Peter -
In the absence of a legal framework for defining, limiting and
allocating liability, there's going to be nothing much better than
reputation-based assurance for certificates, I'm afraid.
The issues are systemic, and broad.
They begin with the registration problem you cite. The problem
>>> Ian G <[EMAIL PROTECTED]> 2/2/2005 6:38:46 PM >>>
> I'm just curious on this point. I haven't seen much
> to indicate that Microsoft and others are ready
> for a nymous, tradeable software assets world.
No, and neither are corporate customers, to a large extent.
Accountability is, in fact, a
Novell developed NICI, Novell International Crypto Infrastructure, and
has used it for much of the past decade. It's a BSAFE wrapper with
several PKI-based applications, including a signed-code authenticating
library loader, exportable dynamic crypto libraries with continuous
authentication across
Been there, done that...
http://csrc.nist.gov/cryptval/140-1/1401val2001.htm#138
Win95 & Win98 are pretty programs running on DOS.
I've generally taken FIPS 140-1 level 1 to be about whether you got the
software right, not whether it protects secrets. Level 2 only relies on
TCSEC or Common Crit
I recently had the same trouble with the Centers for Disease Control
(CDC) - who were calling around to followup on infant influenza
innoculations given last fall.
Ultimately, they wanted me to provide authorization to them to receive
HIPPA protected patient records from my son's pediatrician, and
Why worry about satellites when car/plane/neighbor unpiloted remote
controlled airplanes work so well?
You're free-radiating electronic emissions. That's all a determined
adversary needs. Or an opportunistic war-driving script-kiddie, for
that matter.
>>> John Kelsey <[EMAIL PROTECTED]> 5/27/20
>>> Ian Grigg <[EMAIL PROTECTED]> 12/20/2003 12:15:51 PM >>>
>One of the (many) reasons that PKI failed is
>that businesses simply don't outsource trust.
Of course they do. Examples:
D&B and other credit reporting agencies.
SEC for fair reporting of financial results.
International Banking Let
Remote attestation has use in applications requiring accountability of
the user, as a way for cooperating processes to satisfy themselves
that
configurations and state are as they're expected to be, and not
screwed
up somehow.
There are many business uses for such things, like checking to see
if
I've suspected that the pricing was set along a line of thinking that
goes like this...
1) work group and departmental networking managed to charge $100-$150 /
yr / user
in exchange for making user administration, file and print share access
control
management and other related identity management