Ben Laurie wrote:
Ed Gerck wrote:
Also, in general, we find that one reference is not enough to induce trust.
Self-references
cannot induce trust, either (Trust me!). Thus, it is misleading to let the
introducer
determine the message target, in what you call the y-property. Spoofing
is not associative can make you rely on an
otherwise unacceptable introduction. OTOH, a system that makes you rely on
a single introduction is essentially setting you up for a single point of failure.
Cheers,
Ed Gerck
-
The Cryptography
Mark S. Miller wrote:
At 08:48 AM 7/16/2003 Wednesday, Ed Gerck wrote:
IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
problem.
In order for the Carol that Alice introduces Bob to to be inauthentic, there
must be some prior notion of *who* Alice
the website's
logs.
The lesson seems to be that, like with other security tools,
anonymizing tools also need to be correctly used. Providing an
action pattern can break an anonymizer -- to identify is to look
for coherence.
Cheers,
Ed Gerck
bear wrote:
That is a model that does not permit realtime
bear wrote:
On Wed, 27 Aug 2003, Ed Gerck wrote:
OTOH, it is possible that the dutch man was traced not by a one
time download of the image but by many attempts to find it,
since the upload time of the image to the site was not exactly
known to him and time was of essence. In this case
I see with the protocols
such as 3D Secure (for example) is that it does not allow trust to be
represented -- even though it allows authorization to be represented (**).
Cheers,
Ed Gerck
(*) BTW, I often see comments that it is difficult to use the concept of trust.
Indeed, and unless the concept
that compromises in
key transmission are detected before the key is used.
That said, Q cryptography is something else and should not be confused
with Q key distribution.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe
of such business impose the need for a large
ROI in a short time. This is probably not a long-term business activity.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
protocol that is immune to MITM in any given, feasible scenario
(ie, given a threat model).
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
with
the ciphertext (even if part of the plaintext) will create additional
dependencies and reduce the search space of possible results. In
short, one should avoid sending any additional information about
the encryption key.
Cheers,
Ed Gerck
with a primitive
SMTP engine built into them -- which, again, taints dynamic IPs (since
many home machines are inflected).
Cheers,
Ed Gerck
Dan Geer wrote:
I'm actually experimenting with sending mail directly,
per this little hack[1], which does have separate paths
for incoming and outgoing
with which to describe security processes.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Jerrold Leichter wrote:
Now that we've trashed non-repudiation ...
Huh? Processes that can be conclusive are useful and do exist, I read here,
in the legal domain. It may not be so clear how such processes can exist in
the technical domain and that's why I'm posting ;-)
just how is it
for 200 years.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
election. You can do it in a private election for a club,
for example, but even then only if the bylaws allow it.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Yeoh Yiu wrote:
Ed Gerck [EMAIL PROTECTED] writes:
The 'second law' also takes precedence: ballots are always secret, only
vote totals are known and are known only after the election ends.
You get totals per nation, per state, per county, per riding,
per precinct, per polling stion
. The
solution should be able to start from a single end user, should
require no change to records/software that end users do not
control, and should require no cooperation from email providers
and ISPs.
Comments?
Cheers--/Ed Gerck
: multiple, conflicting
approaches, slow, fragmented adoption -- will not work. It would be better
if the solution does NOT need industry support at all, only user support. It
should use what is already available.
Cheers--/Ed Gerck
trivial for current cryptosystems.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
overlapping with
each other.
Comments?
Cheers,
Ed Gerck
[1] The effort should also aim to safely automate the process of reliance
by a relying-party. This requires path processing and any algorithm to
eliminate any violations of those policies (i.e., vulnerabilities) that
might be hard to recognize
and authentication begins in
our circle. Just check, for example, The Handbook of Cryptography by
Menezes et. al.:
10.2 Remark (identification terminology) The terms identification
and entity authentication are used synonymously throughout this book.
Cheers,
Ed Gerck
Email end-to-end: PGP, PGP/MIME, S/MIME. Not tunnel SSL or SSL
at the end points.
Lars Eilebrecht wrote:
According to Ed Gerck:
But encryption and authentication are a hassle today, with less
than 2% of all email encrypted (sorry, can't cite the source I know).
Are these 2% 'only' S/MIME and PGP
the security gap between RSAENH and Windows XP.
The most troubling aspect, however, is that RSAENH makes it easy to provide
a covert channel for key access. FIPS 140-1 Level 1 compliant.
Cheers,
Ed Gerck
Anton Stiglic wrote:
There is some detail in the FIPS 140 security policy of Microsoft's
cryptographic
David Honig wrote:
At 12:12 AM 8/27/04 -0700, Ed Gerck wrote:
David Honig wrote:
Applications can't be any more secure than their
operating system. -Bram Cohen
That sounds cute but I believe it is incorrect. Example: error-
correcting codes. The theory of error-correcting codes allows
information
to the recipient.
