On Sun, Oct 12, 2003 at 08:25:21AM -0600, Anne Lynn Wheeler wrote:
It wouldn't have been impossible ... but quite unlikely. It is somewhat
easier in C-based programs since there are additional levels of indirection
and obfuscations between the statements in a C program and the
generated
At 03:48 PM 10/12/2003 -0700, [EMAIL PROTECTED] wrote:
Hmm. While I agree with your assessment of likelihood, I think you
understate the seriousness of the issue in both the C case and the
assembler case -- they are not really that different. It's not just a
matter of indirection and obfuscation
As many have decried in recent threads, it all
comes down the WYTM - What's Your Threat Model.
It's hard to come up with anything more important
in crypto. It's the starting point for ... every-
thing. This seems increasingly evident because we
haven't successfully reverse-engineered the threat
Anton Stiglic [EMAIL PROTECTED] writes:
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security? For the moment, FIPS 140 and CC
type certifications seem to be the only means for these people...
Yeah, it's largely a case of looking
Minor errata:
Eric Rescorla wrote:
I totally agree that the systems are
insecure (obligatory pitch for my Internet is Too
Secure Already) http://www.rtfm.com/TooSecure.pdf,
I found this link had moved to here;
http://www.rtfm.com/TooSecure-usenix.pdf
which makes some of the same
also sprach R. A. Hettinga [EMAIL PROTECTED] [2003.10.13.0639 +0200]:
The time to stop this nonsense is now, and there's a non-governmental,
low-cost, low-effort way it could happen. Here's my plan of action, it's
not original to me but I want to lay it out publicly as a battle plan:
Of course
At 12:28 AM 10/13/2003, Ian Grigg wrote:
Problem is, it's also wrong. The end systems
are not secure, and the comms in the middle is
actually remarkably safe.
I think this is an interesting, insightful analysis, but I also think it's
drawing a stronger contrast between the real world and the
| I've not read the said article just yet, but from that direct quote as
| the copy degrades... I can already see the trouble with this scheme:
| their copy protection already fails them. They allow copies to be made
| and rely on the fact that the CDR or whatever media, will eventually
|
Eric,
thanks for your reply!
My point is strictly limited to something
approximating there was no threat model
for SSL / secure browsing. And, as you
say, you don't really disagree with that
100% :-)
With that in mind, I think we agree on this:
[9] I'd love to hear the inside scoop, but
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
Sent: Saturday, October 11, 2003 1:22 PM
Subject: Re: NCipher Takes Hardware Security To Network Level
Is there any reason to believe that people who
know nothing about security can actually evaluate
questions about security?
10 matches
Mail list logo