Re: [Clips] Escaping Password Purgatory

2005-08-04 Thread Ian Grigg
(probably Firefox): http://crypto.stanford.edu/PwdHash/ iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting

Re: Ostiary

2005-08-02 Thread Ian Grigg
://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: ID theft -- so what?

2005-07-15 Thread Ian Grigg
-- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting

Re: ID theft -- so what?

2005-07-14 Thread Ian Grigg
Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: ID theft -- so what?

2005-07-14 Thread Ian Grigg
(Dan, in answer to your question on certs, below.) On Thursday 14 July 2005 14:19, Perry E. Metzger wrote: Ian Grigg [EMAIL PROTECTED] writes: It's 2005, PKI doesn't work, the horse is dead. He's not proposing PKI, but nymous accounts. The account is the asset, the key is the owner

Re: the limits of crypto and authentication

2005-07-11 Thread Ian Grigg
Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: the limits of crypto and authentication

2005-07-09 Thread Ian Grigg
Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting - The Cryptography Mailing List

Re: AES timing attacks, why not whiten the implementation?

2005-06-24 Thread Ian Grigg
: https://www.financialcryptography.com/mt/archives/000458.html Daniel Nagy, On Secure Knowledge-Based Authentication Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure

WYTM - but what if it was true?

2005-06-22 Thread Ian Grigg
, Issue 1: https://www.financialcryptography.com/mt/archives/000458.html Daniel Nagy, On Secure Knowledge-Based Authentication Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure

Re: AES cache timing attack

2005-06-21 Thread Ian Grigg
: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Cryptography Research wants piracy speed bump on HD DVDs

2004-12-22 Thread Ian Grigg
What CR does instead is much simpler and more direct. It tries to cut off any player that has been used for mass piracy. Let me get this right. ... When a pirate makes a copy of a film encoded as SPDC, the output file is cryptographically bound to a set of player decryption keys. So it is

Re: 3DES performance

2004-12-08 Thread Ian Grigg
Hi, I'm working on a project for a company that involves the use of 3DES. They have asked me to find out what the overheads are for encrypting a binary file. There will be quite a lot of traffic coming in (in the region of hundreds of thousands of files per hour). Has anyone got any figures

Re: SSL/TLS passive sniffing

2004-11-30 Thread Ian Grigg
Ben raises an interesting thought: There was some question about whether this is possible for connections that use client-certs, since it looks to me from the spec that those connections should be using one of the Diffie Hellman cipher suites, which is obviously not vulnerable to a passive

Re: SSL/TLS passive sniffing

2004-11-30 Thread Ian Grigg
Ian Grigg writes: I note that disctinction well! Certificate based systems are totally vulnerable to a passive sniffing attack if the attacker can get the key. Whereas Diffie Hellman is not, on the face of it. Very curious... No, that is not accurate. Diffie-Hellman is also insecure

Re: Your source code, for sale

2004-11-18 Thread Ian Grigg
Enzo Michelangeli writes: In the world of international trade, where mutual distrust between buyer and seller is often the rule and there is no central authority to enforce the law, this is traditionally achieved by interposing not less than three trusted third parties: the shipping line,

RE: Your source code, for sale

2004-11-18 Thread Ian Grigg
Yes, I'm looking at ideas like this for ecash gambling, but you have a who-goes-first problem. One side or the other has to rip their own cash first, and then the other side can just go away and leave the first side screwed. The act of ripping cash is relatively atomic and involves a

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Ian Grigg
Ben, Ian Grigg wrote: It should be obvious. But it's not. A few billions of investment in smart cards says that it is anything but obvious. That assumes that the goal of smartcards is to increase security instead of to decrease liability. On whether the goal of smart cards is to reduce

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-28 Thread Ian Grigg
Alan Barrett wrote: On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external

Re: Printers betray document secrets

2004-10-28 Thread Ian Grigg
Ben Laurie wrote: This only works if the marks are not such that the identity of the printer is linked to the marks (as opposed to being able to test whether a particular document was produced by a particular printer). To be really safe, I'd suggest going somewhere without surveillance

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-25 Thread Ian Grigg
http://www.financialcryptography.com/mt/archives/000219.html [EMAIL PROTECTED] wrote: ... to break the conundrum Ballmer finds himself in where the road forks towards (1) fix the security problem but lose backward compatibility, or (2) keep the backward compatibility but never fix the problem. I

How to store the car-valued bearer bond? (was Financial identity...)

