The security world in general (including crypto) is far more sensitive
than it ought to be to mass media. This is primarily because security
is an information-asymmetric or information-poor world. Which is to
say, as a society, we simply don't know enough how to do this thing
called security.
On 27/08/10 7:28 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
I got the impression, many years ago, that you couldn't rely on
systems to check revocation status, even if the system was online.
More or less, this opinion is held by many who've looked closely at the
results.
Although
On 4/09/10 4:21 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
It's too bad there isn't a notion of identity seperate from keys.
The problem with all this is there is an assumption that we can
accurately model an identity in any form. In practice, we can't. In
more theoretical term
On 5/09/10 3:08 AM, Arshad Noor wrote:
Ian G wrote:
On 4/09/10 4:21 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
It's too bad there isn't a notion of identity seperate from keys.
The problem with all this is there is an assumption that we can
accurately model an ident
On 9/09/10 5:07 AM, Scott G. Kelly wrote:
I'd like to create a convincing list of real-world examples of failures involving use of
"secret" algorithms.
Unfortunately, the result may not be what you were hoping for :)
You're probably thinking of Kherckhoffs' *2nd* principle. Back in 1883,
h
On 10/09/10 4:06 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
I understand your point, but I think it's fair to ask "can we do
better?"
Your implication is, "don't try, don't even discuss trying".
I think that's a cop out, intellectually lazy, and boring; but sure,
it avoids the risks
On 10/09/10 3:37 AM, Marsh Ray wrote:
On 09/08/2010 06:35 PM, Ian G wrote:
As a final footnote; why is K2 so misused? Why does everyone believe
that Shannon's maxim means you must never use a secret algorithm?
I always figured there were a few reasons:
1. To ensure that the people desi
On 17/09/10 4:38 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Regarding strong authentication...
I wonder whether cryptographers couldn't preempt the oncoming strong
authentication requirements by implementing practical zero-knowledge
systems that allow the user to choose from multiple
On 14/10/10 3:56 PM, Zooko O'Whielacronx wrote:
In any case, I'm pretty sure that as a *user* of hash functions what I
care about is "more likely to fail" (and efficiency), not about "bits
of security" for any bit-level greater than about 128 (including
consideration of quantum attacks, multi-ta
Hi Steven and all,
On 16/10/10 1:56 AM, Steven Bellovin wrote:
There are many possible answers to your query -- including, of course, "you're
right" -- but maybe we should be a little bit more charitable. Maybe, in fact,
they're right.
I think one of the flaws in all this is the old
"w
It used to be said that the NSA employed more mathematicians than the
rest of the world put together. This was sort of a comment on their
dominance in cryptography. Is this factoid still the case?
And, could it be said that the NSA employs more IT Sec people than
anyone else?
I'm trying to
On 16/11/10 9:52 AM, Paul Hoffman wrote:
At 9:21 AM +1100 11/16/10, Ian G wrote:
It used to be said that the NSA employed more mathematicians than the rest of
the world put together. This was sort of a comment on their dominance in
cryptography. Is this factoid still the case?
And, could
On 16/11/10 11:38 AM, Jon Callas wrote:
In some places, there's a formal or quasi-formal breakout of who is doing what.
For example, in the UK, they have GCHQ and CESG. Even though they're in the
same buildings, there's an FLA for each, so you can talk about offense vs.
defense.
In the US, th
On 17/11/10 7:26 AM, David G. Koontz wrote:
On 17/11/10 9:01 AM, David G. Koontz wrote:
A. US6704870, granted on March 9, 2004 (Yes, published)
Sony asserted prior art against this patent in the 2007 case before agreeing
Certicom's motion to end the lawsuit, which was granted without
pre
On 20/11/10 6:26 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
On Sat, Oct 16, 2010 at 12:29:07PM +1100, Ian G wrote:
On this I would demure. We do have a good metric: losses. Risk
management starts from the business, and then moves on to how losses are
effecting that business, which
On 20/11/10 2:10 PM, James A. Donald wrote:
Ian G wrote:
On this I would demure. We do have a good metric: losses. Risk
management starts from the business, and then moves on to how losses are
effecting that business, which informs our threat model.
