Thu, 1 May 2008, zooko wrote: I would think that it also helps if a company publishes the source code and complete verification tools for their chips, such as Sun has done with the Ultrasparc T2 under the GPL. To be sure that implementation does not contain back-doors, one needs not only

Re: New result in predicate encryption: disjunction support

2008-05-04 Thread Ben Laurie
Scott Guthery wrote: Those interested in predicate encryption might also enjoy Group Authentication Using The Naccache-Stern Public-Key Cryptosystem http://arxiv.org/abs/cs/0307059 which takes a different approach and handles negation. A group authentication protocol authenticates

Re: User interface, security, and simplicity

2008-05-04 Thread Ben Laurie
Steven M. Bellovin wrote: On Sat, 03 May 2008 17:00:48 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Peter Gutmann) writes: I am left with the strong suspicion that SSL VPNs are easier to configure and use because a large percentage of their user population simply is not

Re: User interface, security, and simplicity

2008-05-04 Thread Ray Dillinger
On Sat, 2008-05-03 at 23:35 +, Steven M. Bellovin wrote: There's a technical/philosophical issue lurking here. We tried to solve it in IPsec; not only do I think we didn't succeed, I'm not at all clear we could or should have succeeded. IPsec operates at layer 3, where there are

Re: User interface, security, and simplicity

2008-05-04 Thread Perry E. Metzger
Jacob Appelbaum [EMAIL PROTECTED] writes: Perry E. Metzger wrote: Until then, OpenVPN let me get started in about five minutes, and the fact that it is less than completely secure doesn't matter much to me as I'm running SSH under it anyway. [...] I'm always curious to hear what designers of

RE: New result in predicate encryption: disjunction support

2008-05-04 Thread Scott Guthery
A group member asked me to elaborate on: - No knowledge of which groups can be successfully authenticated is known to the verifier What this tries to say is that the verifier doesn't need to have a list of all authenticable groups nor can the verifier draw any conclusions about other

RE: New result in predicate encryption: disjunction support

2008-05-04 Thread Jonathan Katz
On Sun, 4 May 2008, Scott Guthery wrote: One useful application of the Katz/Sahai/Waters work is a counter to traffic analysis. One can send the same message to everyone but ensure that only a defined subset can read the message by proper key management. What is less clear is how to ensure

Re: User interface, security, and simplicity

2008-05-04 Thread Thor Lancelot Simon
On Sat, May 03, 2008 at 07:50:01PM -0400, Perry E. Metzger wrote: Steven M. Bellovin [EMAIL PROTECTED] writes: There's a technical/philosophical issue lurking here. We tried to solve it in IPsec; not only do I think we didn't succeed, I'm not at all clear we could or should have

Re: User interface, security, and simplicity

2008-05-04 Thread Ian G
Perry E. Metzger wrote: It is obvious to anyone using modern IPSec implementations that their configuration files are a major source of pain. In spite of this, the designers don't seem to see any problem. The result has been that people see IPSec as unpleasant and write things like OpenVPN when

Re: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-04 Thread Marcos el Ruptor
To be sure that implementation does not contain back-doors, one needs not only some source code but also a proof that the source code one has is the source of the implementation. Nonsense. Total nonsense. A half-decent reverse engineer does not need the source code and can easily determine

Re: User interface, security, and simplicity

2008-05-04 Thread Perry E. Metzger
Thor Lancelot Simon [EMAIL PROTECTED] writes: On Sat, May 03, 2008 at 07:50:01PM -0400, Perry E. Metzger wrote: I disagree. Fundamentally, OpenVPN isn't doing anything IPSEC couldn't do, and yet is is fairly easy to configure. And yet there's no underlying technical reason why it is any

Re: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-04 Thread Perry E. Metzger
Marcos el Ruptor [EMAIL PROTECTED] writes: To be sure that implementation does not contain back-doors, one needs not only some source code but also a proof that the source code one has is the source of the implementation. Nonsense. Total nonsense. A half-decent reverse engineer does not