In the absence of a legal framework for defining, limiting and
allocating liability, there's going to be nothing much better than
reputation-based assurance for certificates, I'm afraid.
The issues are systemic, and broad.
They begin with the registration problem you cite. The problem
Been there, done that...
Win95 Win98 are pretty programs running on DOS.
I've generally taken FIPS 140-1 level 1 to be about whether you got the
software right, not whether it protects secrets. Level 2 only relies on
TCSEC or Common
I recently had the same trouble with the Centers for Disease Control
(CDC) - who were calling around to followup on infant influenza
innoculations given last fall.
Ultimately, they wanted me to provide authorization to them to receive
HIPPA protected patient records from my son's pediatrician,
Why worry about satellites when car/plane/neighbor unpiloted remote
controlled airplanes work so well?
You're free-radiating electronic emissions. That's all a determined
adversary needs. Or an opportunistic war-driving script-kiddie, for
John Kelsey [EMAIL PROTECTED] 5/27/2004
Ian Grigg [EMAIL PROTECTED] 12/20/2003 12:15:51 PM
One of the (many) reasons that PKI failed is
that businesses simply don't outsource trust.
Of course they do. Examples:
DB and other credit reporting agencies.
SEC for fair reporting of financial results.
International Banking Letters of
Remote attestation has use in applications requiring accountability of
the user, as a way for cooperating processes to satisfy themselves
configurations and state are as they're expected to be, and not
There are many business uses for such things, like checking to see