We now have substantial measureable history
On 20/11/10 2:42 PM, James A. Donald wrote:
On 2010-11-20 9:35 AM, Jon Callas wrote:
> Forgive me, but that is insulting to both judges and
> juries. In that particular case, it is easy to defend
> because the question is "are you using MQV" and the
> answer is no.
But the defendant is alwa
On 21/11/10 2:45 AM, John Levine wrote:
By the way, what does all this semi-informed ranting about patents
have to do with cryptography?
NSA's dominance in security engineering?
=> example of DES-era crypto dominance
=> ECC push today means?
=> patents complication
=> war of words!
Th
On 21/11/10 8:37 AM, Marsh Ray wrote:
On 11/19/2010 05:39 PM, Ian G wrote:
I don't think this qualifies as a bait-and-switch scenario because the
originally-advertised functionality (the bait) is still part of the
package.
:)
Bait-and-switch would be more like a salesperson sayin
On 21/11/10 11:19 PM, Peter Gutmann wrote:
Ian G writes:
It sucks so badly, I decided in future that the only moral and ethical way
one could use the words encryption or security or the like in any
conversation was if the following were the case:
there is only one mode, and it is secure
On 24/11/10 7:51 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
On what basis do you make the (implicit) assumption that cert privkeys
were actually stolen?
For me, it would be Preponderance of evidence, or in non-legal terms
"more likely than not."
Note; I do not claim to have any
On 25/11/10 3:26 AM, Jack Lloyd wrote:
What are people's thoughts on these kinds of local cache attacks, in
terms of actual systems security? While obviously very powerful, I
tend to think that once you have a focused attacker in an unprivledged
account on your machine, you have bigger problems
On 1/12/10 6:12 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Can anyone give me a good rundown of the current anonymous payment
systems, technologies and/or algorithms?
OK, there are some issues here. There is technology, algorithms,
patents, techniques, protocols, applications, ser
On 2/12/10 1:36 AM, Rayservers wrote:
Not really, but one thing is: if you build it bottom-up, from the crypto,
you'll have trouble :) Instead, look to the business, and go bottom down.
You mean top down... :)
Oh, snap! Yes, exactly.
iang
Which is exactly going on here:
http://www.globa
On 2/12/10 6:32 PM, James A. Donald wrote:
On 2010-12-01 11:18 PM, Ian G wrote:
On 1/12/10 6:12 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Can anyone give me a good rundown of the current anonymous payment
systems, technologies and/or algorithms?
OK, there are some issues here
(resend, with right sender this time)
On 17/12/10 3:30 PM, Peter Gutmann wrote:
To put it more succinctly, and to paraphrase Richelieu, give me six lines of
code written by the hand of the most honest of coders and I'll find something
in there to backdoor.
This is the sort of extraordinary c
On 18/12/10 7:54 PM, James A. Donald wrote:
On 2010-12-18 1:39 AM, Alfonso De Gregorio wrote:
Along this line, there is, by some years, The Underhanded C Contest,
an annual contest to write innocent-looking C code implementing
malicious behavior http://underhanded.xcott.com/
Those participatin
On 21/12/10 5:46 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
So a co-worker ran into this lately;
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that).
Th
Following is written as a user perspective, not a cryptography
perspective :)
On 8/01/11 1:03 PM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Hey all,
I'm attempting to create an extensive archive of papers on -graphy and
-analysis, locally stored and broken down by category/hierarchy,
a
On 14/01/11 5:40 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
So does anyone know off the top of their head whether dm-crypt or
TrueCrypt (or other encrypted storage things) promise data integrity
in any way, shape or form?
