[EMAIL PROTECTED] wrote:
With the caveat that I am reading mail in
reverse order (i.e., panic-mode), I do have
to say one thing and it isn't even to mount a
stirring defense of Kerberos, which does not
need defending anyhow...
The design space for practical network security
has always been:
Perry E. Metzger wrote:
SKMS is vaporware that leaves all
the hard parts of the specification out.
An open-source implementation has been available for 2 years.
A new version will be available next year that will implement
the current OASIS draft and whatever useful comments the
Public Review o
Tim Hudson <[EMAIL PROTECTED]> writes:
> I think that Arshad's point here is an argument that externalising
> key management handling from normal application logic is a valid one
> but that it is also equally applicable to existing Kerberos
> environments.
>
> I don't think a point beyond "externa
[EMAIL PROTECTED] writes:
> The design space for practical network security
> has always been:
>
>I'm OK
>You're OK
>The Internet is a problem
>
> A gathering storm of compromised machines, now
> variously estimated in the 30-70% range depending
> on with whom you are talking, means th
Perry E. Metzger wrote:
Arshad Noor <[EMAIL PROTECTED]> writes:
- after all people didn't really need DBMS's 30 years
ago because they could do all the data-management operations
inside each application quite well, thank you!
I think that comparing the advance SQL made with SKMS seems a bit
un
Arshad Noor <[EMAIL PROTECTED]> writes:
> Perry E. Metzger wrote:
>> That said, kerberos tickets can persist even in the face of
>> disconnects, so once you've connected tickets can survive as long as
>> you wish.
>
> But, can the tickets be used for anything useful when the
> network does not exi
With the caveat that I am reading mail in
reverse order (i.e., panic-mode), I do have
to say one thing and it isn't even to mount a
stirring defense of Kerberos, which does not
need defending anyhow...
The design space for practical network security
has always been:
I'm OK
You're OK
Th
Perry E. Metzger wrote:
That said, kerberos tickets can persist even in the face of
disconnects, so once you've connected tickets can survive as long as
you wish.
But, can the tickets be used for anything useful when the
network does not exist?
I agree that when the network comes back, the tic
Arshad Noor <[EMAIL PROTECTED]> writes:
> That said, Kerberos clearly has the benefit of 20+ years of research
> and use in the field. However, there are two fundamental differences
> between SKSML and Kerberos, IMHO:
>
> 1) The design goals for Kerberos were very different from SKSML. The
>
Cat Okita wrote:
... or in other words, EKMI leaves all of the hard/impossible problems
to be solved by somebody else. I'd have to agree with Ben that I'm
not seeing the value add of an additional layer of complexity.
I view EKMI as using the best tools the cryptographic community has to
offer
Perry E. Metzger wrote:
There are existing deployed solutions like Kerberos that scale far
beyond that and work just fine, and actually address all the things
this protocol seems to leave as an exercise to the reader. And yes,
they're in use in real companies at gigantic scales. (Indeed, Kerbero
On Mon, 4 Aug 2008, Stephan Neuhaus wrote:
> Or better still, make many tests and see if your p-values are
> uniformly distributed in (0,1). [Hint: decide on a p-value for that
> last equidistribution test *before* you compute that p-value.]
Of course, there are many tests for goodness of fit (Kol
On Aug 3, 2008, at 13:54, Alexander Klimov wrote:
If your p-value is smaller than the significance level (say, 1%)
you should repeat the test with different data and see if the
test persistently fails or it was just a fluke.
Or better still, make many tests and see if your p-values are
unif
On Sun, 3 Aug 2008, Arshad Noor wrote:
A more optimistic way of putting this, Ben, is to state that EKMI allows
domain-experts of underlying components to address the complex issues of
their domain in ways that they deem best, while providing value on top
of those components. I see no reason to
Arshad Noor <[EMAIL PROTECTED]> writes:
> Ben Laurie wrote:
>> As such, I'm not seeing much value.
>
> That may be because you are a cryptographer. If you were the CSO, an
> Operations Director, or an Application Developer in a company that had
> to manage encryption keys for 5,000 POS Terminals,
15 matches
Mail list logo