management server or an open source HSM and you see a useful feature
in self-evident entropy source, don't hesitate to contact me (I would
consider an open source contribution if such projects have a reasonable
chance of critical mass adoption).
Enjoy!
Thierry Moreau wrote:
See http
deploy client certificates.
- Marsh
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
--
- Thierry Moreau
CONNOTECH Experts-conseils inc
specification for the US Federal government.
Cheers,
Ben.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
-
The Cryptography Mailing List
(or periodic operator-assisted
maintenance). This project is still active. See
http://www.connotech.com/doc_pudec_descr.html . You may see this as a
bias in my opinions, but I don't see any benefits in misrepresenting
relevant facts and analyzes.
Regards,
--
- Thierry Moreau
CONNOTECH
the
*NIST*approved* status at some point. The above proposal merely shifts
the difficulty to the TRNG. Practical Use of Dice for Entropy Collection
is unique because the unpredictable process (shuffling dice) has clear
and convincing statistical properties.
- Thierry Moreau
payments, lottery and casino
systems).
--
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
is needed,
but that is a given irrespective of the underlying crypto).
Thanks a lot for your answer!
Regards,
--
- Thierry Moreau
Tanja
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
in a group with the traitor A, but no other key material. No
system UI, but admittedly a coordination nightmare!
--
- Thierry Moreau
With a two-share XOR it's much simpler, two red LEDs that turn green when the
share is added, and you're done. One share is denoted 'A' and the other is
denoted 'B
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
With the next key generation for DNS root KSK signature key, ICANN may have
an opportunity to improve their procedure.
What they do will really depend on what their threat model is. I suspect that
in this case
. Only thereafter we get
an understanding of good, bad, or more relevant: improved.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
saved state.
And bingo, you solved the random secret generation issue satisfactorily!
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
Dear Jakob:
Trying to reply specifically. The bigger picture would require extensive
background explanations.
Jakob Schlyter wrote:
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you, security
experts, has been trained
Paul Hoffman wrote:
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible
!
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
Victor Duchovni wrote:
On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote:
The DNS root may be qualified as a high valued zone, but I made the
effort to put in writing some elements of a risk analysis (I have an
aversion for this notion as I build *IT*controls* and the consultants
at ``Provable
Security'', Cryptology ePrint Archive: Report 2004/152, available at
http://eprint.iacr.org/2004/152.pdf.
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord
Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
Thanks for this feedback.
No, no, and no.
No, because I asked the question as a matter of security analysis
,
- Thierry Moreau
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
success) can be attributed to the restrictions in cipher strength
(respectively impediments to sensible key management schemes) that the
government officials promoted for civilian use crypto.
My 0.2 worth of wisdom (Friday afternoon special promotion!).
- Thierry Moreau
is(are) the real
beneficiary(ies) in a trusted timestamping service, and how do you sell
the service to them so that it makes economic sense?
Regards,
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending
,
- Thierry
On Jul 27, 2009, at 10:35 AM, Thierry Moreau wrote:
Title and abstract:
Scirpo, a Basic Rabin-Williams Digital Signature Specification
The public key cryptography digital signatures are well studied since
the early publications by academics three decades ago. On the
deployment front
that the usefulness of this document is limited, so if
you do find some value in it, please let me know how the document can be
improved for your purpose.
If anyone has other comments, I would like to read them.
Regards,
- Thierry Moreau
mismanagement of
signature private key over some extended period of time?
2.2 ...
Regards,
--
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Paul Hoffman wrote:
At 4:11 PM +1200 5/5/09, Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation would
have been
? Marginally at best.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
.
Do you really trust that no single source of entropy can have knowledge
of the other source's output, so it can surreptitiously correlate its own?
I.e, you are are also assuming that these sources are *independent*.
--
- Thierry Moreau
retrofitting the probabilistic property in
RSA, while probabilistic cryptosystems has been around in academic work
amost since the early days of published work on PK crypto.