I'm assuming they're just encrypting, but figured I'd ask befor
On 6/06/11 2:53 PM, Marsh Ray wrote:
Come on. There are people in tall glass buildings that will be using
this keyboard to enter passwords that manage accounts containing
millions of dollars on a regular basis. And there's a very high
practical limit on the gain of the antenna that could be aime
On 6/06/11 11:57 AM, David G. Koontz wrote:
On 5/06/11 6:26 PM, Peter Gutmann wrote:
That's the thing, you have to consider the threat model: If anyone's really
that desperately interested in watching your tweets about what your cat's
doing as you type them then there are far easier attack chan
On 10/06/11 3:14 AM, Paul Hoffman wrote:
Greetings again. I am helping someone design a system that will involve giving
someone a randomly-generated key that they have to type in order to unlock data
that is private but not terribly valuable. Thus, we want to keep the key as
short as practical
On 11/06/11 7:42 PM, Eugen Leitl wrote:
On Sat, Jun 11, 2011 at 02:16:55AM -, John Levine wrote:
In article<021ccba9-9203-4896-8412-481b94595...@cs.columbia.edu> you write:
http://gcn.com/articles/2011/06/09/bitcoins-digital-currency-silk-road-charles-schumer-joe-manchin.aspx?s=gcndaily_10
On 11/06/11 9:01 PM, Eugen Leitl wrote:
On Sat, Jun 11, 2011 at 03:58:07PM +1200, Peter Gutmann wrote:
"John Levine" writes:
I wouldn't call bitcoins digital cash. They're more like digital tulip bulbs,
Finally an analogy I can use to explain bitcoin to the masses (well, assuming
they know
On 12/06/11 8:29 AM, Jeffrey Walton wrote:
On Sat, Jun 11, 2011 at 4:13 PM, John Levine wrote:
Unlike fiat currencies, algorithms assert limit of total volume.
And the mint and transaction infrastructure is decentral, so there's
no single point of control. These both are very useful properties.
On 12/06/11 4:21 PM, Peter Gutmann wrote:
Am I the only one who thinks it's not coincidence that the (supposed) major
use of bitcoin is by people buying hallucinogenic substances?
The best way to think of this is from the marketing concepts of "product
diffusion" or "product life cycle".
ht
On 12/06/11 8:16 PM, Eugen Leitl wrote:
How safe is the bitcoin cryptosystem and the communication network
against targeted attacks?
It depends on what the intention or objective of the attack is. And
that depends on the threat actor.
For example, a phishing threat actor would be looking t
On 12/06/11 10:55 PM, Nicholas Bohm wrote:
Ah well. I joined bitcoin quite early, seeing it as like donating spare
cycles to an interesting experiment.
I do agree whole heartedly that this is a great fun experiment, and
worthy of attention. It has pushed the boundaries of what we've known
a
On 13/06/11 12:05 PM, James A. Donald wrote:
On 2011-06-13 9:26 AM, Ian G wrote:
However. Unless the laws of financial conservation have been repealed by
the design, those who follow have to invest a lot and come out with
less...
Financial conservation does not apply to money.
Right, not to
On 13/06/11 12:56 PM, James A. Donald wrote:
On 2011-06-12 8:57 AM, Ian G wrote:
I wrote a paper about John Levine's observation of low knowledge, way
back in 2000, called "Financial Cryptography in 7 Layers." The sort of
unstated thesis of this paper was that in order to under
On 13/06/11 5:54 PM, Adam Back wrote:
Bitcoin is not a pyramid scheme, and doesnt have to have the collapse and
late joiner losers. If bitcoin does not lose favor - ie the user base grows
and then maintains size of user base in the long term, then no one loses.
Um, Adam, that's the very definit
On 14/06/11 6:13 PM, Adam Back wrote:
See also:
Auditable Anonymous Electronic Cash by Tomas Sander and Amnon Ta-Shma
in crypto 1998.
http://www.math.tau.ac.il/~amnon/Papers/ST.crypto99.pdf
...
In their setting Sander & Ta-Shma also can identify double-spenders because
their identity is inclu
On 14/06/11 2:31 AM, Marsh Ray wrote:
I 'aint no self-appointed moderator of this list and I do find the
subject of economics terribly interesting, but maybe it would make sense
to willfully confine the scope of our discussion of Bitcoin and other
virtual currencies to the crypto side of it.
