>Banks [use] a web interface, after the user logs in to their account.
>So, what's missing in the email PKI model is two-sidedness.
>Fairness.
Not really. What's missing is, if you'll pardon the phrase, a central
point of failure.
If you can persuade everyone to use a single system, it's not ha
John Levine wrote:
> The great thing about Internet e-mail is that
> vast numbers of different mail systems that do not know or trust each
> other can communicate without prearrangement.
That's not banking. Banks and their clients already have a trusted
relationship. The banks webmail interface
On Tue, 13 Feb 2007, Anne & Lynn Wheeler wrote:
| ...part of the problem was that the PKI financial model is out of
| kilter with standard business practices. nominally a relying party has
| some sort of relationship with the certification authority (i.e. what
| they are relying on) and there is ex
Leichter, Jerry wrote:
It's interesting to follow up on this idea, because it shows just how
profound the problem is. Imagine starting a business that ran a PKI
and did business the old way: You would charge someone *presenting*
an alleged certificate for an "OK". The "OK" would, for the fee p
* James A. Donald:
> Obviously financial institutions should sign their
> messages to their customers, to prevent phishing. The
> only such signatures I have ever seen use gpg and come
> from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
Ivan Krstić wrote:
> This is, in my experience, exactly right. I'm trying
> to take some steps for the better on the OLPC: all
> e-mails and IMs will be signed transparently and by
> default, with the possibility of being encrypted by
> default in countries where it's not a problem. This'll
> help
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as "self-trust". Anyone
interested in tryi
Related to this announcement, credentica.com (Stefan Brands' company)
has released "U-Prove", their toolkit & SDK for doing limited-show,
selective disclosure and other aspects of the Brands credentials.
http://www.credentica.com/uprove_sdk.html
(Also on Stefans blog http://www.idcorner.o
http://www.intel.com/technology/architecture/new_instructions.htm
ftp://download.intel.com/technology/architecture/new-instructions-paper.pdf
Page 7 of the PDF describes the POPCNT "application-targeted accelerator".
John
PS: They don't give much detail, but they seem to be adding a gre
| >Banks [use] a web interface, after the user logs in to their account.
|
| >So, what's missing in the email PKI model is two-sidedness.
| >Fairness.
|
| Not really. What's missing is, if you'll pardon the phrase, a central
| point of failure.
|
| If you can persuade everyone to use a single s
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
> Meanwhile, the next generation of users is growing up on the immediacy
> of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to use email when coordinating a place to
meet in the next 10-15 minut
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
>
> > Meanwhile, the next generation of users is growing up on the immediacy
> > of IM and text messaging. Mail is ... so 20th century.
>
> Well, you certainly don
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
> > Meanwhile, the next generation of users is growing up on the immediacy
> > of IM and text messaging. Mail is ... so 20th century.
>
> Well, you certainly don't w
Leichter, Jerry wrote:
On the other hand, the push/pull combination of spam and IM/SMS are well
on their way to killing Internet mail.
Video killed the radio star? I'm an IM partisan, but even I have given
up on trying to kill off email.
Meanwhile, the next generation of users is growing
>Suppose we have a messaging service that, like Yahoo, is
>also a single signon service, ...
Then you just change the attack model.
There are a bunch of sites that do various things with your address
book ranging from the toxic Plaxo which slurps it up and sends spam to
everyone in it masqueradin
Adam Back wrote:
> Related to this announcement, credentica.com (Stefan Brands' company)
> has released "U-Prove", their toolkit & SDK for doing limited-show,
> selective disclosure and other aspects of the Brands credentials.
>
> http://www.credentica.com/uprove_sdk.html
>
> (Also on Stefa
The most interesting bit of the article:
And how exactly would users know that it was the quantum computer
rather than a human or ordinary computer answering their queries?
"There's really no way to convince a skeptic who's accessing the
machine remotely," Rose admits. For now, D-Wave
I'm happy to forward more messages on security and email, but the
messages just on email vs. IM etc. are way off topic.
Perry
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
--
John Levine wrote:
> What's missing is, if you'll pardon the phrase, a
> central point of failure.
>
> If you can persuade everyone to use a single system,
> it's not hard to make communication adequately secure.
But there is a central point. ICANN is responsible for
internet names and nu
--
Ed Gerck wrote:
> That's not banking. Banks and their clients already
> have a trusted relationship. The banks webmail
> interface leverages this to provide a trust reference
> that the user can easily verify (yes, this is my name
> and balance). That's why it works, and that's what is
> mi
James A. Donald wrote:
> Ed Gerck wrote:
>> I am using this insight in a secure email solution that provides
>> just that -- a reference point that the user trusts, both sending
>> and receiving email. Without such reference point, the user can
>> easily fall prey to con games. Trust begins as "sel
> > If you can persuade everyone to use a single system,
> > it's not hard to make communication adequately secure.
> ...
>You are making the Katrina reaction "we need someone in
>charge". ...
Oh, not at all. I guess I wasn't clear. To the extent that people use
a single system it can be secure,
--
>> Suppose we have a messaging service that, like Yahoo,
>> is also a single signon service, ...
John Levine wrote:
> Then you just change the attack model.
My proposal closes off the major attack path, and leaves
the trojan and virus attack path wide open.
But I have not had a trojan o
Another interesting piece is that even D-Wave's own Chief Executive
Herb Martin says the machine isn't a real quantum computer, but is
instead a "kind of special-purpose machine that uses some quantum
mechanics".
http://hosted.ap.org/dynamic/stories/T/TECHBIT_QUANTUM_QUANDARY?SITE=FLDAY&SECTION=HO
24 matches
Mail list logo