2004-10-23 Thread Ian Grigg
Aaron Whitehouse wrote: None. But a machine that had one purpose in life: to manage the bearer bond, that could be trusted to a reasonable degree. The trick is to stop thinking of the machine as a general purpose computer and think of it as a platform for one single application. Then secure that

Re: Are new passports [an] identity-theft risk?

2004-10-22 Thread Ian Grigg
R.A. Hettinga wrote: http://worldnetdaily.com/news/printer-friendly.asp?ARTICLE_ID=41030 An engineer and RFID expert with Intel claims there is little danger of unauthorized people reading the new passports. Roy Want told the newssite: It is actually quite hard to read RFID at a distance,

Re: Printers betray document secrets

2004-10-21 Thread Ian Grigg
R.A. Hettinga wrote: http://news.bbc.co.uk/2/low/technology/3753886.stm US scientists have discovered that every desktop printer has a signature style that it invisibly leaves on all the documents it produces. I don't think this is new - I'm pretty sure it was published about 6 or 7 years back

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-21 Thread Ian Grigg
Hi John, John Kelsey wrote: Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich. Imagine a world where there are a

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-21 Thread Ian Grigg
James A. Donald wrote: we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving

Re: AES Modes

2004-10-12 Thread Ian Grigg
Jack Lloyd also passed along lots of good comments I'd like to forward (having gained permission) FTR. I've edited them for brevity and pertinence. Jack Lloyd wrote: If it's small messages, CCM would probably work pretty well. Personally I think CCM is really poorly designed (in terms of easy

Re: AES Modes

2004-10-11 Thread Ian Grigg
Zooko provided a bunch of useful comments in private mail, which I've edited and forward for list consumption. Zooko Wilcox-O'Hearn wrote: EAX is in the same class as CCM. I think its slightly better. Also there is GCM mode, which is perhaps a tiny bit faster, although maybe not if you have to

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])

2004-09-19 Thread Ian Grigg
Hadmut Danisch wrote: On Thu, Sep 16, 2004 at 12:41:41AM +0100, Ian Grigg wrote: It occurs to me that a number of these ideas could be written up over time ... a wiki, anyone? I think it is high past time to start documenting crypto patterns. Wikis are not that good for discussions, and I do

Re: public-key: the wrong model for email?

2004-09-17 Thread Ian Grigg
lrk wrote: Perhaps it is time to define an e-mail definition of crypto to keep the postman from reading the postcards. That should be easy enough to implement for the average user and provide some degree of privacy for their mail. Call it envelopes rather than crypto. Real security requires more

Re: public-key: the wrong model for email?

2004-09-16 Thread Ian Grigg
Adam Shostack wrote: Given our failure to deploy PKC in any meaningful way*, I think that systems like Voltage, and the new PGP Universal are great. I think the consensus from debate back last year on this group when Voltage first surfaced was that it didn't do anything that couldn't be done with

Re: dual-use digital signature [EMAIL PROTECTED]

2004-07-28 Thread Ian Grigg
Peter Gutmann wrote: A depressing number of CAs generate the private key themselves and mail out to the client. This is another type of PoP, the CA knows the client has the private key because they've generated it for them. It's also cost-effective. The CA model as presented is too expensive.