C
On 15/06/11 12:47 AM, Ian G wrote:
Or worse:
http://forum.bitcoin.org/index.php?topic=16457.0
That link is down, no surprise. From my cached copy, I wrote it up on
the blog:
http://financialcryptography.com/mt/archives/001327.html
Far too much from me, signing out... iang
On 16/06/11 12:34 AM, John Levine wrote:
Bitcoins aren't securities, because they don't act like securities.
Right. Or more particularly, he asked:
"... I can’t help wondering why
Bitcoins aren’t unregistered securities."
And the answer is that the registrar of securities defines wha
On 20/06/11 10:59 AM, Solar Designer wrote:
On Wed, Jun 15, 2011 at 04:22:55AM +0400, Solar Designer wrote:
I am trying to
learn some lessons from this.
This used to happen to me a lot in the old Cryptix days, which for a
while were a sort of smorgasboard of algorithms.
One lesson was tha
On 18/06/11 8:16 PM, Marsh Ray wrote:
On 06/18/2011 03:08 PM, slinky wrote:
But we know there are still hundreds of
"trusted" root CAs, many from governments, that will silently install
themselves into Windows at the request of any website. Some of these
even have code signing capabiliti
On 19/06/11 9:47 PM, Jon Callas wrote:
On Jun 19, 2011, at 5:54 PM, Nico Williams wrote:
On Sun, Jun 19, 2011 at 7:01 PM, Jon Callas wrote:
That brings us back to the main question: what problem are you trying to solve?
The OP meantioned that the context was JavaScript crypto, and whether
On 21/06/11 4:15 PM, Marsh Ray wrote:
On 06/21/2011 12:18 PM, Ian G wrote:
On 18/06/11 8:16 PM, Marsh Ray wrote:
On 06/18/2011 03:08 PM, slinky wrote:
But we know there are still hundreds of
"trusted" root CAs, many from governments, that will silently install
themselves in
On 26/06/11 5:50 AM, Ralph Holz wrote:
Hi,
Any model that offers a security feature to a trivially tiny minority,
to the expense of the dominant majority, is daft. The logical
conclusion of 1.5 decades worth of experience with centralised root
lists is that we, in the aggregate, may as well tr
On 26/06/11 1:26 PM, Marsh Ray wrote:
On 06/25/2011 03:48 PM, Ian G wrote:
On 21/06/11 4:15 PM, Marsh Ray wrote:
This was about the CNNIC situation,
Ah, the "I'm not in control of my own root list" threat scenario.
See, the thing there is that CNNIC has a dirty reputation.
On 28/06/11 11:25 AM, Nico Williams wrote:
On Tue, Jun 28, 2011 at 9:56 AM, Marsh Ray wrote:
Consequently, we can hardly blame users for not using special characters in
their passwords.
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not the likelihood of interop
On 28/06/11 1:01 PM, Paul Hoffman wrote:
And this discussion of ASCII and internationalization has what to do with
cryptography,
I personally think this list is about users of crypto, rather than
cryptographers-creators in particular. The former are mostly computer
scientists who think in b
On 5/07/11 9:28 AM, Sampo Syreeni wrote:
(I'm not sure whether I should write anything anytime soon, because of
Len Sassaman's untimely demise. He was an idol of sorts to me, as a guy
who Got Things Done, while being of comparable age to me. But perhaps
it's equally valid to carry on the ideas, a
On 5/07/11 4:44 PM, Jon Callas wrote:
Did you know that if a Bitcoin is destroyed, then the value of all the other
Bitcoins goes up slightly? That's incredible. It's amazing and leads to some
emergent properties.