To further clarify, my comment is not that PKC is not useful for email. I
believe it is, but not directly used as it is today. The PKC key distribution
solution is backwards for email.
Cheers,
Ed Gerck
-
The Cryptography Mailing
not
need to rely on the recipient, or receive anything from the recipient,
in order to sign an email. The problem with PKC email signature is
PKI. However, email signature can also be done without PKI, by PGP.
Cheers,
Ed Gerck
.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Adam Shostack wrote:
On Thu, Sep 16, 2004 at 12:05:57PM -0700, Ed Gerck wrote:
| Adam Shostack wrote:
|
| I think the consensus from debate back last year on
| this group when Voltage first surfaced was that it
| didn't do anything that couldn't be done with PGP,
| and added more risks to boot
Bill Stewart wrote:
At 10:19 PM 9/15/2004, Ed Gerck wrote:
Yes, PKC provides a workable solution for key distribution... when you
look at servers. For email, the PKC solution is not workable (hasn't
been)
and gives a false impression of security. For example, the sender has no
way of knowing
Ben Laurie wrote:
Ed Gerck wrote:
If the recipient cannot in good faith detect a key-access ware, or a
GAK-ware, or a Trojan, or a bug, why would a complete background
check of the recipient help?
Let's assume for a moment that a solution exists that satisfies your
requirements. Since
Anne Lynn Wheeler wrote:
At 12:53 PM 9/16/2004, Ed Gerck wrote:
If the recipient cannot in good faith detect a key-access ware, or a
GAK-ware, or a Trojan, or a bug, why would a complete background
check of the recipient help?
a complete audit and background check ... would include an audit
,
Ed Gerck
R.A. Hettinga wrote:
http://www.forbes.com/2004/11/05/cx_ah_1105tentech_print.html
Forbes
Ten O'Clock Tech
When A Pencil And Paper Makes Sense
Arik Hesseldahl, 11.05.04, 10:00 AM ET
Thank goodness, it's over. Sometime around 4:30 A.M. Wednesday I went to
bed, not the least bit uncertain
,
not free from correlations either.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Dear Virtual Goods Community,
here is the link to the cfp:
http://virtualgoods.tu-ilmenau.de/2005/cfp_short.txt
Please feel free to distrubute it.
Best regards
Juergen
Here is the text:
C A L L F O R P A P E R S
The 3rd International Workshop for
Amir Herzberg wrote:
Ed Gerck responded to me:
Can
you trust what trustbar shows you?
This trust translates to:
-- Trusting the TrustBar code (which is open source so can be validated
by tech-savvy users / sys-admin)
-- Trusting that this code was not modified (same as for any other
aspect
channel available. I am
looking at N outputs, N sources of information (each one as independent as
possible but not necessarily 100% independent). You have no reference for
detecting a spike, I have N-1.
Cheers,
Ed Gerck
they are recognized.
So, again, if someone breaks into your file using your number --
who is responsible?
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Matt Crawford wrote:
On Mar 5, 2005, at 11:32, Ed Gerck wrote:
The worse part, however, is that the server side can always fake your
authentication using a third-party because the server side can
always calculate ahead and generate your next number for that
third-party to enter -- the same number
it,
in the name of security?
Cheers,
Ed Gerck
--
I use ZSentry Mail Secure Email
https://zsentry.com/R/index.html/[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe
last-four is private and static too (unless
you want the burden to change your card often).
Lance James wrote:
But from your point, the codeword would be in the clear as well.
Respectively speaking, I don't see how either solution would solve this.
Ed Gerck wrote:
List,
In an effort to stop
refresh it at will, each user will have the security that he wants.
Matt Crawford wrote:
On May 26, 2005, at 13:24, Ed Gerck wrote:
A better solution, along the same lines, would have been for Citibank to
ask from their account holders when they login for Internet banking,
whether they would like
as a function
of all the above -- including the threat model;
- provide for key management, with revocation, expiration and roll-over,
before you face these needs without planning.
Cheers,
Ed Gerck
Ian G wrote:
I'd like to take a password and expand it into
several keys. It seems like a fairly
Original Message
Subject: VirtualGoods Workshop in Florence: Deadline for Submission,
July 20th
Date: Wed, 6 Jul 2005 15:55:37 +0200
From: Juergen Nuetzel [EMAIL PROTECTED]
Reply-To: Juergen Nuetzel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Dear Members of the
that the insurance model of
security cannot scale in Internet volumes and cannot even be ethically
justifiable.
A fraud is a sale is the only outcome possible from using such security
school of thought. Also sometimes referred to as acceptable risk --
acceptable indeed, because it is paid for.
Cheers,
Ed Gerck
?
