Re: Protection mail at rest

2008-06-02 Thread Angelos D. Keromytis
A more recent version, which appeared at ACSAC in December 2007 can be found at: http://www1.cs.columbia.edu/~angelos/Papers/2007/SSARES_ACSAC.pdf Since then, the student primarily working on this(*) has improved performance to the point of being able to search a couple of email messages

Re: Unpatented PAKE!

2008-06-02 Thread Ben Laurie
Scott G. Kelly wrote: Here's another approach to password authenticated key exchange with similar security claims. The underlying mechanism is under consideration for inclusion in by the 802.11s group in IEEE: http://www.ietf.org/internet-drafts/draft-harkins-emu-eap-pwd-01.txt Hmmm. I don't

Video of physical attack on smart card

2008-06-02 Thread [EMAIL PROTECTED]
In a video, Christopher Tarnovsky, shows a physical attack on a smart card: http://blog.wired.com/27bstroke6/2008/05/hacker-at-cente.html I couldn't tell from the video how long it takes but it doesn't appear to take more than an hour or so. -Michael Heyman

Re: Protection mail at rest

2008-06-02 Thread Paul Hoffman
At 11:36 AM -0400 6/1/08, Ivan KrstiƧ wrote: The easiest thing for people who _do_ care is still running their own mail server. Fully agree. You're in control, all the way to root of the box. The emergence of reasonably priced VM hosting providers (e.g. slicehost.com) makes it fairly

Re: Unpatented PAKE!

2008-06-02 Thread Ben Laurie
Scott G. Kelly wrote: Ben Laurie wrote: Scott G. Kelly wrote: Here's another approach to password authenticated key exchange with similar security claims. The underlying mechanism is under consideration for inclusion in by the 802.11s group in IEEE:

Re: Protection mail at rest

2008-06-02 Thread Leichter, Jerry
| There's an option 2b that might be even more practical: an S/MIME or | PGP/MIME forwarder. That is, have a trusted party receive your mail, | but rather than forwarding it intact encrypt it and then forward it to | your favorite IMAP provider. Excellent idea! I like it. Of course, it's

Can we copy trust?

2008-06-02 Thread Ed Gerck
In the essay Better Than Free, Kevin Kelly debates which concepts hold value online, and how to monetize those values. See www.kk.org/thetechnium/archives/2008/01/better_than_fre.php Kelly's point can be very useful: *When copies are free, you need to sell things which can not be copied.*

Re: Unpatented PAKE!

2008-06-02 Thread Scott G. Kelly
Ben Laurie wrote: Scott G. Kelly wrote: Here's another approach to password authenticated key exchange with similar security claims. The underlying mechanism is under consideration for inclusion in by the 802.11s group in IEEE:

Re: Video of physical attack on smart card

2008-06-02 Thread Nate Lawson
[EMAIL PROTECTED] wrote: In a video, Christopher Tarnovsky, shows a physical attack on a smart card: http://blog.wired.com/27bstroke6/2008/05/hacker-at-cente.html I couldn't tell from the video how long it takes but it doesn't appear to take more than an hour or so. I had written up some

Re: Can we copy trust?

2008-06-02 Thread Ben Laurie
Ed Gerck wrote: In the essay Better Than Free, Kevin Kelly debates which concepts hold value online, and how to monetize those values. See www.kk.org/thetechnium/archives/2008/01/better_than_fre.php Kelly's point can be very useful: *When copies are free, you need to sell things which can

Re: RIM to give in to GAK in India

2008-06-02 Thread Allen
Victor Duchovni wrote: On Tue, May 27, 2008 at 08:08:11PM +0100, Dave Korn wrote: Well spotted. Yes, I guess that's what Jim Youll was asking. And I should have said seemingly-contradictory. This is, of course, what I meant by marketeering: when someone asks if your service is insecure

Re: Can we copy trust?

2008-06-02 Thread Ed Gerck
Ben Laurie wrote: But doesn't that prove the point? The trust that you consequently place in the web server because of the certificate _cannot_ be copied to another webserver. That other webserver has to go out and buy its own copy, with its own domain name it it. A copy is something

Fwd: Protection mail at rest

2008-06-02 Thread Adam Aviv
I recently implemented SSARES directly in python and also added parallelism to the searching. We can now search the a large inbox (1000+) messages in about 2-4 minutes. Technically, this could be done on a large scale and be practical, since my implementation is not fully optimized nor free of

Re: Can we copy trust?

2008-06-02 Thread Bill Frantz
[EMAIL PROTECTED] (Ed Gerck) on Monday, June 2, 2008 wrote: To trust something, you need to receive information from sources OTHER than the source you want to trust, and from as many other sources as necessary according to the extent of the trust you want. With more trust extent, you are more

Re: Can we copy trust?

2008-06-02 Thread Ed Gerck
Bill Frantz wrote: [EMAIL PROTECTED] (Ed Gerck) on Monday, June 2, 2008 wrote: To trust something, you need to receive information from sources OTHER than the source you want to trust, and from as many other sources as necessary according to the extent of the trust you want. With more trust