Re: Identity theft case could be largest so far

2004-07-22 Thread Ian Grigg
R. A. Hettinga wrote: http://www.cnn.com/2004/LAW/07/21/cyber.theft/index.html Identity theft case could be largest so far From other reports, the indictment alleges that Levine gained access ... by misusing a legitimate password and user name while working for a company doing business with

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-21 Thread Ian Grigg
Steve, thanks for addressing the issues with some actual anecdotal evidence. The conclusions still don't hold, IMHO. Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Ian Grigg writes: Right... It's easy to claim that it went away because we protected against it. Unfortunately, that's

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-18 Thread Ian Grigg
Eric Rescorla wrote: Ian Grigg [EMAIL PROTECTED] writes: Notwithstanding that, I would suggest that the money already lost is in excess of the amount paid out to Certificate Authorities for secure ecommerce certificates (somewhere around $100 million I guess) to date. As predicted, the CA-signed

Re: On `SSL considered harmful`, correct use of condoms and SSL abuse

2004-07-18 Thread Ian Grigg
Amir Herzberg wrote: (Amir, I replied to your other comments over on the Mozilla security forum, which is presumably where they will be more useful. That just leaves this:) So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe `Stop SSL-Abuse!` Ha! I wondered when someone would

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-18 Thread Ian Grigg
Enzo Michelangeli wrote: Can someone explain me how the phishermen escape identification and prosecution? Gaining online access to someone's account allows, at most, to execute wire transfers to other bank accounts: but in these days anonymous accounts are not exactly easy to get in any country,

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-17 Thread Ian Grigg
At 10:46 AM 7/10/2004, Florian Weimer wrote: But is it so harmful? How much money is lost in a typical phishing attack against a large US bank, or PayPal? (I mean direct losses due to partially rolled back transactions, not indirect losses because of bad press or customer feeling insecure.) I

Re: New Attack on Secure Browsing

2004-07-16 Thread Ian Grigg
Aram, It's now pretty clear that PGP had no clue what this was all about. Apologies to all, that was my mistake. Also, to clarify, there was no SSL involved. What we are looking at is a case of being able to put a padlock on the browser in a place that *could* be confused by a user. This is an

Re: New Attack on Secure Browsing

2004-07-16 Thread Ian Grigg
Anton Stiglic wrote: You stated that http://www.pgp.com is an SSL-protected page, but did you mean https://www.pgp.com? On my Powerbook, with all the browsers I get an error that the certificate is wrong and they end up at http://www.pgp.com. What I get is a bad certificate, and this is due to

New Attack on Secure Browsing

2004-07-15 Thread Ian Grigg
Financial Cryptography Update: New Attack on Secure Browsing ) July 15, 2004 http://www.financialcryptography.com/mt/archives/000179.html

Re: Humorous anti-SSL PR

2004-07-15 Thread Ian Grigg
J Harper wrote: This barely deserves mention, but is worth it for the humor: Information Security Expert says SSL (Secure Socket Layer) is Nothing More Than a Condom that Just Protects the Pipe http://www.prweb.com/releases/2004/7/prweb141248.htm I guess the intention was to provide more

Jabber does Simple Crypto - Yoo Hoo!

2004-07-12 Thread Ian Grigg
(( Financial Cryptography Update: Jabber does Simple Crypto - Yoo Hoo! )) July 12, 2004 http://www.financialcryptography.com/mt/archives/000176.html

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-11 Thread Ian Grigg
Florian Weimer wrote: There are simply too many of them, and not all of them implement checks for conflicts. I'm pretty sure I could legally register Metzdowd in Germany for say, restaurant service. This indeed is the crux of the weakness of the SSL/secure browsing/CA system. The concept called

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Ian Grigg
John Gilmore wrote: [By the way, [EMAIL PROTECTED] is being left out of this conversation, by his own configuration, because his site censors all emails from me. --gnu] Sourceforge was doing that to me today! Well, I am presuming that ... the EZ Pass does have an account number, right? And

Re: EZ Pass and the fast lane ....

2004-07-09 Thread Ian Grigg
Date: Fri, 2 Jul 2004 21:34:20 -0400 From: Dave Emery [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: EZ Pass and the fast lane No mention is made of encryption or challenge response authentication but I guess that may or may not be part of the design (one would think it had better

Mark Shuttleworth On Open Source

2004-07-09 Thread Ian Grigg
Security Theatre: From the man who made hundreds of millions selling signatures on your keys: -- It is your data, why do you have to pay a licence fee for the application needed to access the data? -- Mark Shuttleworth http://www.tectonic.co.za/default.php?action=viewid=309topic=Open%20Source

Re: EZ Pass and the fast lane ....