This assumes fixed value. As there is no definition of the value in
BitCoin, i
On 5/07/11 3:59 PM, Jon Callas wrote:
There are plenty of people who agree with you that options are bad. I'm not one
of them. Yeah, yeah, sure, it's always easy to make too many options. But just
because you can have too many options that doesn't mean that zero is the right
answer. That's ju
On 13/07/11 8:36 AM, Andy Steingruebl wrote:
On Tue, Jul 12, 2011 at 2:24 PM, Zooko O'Whielacronx wrote:
When systems come with good usability properties in the key management
(SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see
this pattern. People are willing to use secure too
On 13/07/11 9:25 AM, Marsh Ray wrote:
On 07/12/2011 04:24 PM, Zooko O'Whielacronx wrote:
On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad
wrote:
I have found that when H3 meets deployment and use, the reality
too often becomes: "Something's gotta give." We haven't yet found
a way to hide enough of
On 13/07/11 3:10 AM, Hill, Brad wrote:
Re: H3, "There is one mode and it is secure"
I have found that when H3 meets deployment and use, the reality too often becomes:
"Something's gotta give." We haven't yet found a way to hide enough of the
complexity of security to make it free, and this in
On 13/07/11 9:27 PM, Ralph Holz wrote:
Hi,
You know this is why you should use ssh-keys and disable password
authentication. First thing I do when someone gives me an ssh account.
Using keys to authenticate is what I usally do, too. But even if a user
decides not to use plain password auth,
On 14/07/11 4:33 AM, Jeffrey Walton wrote:
On Wed, Jul 13, 2011 at 2:17 PM, James A. Donald wrote:
On 2011-07-13 9:10 PM, Peter Gutmann wrote:
As for Microsoft,
Microsoft have a big interest in bypassing the status quo, and they've
tried several times. But each time it isn't for the bene
On 14/07/11 12:37 PM, Ai Weiwei wrote:
Hello list,
Recently, Wired published material on their website which are claimed to be
logs of instant message conversations between Bradley Manning and Adrian Lamo
in that infamous case. [1] I have only casually skimmed them, but did notice
the followi
Back in the 1980s, a little thing called public key cryptography gave
birth to a metaphor called the "digital signature" which some smart
cryptographers thought to be a technological analogue of the human
manuscript act of signing.
It wasn't, but this didn't stop the world spending vast sums t
On 20/07/11 3:25 AM, lodewijk andré de la porte wrote:
This would revive many of the things people have aspired to kill with
bitcoins. Among others the "creation" of money (I can borrow and "store"
more money than I have). It would also mean moving the scalability
problem to a centralized system,
On 19/07/11 1:59 PM, James A. Donald wrote:
On 2011-07-19 9:48 AM, Ian G wrote:
OTR makes the same error. It takes a very interesting mathematical
property, and extend it into the hard human world, as if the words carry
the same meaning. Perhaps, once upon a time, in some TV court room
drama
On 20/07/11 9:08 PM, Eugen Leitl wrote:
On Wed, Jul 20, 2011 at 11:56:06AM +0200, Alfonso De Gregorio wrote:
I'd better rephrase it in: expectation to have "money backed by
bitcoins" exhibiting all the desirable properties of a perfect
currency (ie, stable money) are greatly exaggerated.
The
On 20/07/11 8:02 AM, Sampo Syreeni wrote:
On 2011-07-20, Ian G wrote:
To answer OP, typically all trading is done on a delayed and netted
settlement. Which is to say the trade might be done real time but the
settlement is batched for later, typically after market closing. No
money changes
Curiously, AES is now being reported as "broken."
http://www.theregister.co.uk/2011/08/19/aes_crypto_attack/
Yet, I'm sure I read earlier that the recovery attack was a few bits
short of the brute force attack. Here it is:
On 18/08/11 1:52 AM, Jack Lloyd wrote:
http://research.microsoft.com
On 21/08/11 6:21 AM, Simon Josefsson wrote:
Thierry Moreau writes:
If there were devices meeting the stated goal (commercially available
with a reasonable cost structure), they would be a very useful
security solution element for high security contexts. The user
guidance would be: never enter t
On 5/09/11 7:23 PM, Gervase Markham wrote:
The thing which makes the entire system as weak as its weakest link is
the lack of CA pinning.
Just a question of understanding: how is the CA pinning information
delivered to the browser?
(For those who don't know, I also had to look it up too :
On 6/09/11 1:07 PM, Peter Gutmann wrote:
This is true, but I'm not sure it's particularly relevant. (Who claims that
HSMs are magic pixie dust?)