By weakly fighting fraud, aren't we allowing fraud systems
to become stronger and stronger, just like any biological
threat? The parasites are also fighting for survival. We're
allowing even email to be so degraded that fax and snail
mail are now becoming atractive again.
Cheers,
Ed Gerck
time for the attack to be successful.
Cheers,
Ed Gerck
Perry E. Metzger wrote:
Often, banks send people PINs for their accounts by printing them on
tamper secure mailers. Some folks at Cambridge have discovered that
it is easy to read the PINs without opening the seals...
http://news.bbc.co.uk
Read in an email from a website:
You'll need to send us your CC information via regular email or fax. I
would suggest splitting up your CC info if you send it to us via email in
two separate emails for security.
-
The
will be peer-reviewed
before publication. Product and service listings are also
welcome, search-engine style (short pitch + link).
Regards,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
==
CALL FOR PAPERS
First International Workshop on
Interoperability Solutions to Trust, Security, Policies and QoS
for Enhanced Enterprise Systems
is at http://email-security.net/papers/pki-pgp-ibe.htm
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
-offs.
By comparing the capabilities and faults of the secure email products
per technology used, these and other problems come up in the score card.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending
Anne Lynn Wheeler wrote:
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the
threat model considered in the CPS.
but that is one of the points of the article that as you automate more
things
in the site as well,
at http://email-security.net
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
.
The RPs are not part of the contract. Without CAs, there's no key
owner in PKI. It's for the benefit (and reduction of liability)
of the key owners.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending
during Ramadan, when only approval by the Taliban
will do), and then reject them out of hand if I haven't had
my second cup of coffee.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
.
Comments are welcome.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
technologies is
presented at http://email-security.net/papers/pki-pgp-ibe.htm
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
This story (in addition to the daily headlines) seems to make the case that
the available techniques for secure email (hushmail, outlook/pki and pgp) do
NOT actually work.
http://www.npr.org/templates/story/story.php?storyId=5227744
Cheers,
Ed Gerck
that usability is king, could you please send me an
encrypted email -- I even let you choose any secure method that you want.
Cheers,
Ed Gerck
Paul Hoffman wrote:
At 1:56 PM -0800 2/23/06, Ed Gerck wrote:
This story (in addition to the daily headlines) seems to make the case
that
the available techniques
Ben Laurie wrote:
Ed Gerck wrote:
Paul,
Usability should by now be recognized as the key issue for security -
namely, if users can't use it, it doesn't actually work.
And what I heard in the story is that even savvy users such as Phil Z
(who'd have no problem with key management) don't use
, weak key, key escrow, shared private key), YOUR
envelope is compromised from the start and you have no way of knowing it. This
is
quite different from an address, which single purpose is to route the
communication.
That's I said the postal analogue of the public-key is the envelope.
Ed Gerck
John W Noerenberg II wrote:
At 5:58 PM -0800 2/24/06, Ed Gerck wrote:
A phone number is not an envelope -- it's routing information, just
like
an email address. Publishing the email address is not in question and
there are alternative ways to find it out, such as search engines.
Oh really
the detection of man-in-the-middle (MiTM) attacks by
displaying a short authentication string for the users to read and
compare over the phone.
Depends on the trust model. May not work.
Cheers,
Ed Gerck
-
The Cryptography Mailing
to use. It may actually be a much
more powerful tool for data security than currently used.
Cheers,
Ed Gerck
[1] For example, J. Kestin, A Course in Thermodynamics, Blaisdell,
1966.
-
The Cryptography Mailing List
Unsubscribe
by itself cannot operate(or own) anything.
Being responsible for an account, or creating keys or passwords, is within
the idea of owing or operating.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending
the
first bytes).
Cheers, Ed Gerck
Joseph Ashwood wrote:
- Original Message - From: Ed Gerck [EMAIL PROTECTED]
Subject: [!! SPAM] Re: Is AES better than RC4
...
-
The Cryptography Mailing List
Unsubscribe by sending
C A L L F O R P A P E R S
The 4th International Workshop for
Technology, Economy and Legal Aspects of
Virtual Goods
Organized by the GI Working Group ECOM
and in parallel with
. Trust depends on parallel channels. So
based, trust actually reduces liability.
The knife cuts the other way too, and that's why unrevocably
expiring documents that can be so treated (legally and business
wise) is also necessary to reduce liability.
Cheers,
Ed Gerck
heaven for
criminals because criminal activity is often detected
and evidenced by its outside effects, including
tracing.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
. The data becomes inaccessible even if the coercer has the binary data.
Another possibility is to combine the above with threshold cryptography.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
the system less secure than just username/password, while
considerably reducing usability. A lose-lose for users.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
! This
was the same mistake of email encryption. That the system can actually
be used turns out to be more important than any security promise.