2004-07-09 Thread Ian Grigg
John Gilmore wrote: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone

The Ricardian Contract - using mundane cryptography to achieve powerful governance

2004-07-08 Thread Ian Grigg
Original Message Subject: Financial Cryptography Update: The Ricardian Contract Date: Wed, 7 Jul 2004 11:17:46 +0100 From: [EMAIL PROTECTED] ( Financial Cryptography Update: The Ricardian Contract ) July 07, 2004

Re: authentication and authorization

2004-07-07 Thread Ian Grigg
John Denker wrote: [identity theft v. phishing?] That's true but unhelpful. In a typical dictionary you will find that words such as Identity theft is a fairly well established definition / crime. Last I heard it was the number one complaint at the US FTC. Leaving that aside, the reason that

Re: Question on the state of the security industry

2004-07-04 Thread Ian Grigg
[EMAIL PROTECTED] wrote: I shared the gist of the question with a leader of the Anti-Phishing Working Group, Peter Cassidy. Thanks Dan, and thanks Peter, ... I think we have that situation. For the first time we are facing a real, difficult security problem. And the security experts have shot

Re: authentication and authorization

2004-07-03 Thread Ian Grigg
Hi John, thanks for your reply! John Denker wrote: The object of phishing is to perpetrate so-called identity theft, so I must begin by objecting to that concept on two different grounds. 1) For starters, identity theft is a misnomer. My identity is my identity, and cannot be stolen. I think I'd

Question on the state of the security industry

2004-06-30 Thread Ian Grigg
The phishing thing has now reached the mainstream, epidemic proportions that were feared and predicted in this list over the last year or two. Many of the solution providers are bailing in with ill- thought out tools, presumably in the hope of cashing in on a buying splurge, and hoping to turn

threat modelling tool by Microsoft?

2004-06-09 Thread Ian Grigg
Has anyone tried out the threat modelling tool mentioned in the link below, or reviewed the book out this month: http://aeble.dyndns.org/blogs/Security/archives/000419.php The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points,

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Ian Grigg
Dave Howe wrote: Peter Gutmann wrote: It *is* happening, only it's now called STARTTLS (and if certain vendors (Micromumblemumble) didn't make it such a pain to set up certs for their MTAs but simply generated self-signed certs on install and turned it on by default, it'd be happening even

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Ian Grigg
Dave Howe wrote: Ian Grigg wrote: Dave Howe wrote: TLS for SMTP is a nice, efficient way to encrypt the channel. However, it offers little or no assurance that your mail will *stay* encrypted all the way to the recipients. That's correct. But, the goal is not to secure email to the extent

Re: The future of security

2004-05-26 Thread Ian Grigg
Ben Laurie wrote: Steven M. Bellovin wrote: The spammers are playing with other people's money, cycles, etc. They don't care. We took that into account in the paper. Perhaps you should read it? http://www.dtc.umn.edu/weis2004/clayton.pdf (Most of the people on this list are far too

Mutual Funds - Timestamping

2004-05-25 Thread Ian Grigg
Original Message http://www.financialcryptography.com/mt/archives/000141.html In a rare arisal of a useful use of cryptography in real life, the mutual funds industry is looking to digital timestamping to

US intelligence exposed as student decodes Iraq memo

2004-05-25 Thread Ian Grigg
Original Message Subject: Financial Cryptography Update: US intelligence exposed as student decodes Iraq memo http://www.financialcryptography.com/mt/archives/000137.html 13 May 2004 DECLAN BUTLER

SSL secure browsing - attack tree Mindmap

2004-05-25 Thread Ian Grigg
Original Message Subject: Financial Cryptography Update: SSL secure browsing - attack tree Mindmap http://www.financialcryptography.com/mt/archives/000136.html Here is a /work in progress/ Mindmap on the

Re: The future of security

2004-05-08 Thread Ian Grigg
Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how

Re: Bank transfer via quantum crypto

2004-04-28 Thread Ian Grigg
Ivan Krstic wrote: I have to agree with Perry on this one: I simply can't see a compelling reason for the push currently being given to ridiculously overpriced implementations of what started off as a lab toy, and what offers - in all seriousness - almost no practical benefits over the proper