Regards,
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel
specifically, with the hope that paranoia can
sometimes be a productive state of mind, I remain paranoid-ly grateful
for your answers.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site
of key material reference data (or salt or IV ...).
If you have room for such message-specific reference data, it should be
easy to design a decimal stream cipher for short messages.
--
- Thierry Moreau
-
The Cryptography
Eric Rescorla wrote:
At Wed, 23 Jul 2008 17:32:02 -0500,
Thierry Moreau wrote:
Anne Lynn Wheeler wrote about various flavors of certificateless
public key operation in various standards, notably in the financial
industry.
Thanks for reporting those.
No doubt that certificateless
Tom Scavo wrote:
On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
[EMAIL PROTECTED] wrote:
The document I published on my web site today is focused on fielding
certificateless public operations with the TLS protocol which does not
support client public keys without certificates - hence
to facilitate the use of client-side PKC.
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
in the process of design refinements leading to
the actual processor.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
otherwise.
I'm not impressed by the phisher blabla message.
--
- Thierry Moreau
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
not be allowed to
modify security-critical parameters on the local machine.
According to my records, this issuance process is nonetheless
representative of research directions for user enrollment, i.e. there
aren't too many other documented processes in this area.
Regards,
--
- Thierry Moreau
with OSI NLSP or TLSP, you just have to overcome
the *power of the installed base*!
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL
don't want to argue too theoretically. Peter and I just
want to clear memory!
Kind regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL
*(*fpt_t)(void *, int, size_t);
extern void f(fpt_t arg);
int main(int argc, char *argv[])
{
f(memset);
return EXIT_SUCCESS;
}
/* I don't want to argue too theoretically.
- Thierry Moreau
Leichter, Jerry wrote:
On Wed, 12 Dec 2007, Thierry Moreau wrote:
| Date: Wed, 12 Dec 2007 16:24:43 -0500
| From: Thierry Moreau [EMAIL PROTECTED]
| To: Leichter, Jerry [EMAIL PROTECTED]
| Cc: Peter Gutmann [EMAIL PROTECTED], cryptography@metzdowd.com
| Subject: Re: More on in-memory
to diplomats and like individuals.
(A DHS sponsored study even ignored or downplayed mere split key storage
for protecting the DNSSEC root private key.)
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
signature s
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]
-
The Cryptography
Thomas Harold wrote, in part:
I do suspect at some point that the lightweight nature of DNS will give
way to a heavier, encrypted or signed protocol. Economic factors will
probably be the driving force (online banking).
E.g. RFC4033, RFC4034, RFC4035.
- Thierry
opinion at that time.
All theories are equal, but some theories are more equal than others ...
Have fun!
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e
to sample it and at which rate, and with which protection
against eavesdroping during the sampling? At what cost? With what kind
of design assurance that the pure random data is indeed pure and random?
Have fun.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal
the *authorization* management overhead.
Fun,
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
.
[...]
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
:
#i,R[i],N[i],P[i],s[i]# .
Upon receipt of this messsage, the end-user system
becomes in a position to validate the root key digest
#D[i]#.
More details are provided in
http://www.connotech.com/takrem.pdf.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
acceptable
encryption technology and key management techniques ... which is no
longer a simple solution.
Thanks for highlighting the limits of the original post, either on a
technical basis or on issues of lawmaking strategy.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de
See the following comments submitted to the Department of State
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED
can help define other constructs for hash
functions. Obviously, if the sate information is to end up in a standard size at the end of the
plaintext processing, the additional state information has to be folded, which means
additional processing costs, of discarded.
--
- Thierry Moreau
CONNOTECH
Need a New Definition of Information Security,
Computers Security, vol 22, no. 4, May 2003, 2003, pages 308-313.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail
or
property in the transported key.
So, the questions is how are the two properties (inescapable
public key property and inescapable secret key processing
rules) addressed in the existing key establishment protocols?
Thanks in advance!
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place
53 matches
Mail list logo