Re: The future of security

2004-07-30 Thread Ed Gerck
Email end-to-end: PGP, PGP/MIME, S/MIME. Not tunnel SSL or SSL at the end points. Lars Eilebrecht wrote: According to Ed Gerck: But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know). Are these 2% 'only' S/MIME and

Re: The future of security

2004-07-28 Thread Lars Eilebrecht
According to Ed Gerck: But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know). Are these 2% 'only' S/MIME and PGP-encrypted email messages or is SSL-encrypted email communication included? ciao... -- Lars

Re: The future of security

2004-06-02 Thread Ben Laurie
Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to

Re: The future of security

2004-06-02 Thread Bill Stewart
At 05:15 AM 6/2/2004, Ben Laurie wrote: SPF will buy me one thing forever: I won't get email telling me I sent people spam and viruses. Unfortunately, that won't work for me. My email address is at pobox.com, the mail forwarding service where the main proponent of SPF works, but my SMTP service

Re: The future of security

2004-06-01 Thread bear
On Mon, 31 May 2004, Eugen Leitl wrote: The bigger problem is that webs of trust don't work. They're a fine idea, but the fact is that nobody keeps track of the individual trust relationships or who signed The point of an automated web of trust is that the machine is doing the accounting

Re: The future of security

2004-06-01 Thread Eugen Leitl
On Mon, May 31, 2004 at 08:27:49PM -0700, bear wrote: The point of an automated web of trust is that the machine is doing the accounting for you. Does it? If there were meaningful reputation accounting You got fooled by the present tense. If there was such an architecture, I wouldn't have

Re: The future of security

2004-05-31 Thread Guus Sliepen
On Sun, May 30, 2004 at 12:36:53PM -0700, bear wrote: The bigger problem is that webs of trust don't work. They're a fine idea, but the fact is that nobody keeps track of the individual trust relationships or who signed a key; few people even bother to find out whether there's a path of

Re: The future of security

2004-05-31 Thread Eugen Leitl
On Sun, May 30, 2004 at 12:36:53PM -0700, bear wrote: If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers will have only very few connections

Re: The future of security

2004-05-30 Thread bear
On Sat, 29 May 2004, Russell Nelson wrote: Eugen Leitl writes: If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers will have only very few connections

Re: The future of security

2004-05-28 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: I think cryptography techniques can provide a partial solution to spam. No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't

Re: The future of security

2004-05-28 Thread Anne Lynn Wheeler
At 09:27 AM 5/28/2004, Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian

Re: The future of security

2004-05-28 Thread Eugen Leitl
On Fri, May 28, 2004 at 09:46:03AM -0700, bear wrote: Spam won't stop until spam costs the spammers money. If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers

Re: The future of security

2004-05-28 Thread bear
On Fri, 28 May 2004, Anne Lynn Wheeler wrote: connecting systems that were designed for fundamentally safe and isolated environment to wide-open anarchy hostile operation exposes all sorts of problems. somewhat analogous to not actually needing a helmet for riding a motorcycle ... or seat

Re: The future of security

2004-05-27 Thread Ed Gerck
Ian Grigg wrote: ... fundamentally, as Steve suggests, we expect email from anyone, and it's free. We have to change one of those basic features to stop spam. Either make it non-free, or make it non-authorised. Hashcash doesn't achieve either of those, although a similar system such as a

Re: The future of security

2004-05-26 Thread Anne Lynn Wheeler
At 09:36 AM 5/11/2004, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Ian Grigg writes: Security architects will continue to do most of their work with little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. j. a cryptographic

Re: The future of security

2004-05-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Anton Stiglic writes: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto

Re: The future of security

2004-05-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ben Laurie writes: Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Anton Stiglic write s: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same

Re: The future of security

2004-05-26 Thread Ian Grigg
Ben Laurie wrote: Steven M. Bellovin wrote: The spammers are playing with other people's money, cycles, etc. They don't care. We took that into account in the paper. Perhaps you should read it? http://www.dtc.umn.edu/weis2004/clayton.pdf (Most of the people on this list are far too

Re: The future of security (bulk reply, long)

2004-05-25 Thread Joseph Ashwood
I've moved this to the top because I feel it is the most important statement that can be made Hadmut said : Security doesn't necessarily mean cryptography. - Original Message - From: Hadmut Danisch [EMAIL PROTECTED] Subject: Re: The future of security On Mon, Apr 26, 2004 at 08:21

Re: The future of security

2004-05-25 Thread Arnold G. Reinhold
At 8:21 PM +0100 4/26/04, Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any

Re: The future of security

2004-05-25 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian Grigg writes: Security architects will continue to do most of their work with little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. j. a cryptographic solution for spam and viruses won't be found.

Re: The future of security

2004-05-25 Thread l . crypto
[EMAIL PROTECTED] wrote: Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. I'd like to think we would see a new flowering of

Re: The future of security

2004-05-08 Thread Hadmut Danisch
. - Maybe we'll have less crypto security in future than we have today. 5-10 years ago I knew much more people using PGP than today. Most modern mail user agents are capable of S/MIME, but it's hard to find someone making use of it. I'm a consultant for many companies

Re: The future of security

2004-05-08 Thread geer
Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. prediction: just as in the 1990s the commercial world caught up to the mil world

Re: The future of security

2004-05-08 Thread Graeme Burnett
Many thanks to the list members who have contributed ideas to the above - I'll share the results by previewing the paper in the next few weeks if I may. Having been a devotee of the financial crypto community for many years, a thought has just occurred to me about the possible use of Systemics

Re: The future of security

2004-05-08 Thread Ian Grigg
Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how

Re: The future of security

2004-05-08 Thread Graeme Burnett
Ian Grigg wrote: Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good

Re: The future of security

2004-05-08 Thread Anne Lynn Wheeler
signing and signature signing ... as well as nature of naked public keys ... recently posted to thread in sci.crypt: http://www.garlic.com/~lynn/2004e.html#20 Soft signatures and the future of security ... somewhat orthogonal to cryptography ... there was recently a letter from NSF to some former

The future of security

2004-04-28 Thread Graeme Burnett
Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going