Re: PKI: Only Mostly Dead
--- begin forwarded text Status: U Date: Wed, 29 May 2002 00:57:06 -0700 To: R. A. Hettinga [EMAIL PROTECTED] From: Carl Ellison [EMAIL PROTECTED] Subject: Re: PKI: Only Mostly Dead Cc: [EMAIL PROTECTED] Here's my message to the author of that article.. - Carl === Scott, as far as I'm concerned PKI is not only dying, it deserves to die much more quickly. That's because when it works, it still doesn't work. See the two papers to which I contributed at last month's PKI Research Workshop http://www.cs.dartmouth.edu/~pki02/ Look especially at what we call the John Wilson problem. In a nutshell, if you bind a name to a key, even if you do that always accurately and even if your certificates interoperate with my software, you have done nothing for me if there are more than about 1000 certified people in the world. That's because there are too many John Wilsons. I can't tell them apart by name, when you lump them all together into one big pool (the pool of all people the CA certifies -- e.g., a big one like VeriSign -- or a little one like Intel Corporation with only 70,000 and 8 John Wilsons). If I can't tell them apart (and people can't -- for which we have definite proof), then I am forced to make a guess as to which one is the right one -- if the right one is represented at all -- and when I'm handed a certificate saying that this S/MIME message or HTTPS page came from John Wilson, I'm not given the list of all John Wilsons, so I don't even get to compare them to see which one looks like the closest match. PKI deserves to die not because of vendor greed, although there is plenty of that, but because the original idea was wrong. When you bind a person's name to a public key you have not identified the key in a way that is useful to me. That's because if I know the name of the keyholder, I still don't know who the keyholder is. - Carl P.S. I strongly recommend your reading those papers in the preprints available at the PKI Workshop web site. +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FC: Hollywood wants to plug analog hole, regulate A-D converters
I will add one more gallon of fuel to this fire and then sit by and watch it burn... Imagine *if* there is a mandated change that there be some kind of digital content filter in all D-A and *if* there is *any* probability at all (no matter how small) that non-copyrighted material will trigger this, would you put your life into the hands of a machine that will kill you if all of the redundant D-A converters fail at exactly the same time because of this feature?! Who should your children sue, Sony? Who pays for all the design, development and testing to prove that this event will not occur? Will this cause these machines to be developed in India instead? I honestly feel for the entertainment businesses and their losses, but trying to keep honest people honest, while crippling US competitiveness, seems to be a waste of their silver bullets, IMHO On Wed, 2002-05-29 at 16:04, Adam Fields wrote: Hughes, James P says: Change the billboard for elevator music (which will be protected). Will you be able to play back your digital dictations *if* they were recorded in an environment that included background music. IMHO, Silly does not mean they will not be successful. Look at DMCA. I'm curious - I've never seen any discussion of this, but it hit home quite forcefully when I was ejected from my battery park apartment on 9/11 and needed to temporarily install some software on a new computer - has anyone made the point that enforced technological copyright protections are detrimental to security because they eliminate the possibility of using that technology in an emergency? More than not being able to take a picture of your kid's birthday - what if all of those cameras refused to take pictures of the WTC burning? What if my computer was wiped out, and I needed to use a copy of some software to tell people I was still alive? Even if I was authorized to do so, the technological protections would prevent me from doing it, because I wouldn't be able to prove it to them (and this is a relatively minor inconvenience compared to the possibility that the key grantor is destroyed). It seems like these are more pervasive arguments that would appeal to more of a universal public good (individual safety and public record) than mere I want to watch TV when I want to. Granted, I agree with that argument too, but then, I'm one of the converted. Given that we seem to be rapidly moving towards a future where emergency situations are only going to become more prevalent, it seems strangely like a serious (physical, societal, etc...) security risk to lock down all this technology. -Original Message- From: Trei, Peter [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]; '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent: Wed May 29 12:29:39 2002 Subject: RE: FC: Hollywood wants to plug analog hole, regulate A-D conve rters Actually, it's unlikely that anyone would embed watermarks in billboard ads, or in ads in general. Copying an ad is usually a Good Thing from the advertiser's point of view - more exposure. It's only the program material which needs protection. To get back to security; could I use this to defeat video surrveilliance cameras, by wearing a copyrighted teeshirt?? This thread on this very silly idea from the MPAA has gone far enough, IMHO. Peter Trei -- From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: RE: FC: Hollywood wants to plug analog hole, regulate A-D conve rters From: Pete Chown [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 8:05 AM David G. Koontz wrote: Can you imagine watermarks on billboard advertisements? How subliminal. Actually this would be weird. Suppose digital cameras had to be fitted with a watermark detection system. Suddenly, we have lost a much more fundamental fair use right -- the right to include copyright material as an incidental part of a photograph. [SNIP] I would like to buy some watermarked cloths please. Then I could be invisible :-) -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majordomo@wasabisystems. com -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FC: Hollywood wants to plug analog hole, regulate A-D converters
From: Trei, Peter [EMAIL PROTECTED] Actually, it's unlikely that anyone would embed watermarks in billboard ads, or in ads in general. Copying an ad is usually a Good Thing from... It's only the program material which needs protection. Well the talent (models, etc.) in the ads need protection... they are paid based on usage and coping is unauthorized use.. Witness the issue over ads contained within streaming audio. They need to be removed from the stream or extra royalties need to be paid... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
the anvil problem
At 05:04 PM 5/29/2002 -0400, Adam Fields wrote: Hughes, James P says: Change the billboard for elevator music (which will be protected). Will you be able to play back your digital dictations *if* they were recorded in an environment that included background music. IMHO, Silly does not mean they will not be successful. Look at DMCA. I'm curious - I've never seen any discussion of this, but it hit home quite forcefully when I was ejected from my battery park apartment on 9/11 and needed to temporarily install some software on a new computer - has anyone made the point that enforced technological copyright protections are detrimental to security because they eliminate the possibility of using that technology in an emergency? We call this the anvil problem. Your copy protections must not prevent you from moving all your soft assets over to another computer when your first computer had an anvil dropped on it (or when it fell under the roller of a steam roller). +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: FC: Hollywood wants to plug analog hole, regulate A-D converters
At 01:14 PM 5/29/2002 -0500, [EMAIL PROTECTED] wrote: From: Pete Chown [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 8:05 AM David G. Koontz wrote: Can you imagine watermarks on billboard advertisements? How subliminal. Actually this would be weird. Suppose digital cameras had to be fitted with a watermark detection system. Suddenly, we have lost a much more fundamental fair use right -- the right to include copyright material as an incidental part of a photograph. [SNIP] I would like to buy some watermarked cloths please. Then I could be invisible :-) Cover your car with them, for running red lights that are monitored by cameras! +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