Financial Cryptography Update: El Qaeda substitution ciphers

2004-04-19 Thread Ian Grigg
( Financial Cryptography Update: El Qaeda substitution ciphers ) April 19, 2004 http://www.financialcryptography.com/mt/archives/000119.html

Re: Firm invites experts to punch holes in ballot software

2004-04-09 Thread Ian Grigg
Brian McGroarty wrote: On Wed, Apr 07, 2004 at 03:42:47PM -0400, Ian Grigg wrote: It seems to me that the requirement for after-the-vote verification (to prove your vote was counted) clashes rather directly with the requirement to protect voters from coercion (I can't prove I voted

Re: Firm invites experts to punch holes in ballot software

2004-04-07 Thread Ian Grigg
Trei, Peter wrote: Frankly, the whole online-verification step seems like an unneccesary complication. It seems to me that the requirement for after-the-vote verification (to prove your vote was counted) clashes rather directly with the requirement to protect voters from coercion (I can't prove

Re: Do Cryptographers burn?

2004-04-03 Thread Ian Grigg
Hadmut Danisch wrote: Hi, this is not a technical question, but a rather academic or abstract one: Do Cryptographers burn? Cryptography is a lot about math, information theory, proofs, etc. But there's a certain level where all this is too complicated and time-consuming to follow all those

All Internet voting is insecure: report

2004-04-01 Thread Ian Grigg
http://www.theregister.co.uk/content/6/35078.html http://www.eetimes.com/at/news/OEG20040123S0036 = All Internet voting is insecure: report By electricnews.net Posted: 23/01/2004 at 11:37 GMT Get The Reg wherever you are, with The Mobile Register

Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

2004-01-09 Thread Ian Grigg
Ed Gerck wrote: Likewise, in a communication process, when repudiation of an act by a party is anticipated, some system security designers find it useful to define non-repudiation as a service that prevents the effective denial of an act. Thus, lawyers should not squirm when we feel the

Re: digsig - when a MAC or MD is good enough?

2004-01-03 Thread Ian Grigg
John Gilmore wrote: Sarbanes-Oxley Act in the US. Section 1102 of that act: Whoever corruptly-- (1) alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object's integrity or

Re: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Ian Grigg
Carl Ellison wrote: From where I sit, it is better to term these as legal non-repudiability or cryptographic non-repudiability so as to reduce confusion. To me, repudiation is the action only of a human being (not of a key) and therefore there is no such thing as cryptographic

Re: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Ian Grigg
Ben Laurie wrote: Ian Grigg wrote: Carl and Ben have rubbished non-repudiation without defining what they mean, making it rather difficult to respond. I define it quite carefully in my paper, which I pointed to. Ah. I did read your paper, but deferred any comment on it, in part

CIA - the cryptographer's intelligent aid?

2003-12-28 Thread Ian Grigg
Richard Johnson wrote: On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne Lynn Wheeler wrote: note, however, when I did reference PAIN as (one possible) security taxonomy i tended to skip over the term non-repudiation and primarily made references to privacy, authentication, and

Repudiating non-repudiation

2003-12-28 Thread Ian Grigg
In response to Ed and Amir, I have to agree with Carl here and stress that the issue is not that the definition is bad or whatever, but the word is simply out of place. Repudiation is an act of a human being. So is the denial of that or any other act, to take a word from Ed's 1st definition.

Re: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-26 Thread Ian Grigg
Amir Herzberg wrote: Ben, Carl and others, At 18:23 21/12/2003, Carl Ellison wrote: and it included non-repudiation which is an unachievable, nonsense concept. Any alternative definition or concept to cover what protocol designers usually refer to as non-repudiation

Re: Ousourced Trust (was Re: Difference between TCPA-Hardware anda smart card and something else before

2003-12-23 Thread Ian Grigg
Ed Reed wrote: Ian Grigg [EMAIL PROTECTED] 12/20/2003 12:15:51 PM One of the (many) reasons that PKI failed is that businesses simply don't outsource trust. Of course they do. Examples: DB and other credit reporting agencies. SEC for fair reporting of financial results