Cheers,
Ed Gerck
(*) Apparently, at most. Their 3-digit matrix counter, also included
in the message (!), can index at most 999 pages
more chances for
success, and less cost, with e-voting.
Best,
Ed Gerck
[1] In Shannon's cryptography terms, the solution reduces the probability
of existence of a covert channel to a value as close to zero as we want.
This is done by adding different channels of information, as intentional
fairly intuitive. In fact, it was used about 500
years by the Mogul in India to prevent fraud.
The solution is also technologically neutral, but has more chances for
success, and less cost, with e-voting.
Best,
Ed Gerck
[1] In Shannon's cryptography terms, the solution reduces the probability
by convenience.
I would like to invite your comments on this, to help build the trust
and integrity that our election system needs -- together with the
convenience that voters want. Personal replies are welcome. I am
thinking of opening a blog for such dialogue. Moderators are welcome
too.
Best,
Ed
vote selling and coercion. The voter cannot
produce a non-repudiable proof of how the voter voted.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
prey to con games. Trust begins as self-trust. Anyone
interested in trying it out, please send me a personal email with
application info.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
necessary for banks (because the client already knows
the bank and vice versa).
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
James A. Donald wrote:
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as self-trust
Guus Sliepen wrote:
On Thu, Feb 15, 2007 at 02:47:05PM -0800, Ed Gerck wrote:
Zmail actually reduces the amount of trust by not storing your usercode,
password, or keys anywhere. This makes sense for zmail, and is an incentive
to actually do it, to reduce risk -- anyone breaking into any
, such as magnetic domain encoding when storing it
in a hard disk.
Now, if you pass a copyright-protected work through an irreversible
hash function, it would be hard to claim the result to be
copyright-protected.
Cheers,
Ed Gerck
the product along with the shipping
costs and the chargeback fees. Merchants, of course, have
no choice but to pass those losses on to the honest customers.
in http://woip.blogspot.com/2007/03/fraud-is-sale.html
See also https://financialcryptography.com/mt/archives/000520.html
Cheers,
Ed
other SSH security issues that you would like to see solved /in SSH/.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ivan Krstić wrote:
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself
) an in the blog in
general.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
in the remaining through-signal, which
can easily be detected.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Steven M. Bellovin wrote:
http://www.tgdaily.com/content/view/33425/118/
Ann Arbor (MI) - University of Michigan scientists have discovered a
breakthrough way to utilize light in cryptography. The new technique
can crack even complex codes in a matter of seconds. Scientists believe
this
(entirely on their own and
not by a mandate) to point out non-compliance of evaluated products
-- proprietary or open source -- to basic architectural requirements
of the standard. Here [x] = competitors, attackers, outside experts,
anyone in general.
Cheers,
Ed Gerck
frameworks that can
be used to bind the key to a person.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
the e-commerce security
problem, by putting in insurance. We can not solve it that way [for elections].
(from my Brookings Symposium comment, Washington, DC, January 2000).
Cheers,
Ed Gerck
-
The Cryptography Mailing List
.
It is misleading to claim that port 587 solves the security problem of email
eavesdropping, and gives people a false sense of security. It is worse than
using a 56-bit DES key -- the email is in plaintext where it is most vulnerable.
Cheers,
Ed Gerck
wiretapping and so on, why any private communications should
be in the clear I just don't know. Even my MTA offers up SSL or TLS to
other MTA's when advertising its capabilities. The RFC is there, use it
as they say.
-
Cheers,
Ed Gerck
Steven M. Bellovin wrote:
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck [EMAIL PROTECTED] wrote:
As I commented in the
second paragraph, an attack at the ISP (where SSL/TLS is
of no help) has been the dominant threat -- and that is
why one of the main problems is called warrantless
wiretapping
email submission.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
/hamming.pdf
(BTW, this was a great talk!)
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Leichter, Jerry wrote:
No real technical data I can find on the site, and I've never seen
a site with so little information about who's involved. (Typically,
you at least get a list of the top execs.) Some ex-spooks? Pure
snake oil? Somewhere in between?
He's likely called Paul McGough, of
we call trust), negative (distrust),
and zero (atrust -- there is no trust value associated with the
information, neither trust nor distrust). More in [*].
Cheers,
Ed Gerck
References:
[*] www.nma.com/papers/it-trust-part1.pdf
www.mcwg.org/mcg-mirror/trustdef.htm
[**] Ken's paper title (op
Perry E. Metzger wrote:
Ed Gerck [EMAIL PROTECTED] writes:
Each chip does not have to be 100% independent, and does not have to
be used 100% of the time.
Assuming a random selection of both outputs and chips for testing, and
a finite set of possible outputs, it is possible to calculate what
that the error-correcting
channel has enough capacity to counter-react within that reaction
time. For chip fabrication, this may be quite long.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
1 - 100 of 116 matches
Mail list logo
