Re: PKI root signing ceremony, etc.

2003-12-15 Thread Rich Salz
*shrug* it doesn't retroactively enforce the safety net - but that's ok, most MS products don't either :) The whole point is to enhance common practice, not stay at the lowest common denominator. Key management and auditing is pretty much external to the actual software regardless of which

Re: PKI root signing ceremony, etc.

2003-12-15 Thread Peter Gutmann
Dave Howe [EMAIL PROTECTED] writes: Key management and auditing is pretty much external to the actual software regardless of which solution you use I would have thought. Not necessarily. I looked at this in an ACSAC'2000 paper (available from http://www.acsac.org/2000/abstracts/18.html). This

Re: Super-Encryption

2003-12-15 Thread Ben Laurie
[EMAIL PROTECTED] wrote: Sender's Algorithm SymmetricKey1 = 3DES_IV1, 3DES_Key1 Cipher1 = 3DES_Encrypt(message) Digest = SHA1(message) RSA_Key1 = RSA_Private_Encrypt(Digest || 3DES_Key1) SymmetricKey2 = 3DES_IV2, 3DES_Key2 Cipher2 = 3DES_Encrypt(Cipher1) RSA_Key2 = RSA_Public_Encrypt(3DES_Key2)

Re: PKI root signing ceremony, etc.

2003-12-15 Thread Dave Howe
Peter Gutmann wrote: Dave Howe [EMAIL PROTECTED] writes: Key management and auditing is pretty much external to the actual software regardless of which solution you use I would have thought. Not necessarily. I looked at this in an ACSAC'2000 paper (available from

Re: NEMA rotor machine offered again on ebay

2003-12-15 Thread Matt Crawford
On Dec 14, 2003, at 8:26 AM, Steve Bellovin wrote: http://cgi.ebay.com/ws/eBayISAPI.dll? ViewItemitem=2210624662ssPageName=ADME:B:SS:US:1 Last time such a machine appeared, some people reported that ebay blocked their access to the listing. That included one person in the U.S. Curious. I can

Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-15 Thread Jerrold Leichter
| Which brings up the interesting question: Just why are the reactions to | TCPA so strong? Is it because MS - who no one wants to trust - is | involved? Is it just the pervasiveness: Not everyone has a smart card, | but if TCPA wins out, everyone will have this lump inside of their |