Re: IP2Location.com Releases Database to Identify IP's Geography

2003-12-23 Thread Ian Grigg
Rich Salz wrote: The IP2Location(TM) database contains more than 2.5 million records for all IP addresses. It has over 95 percent matching accuracy at the country level. Available at only US$499 per year, the database is available via download with free twelve monthly updates. And

Re: Difference between TCPA-Hardware and a smart card (was:example: secure computing kernel needed)

2003-12-22 Thread Ian Grigg
Anne Lynn Wheeler wrote: At issue in business continuity are business requirements for things like no single point of failure, offsite storage of backups, etc. The threat model is 1) data in business files can be one of its most valuable assets, 2) it can't afford to have unauthorized access

Re: Difference between TCPA-Hardware and other forms of trust

2003-12-22 Thread Ian Grigg
Bill Frantz wrote: [I always considered the biggest contribution from Mondex was the idea of deposit-only purses, which might reduce the incentive to rob late-night business.] This was more than just a side effect, it was also the genesis of the earliest successes with smart card money. The

Re: Difference between TCPA-Hardware and a smart card (was: example:secure computing kernel needed)

2003-12-22 Thread Ian Grigg
Bill Stewart wrote: At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote: In the late nineties, the smart card world worked out that each smart card was so expensive, it would only work if the issuer could do multiple apps on each card. That is, if they could share the cost with different uses

Ross Anderson's Trusted Computing FAQ

2003-12-20 Thread Ian Grigg
Ross Anderson's Trusted Computing FAQ has a lot to say about recent threads: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

I don't know PAIN...

2003-12-20 Thread Ian Grigg
What is the source of the acronym PAIN? Lynn said: ... A security taxonomy, PAIN: * privacy (aka thinks like encryption) * authentication (origin) * integrity (contents) * non-repudiation I.e., its provenance? Google shows only a few hits, indicating it is not widespread. iang

Re: Open Source Embedded SSL - (License and Memory)

2003-11-28 Thread Ian Grigg
J Harper wrote: 1) Not GPL or LPGL, please. I'm a fan of the GPL for most things, but for embedded software, especially in the security domain, it's a killer. I'm supposed to allow users to modify the software that runs on their secure token? And on a small platform where there

Cryptophone locks out snoopers

2003-11-25 Thread Ian Grigg
(link is very slow:) http://theregister.co.uk/content/68/34096.html Cryptophone locks out snoopers By electricnews.net Posted: 20/11/2003 at 10:16 GMT A German firm has launched a GSM mobile phone that promises strong end-to-end encryption on calls, preventing the possibility of anybody

Re: SSL, client certs, and MITM (was WYTM?)

2003-11-12 Thread Ian Grigg
Tom Weinstein wrote: The economic view might be a reasonable view for an end-user to take, but it's not a good one for a protocol designer. The protocol designer doesn't have an economic model for how end-users will end up using the protocol, and it's dangerous to assume one. This is

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Tom Otvos wrote: As far as I can glean, the general consensus in WYTM is that MITM attacks are very low (read: inconsequential) probability. Is this *really* true? The frequency of MITM attacks is very low, in the sense that there are few or no reported occurrences. This makes it a

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Tom Weinstein wrote: Ian Grigg wrote: Nobody doubts that it can occur, and that it *can* occur in practice. It is whether it *does* occur that is where the problem lies. This sort of statement bothers me. In threat analysis, you have to base your assessment on capabilities

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Perry E. Metzger wrote: Ian Grigg [EMAIL PROTECTED] writes: In threat analysis, you base your assessment on economics of what is reasonable to protect. It is perfectly valid to decline to protect against a possible threat, if the cost thereof is too high, as compared against

Re: WYTM?

2003-10-16 Thread Ian Grigg
Jon Snader wrote: On Mon, Oct 13, 2003 at 06:49:30PM -0400, Ian Grigg wrote: Yet others say to be sure we are talking to the merchant. Sorry, that's not a good answer either because in my email box today there are about 10 different attacks on the secure sites that I care about

Re: WYTM?

2003-10-15 Thread Ian Grigg
Eric Rescorla wrote: Ian Grigg [EMAIL PROTECTED] writes: I'm sorry, but, yes, I do find great difficulty in not dismissing it. Indeed being other than dismissive about it! Cryptography is a special product, it may appear to be working, but that isn't really good enough

Re: WYTM?

2003-10-15 Thread Ian Grigg
Tim Dierks wrote: At 12:28 AM 10/13/2003, Ian Grigg wrote: Problem is, it's also wrong. The end systems are not secure, and the comms in the middle is actually remarkably safe. I think this is an interesting, insightful analysis, but I also think it's drawing a stronger contrast between

WYTM?

2003-10-13 Thread Ian Grigg
As many have decried in recent threads, it all comes down the WYTM - What's Your Threat Model. It's hard to come up with anything more important in crypto. It's the starting point for ... every- thing. This seems increasingly evident because we haven't successfully reverse-engineered the threat

Re: WYTM?

2003-10-13 Thread Ian Grigg
Minor errata: Eric Rescorla wrote: I totally agree that the systems are insecure (obligatory pitch for my Internet is Too Secure Already) http://www.rtfm.com/TooSecure.pdf, I found this link had moved to here; http://www.rtfm.com/TooSecure-usenix.pdf which makes some of the same

Re: WYTM?

2003-10-13 Thread Ian Grigg
Eric, thanks for your reply! My point is strictly limited to something approximating there was no threat model for SSL / secure browsing. And, as you say, you don't really disagree with that 100% :-) With that in mind, I think we agree on this: [9] I'd love to hear the inside scoop, but

Re: WYTM?

2003-10-13 Thread Ian Grigg
Eric Rescorla wrote: Ian Grigg [EMAIL PROTECTED] writes: It's really a mistake to think of SSL as being designed with an explicit threat model. That just wasn't how the designers at Netscape thought, as far as I can tell. Well, that's the sort of confirmation I'm looking

Re: NCipher Takes Hardware Security To Network Level

2003-10-11 Thread Ian Grigg
Anton Stiglic wrote: - Original Message - From: Peter Gutmann [EMAIL PROTECTED] [...] The problem is that what we really need to be able to evaluate is how committed a vendor is to creating a truly secure product. [...] I agree 100% with what you said. Your 3 group

Re: Easy VPNs?

2003-10-11 Thread Ian Grigg
Dave Howe wrote: so as I say - think of vpn as two components - intercept (the virtual network functionality) and transport (a secure, authenticated, encapsulated communications standard) and how vpn over *anything* becomes more clear. Thanks. That's the key! Then, the answer might really

credit card threat model

2003-10-08 Thread Ian Grigg
Anne Lynn Wheeler wrote: what i said was that it was specifying a simplified SSL/TLS based on the business requirements for the primary use of SSL/TLS as opposed to a simplified SSL/TLS based on the existing technical specifications and existing implementations. I totally agree that

Re: anonymity +- credentials

2003-10-08 Thread Ian Grigg
Anton Stiglic wrote: - Original Message - From: Ian Grigg [EMAIL PROTECTED] [...] In terms of actual practical systems, ones that implement to Brands' level don't exist, as far as I know? There were however several projects that implemented and tested the credentials

Re: [dgc.chat] EU directive could spark patent war

2003-10-08 Thread Ian Grigg
Steve Schear wrote: [I wonder what if any effect this might have on crypto patents, e.g., Chaumian blinding?] My guess is, nix, nada. Patents are a red herring in the blinding skirmishes, they became a convenient excuse and a point to place the flag when rallying the troops. The battle was

Re: anonymous DH MITM

2003-10-06 Thread Ian Grigg
Taral wrote: On Mon, Oct 06, 2003 at 11:43:21AM -0400, Anton Stiglic wrote: You started by talking about anonymous communication, but ended up suggesting a scheme for pseudonymous communication. Anonymous != pseudonymous. Let us be clear on that! It is an important difference.

Re: Simple SSL/TLS - Some Questions

2003-10-06 Thread Ian Grigg
Jill Ramonsky wrote: First, the primary design goal is simple to use. This is the highest goal of all. If it is not simple to use, it misses out on a lot of opportunities. And missing out results in less crypto being deployed. If you have to choose between simple-but-incomplete, versus

  1   2   >