CAs, when they issue a press release saying "everything's OK, we never lost
control of our private key"? Some European countries also seem to have a
On 5/09/11 7:23 PM, Gervase Markham wrote:
Hi Peter,
On 04/09/11 07:15, Peter Gutmann wrote:
Blacklist-based validity checking, the Second Dumbest Idea in Computer
Security (Marcus Ranum), doesn't work:
Diginotar issued certs for which there was no record of issuance, therefore
they coul
On 7/09/11 3:03 AM, Gervase Markham wrote:
2) the lack of CA advertising in the chrome.
This is an old argument, and my position remains:
Yes, and yes :)
there is no way we are
ever going to get average users to pay attention to CA branding,
I've watched TV so I know what an advert is ;)
On 7/09/11 7:34 AM, Fredrik Henbjork wrote:
Here's another gem related to the subject. In 2003 CAcert wished to have
their root certificate added to Mozilla's browser, and in the resulting
discussion in Bugzilla, Mozilla cryptodeveloper Nelson Bolyard had the
following to say:
"I have no opinio
On 8/09/11 5:34 AM, Fredrik Henbjork wrote:
http://www.globalsign.com/company/press/090611-security-response.html
This whole mess just gets "better and better"...
"As a responsible CA, we have decided to temporarily cease issuance of
all Certificates until the investigation is complete.
On 8/09/11 6:02 AM, I wrote:
H I'm not sure I'd suspend issuance without some evidence.
On 8/09/11 6:13 AM, Franck Leroy wrote, coz he checked the source!:
>
> http://pastebin.com/GkKUhu35
>
> extract:
>
> Third: You only heards Comodo (successfully issued 9 certs for me -
> thanks by t
On 08/09/2011, at 11:31, Lucky Green wrote:
> The SSL/public CA model did an admirable job in that regard and Taher
> ElGamal and Paul Kocher deserve full credit for this accomplishment.
As long as we can document that original model, I'm inclined to agree.
> SSL's design goals explicitly ex
Hi, Lucky, good to see some perspective!
On 08/09/2011, at 8:52, Lucky Green wrote:
> o Changes to OCSP
.
> The
> problem was that the top three CA vendors at the time, RSA Security,
> VeriSign, and Netscape didn't have a comprehensive database of
> certificates issued by their software and w
> To be contrarian for a moment
>
> In the "old days" ( a few months ago) the only really difference for a
> customer between most CAs was how widely their trust was distributed.
As far as I can see, trust is still distributed equally and broadly. That's
the nature of the homogonising des
Arrgghh apologies. I fell asleep over my iPhone and my finger slid over the
Send button.
On 10/09/2011, at 8:46, Ian G wrote:
>
>
> On 09/09/2011, at 9:11, Lucky Green wrote:
>
>> o What do I mean by the "SSL system"?
>
> I've taken to using
On 09/09/2011, at 9:11, Lucky Green wrote:
> o What do I mean by the "SSL system"?
I've taken to using TLS for the protocol, SSL in the wider context including
PKI/certs, and "secure browsing" for the headline or flagship application.
(imho, we can safely ignore any criticism on semantics, t
Hi Adam,
On 10/09/2011, at 20:16, Adam Back wrote:
> So I hear CA pinning mentioned a bit as a probable way forward, but I didnt
> see anyone define it on this list,
Adam described it in this list. The specific mechanism is less important than
what it achieves: the browser knows that the websi
Hi Steve,
On 11/09/2011, at 1:07, Steven Bellovin wrote:
>> Sorry, that doesn't work. Afaik, there is practically zero evidence of
>> Internet interception of credit cards.
>
> This makes no sense whatsoever.
(the point here is that the original statement said we had limited Internet
eavesd
On 11/09/2011, at 1:30, Douglas Huff wrote:
> On Sep 10, 2011, at 8:28 AM, Ian G wrote:
>
>> Hi Adam,
>>
>> On 10/09/2011, at 20:16, Adam Back wrote:
>>
>>> So I hear CA pinning mentioned a bit as a probable way forward, but I didnt
>>>
On 11/09/2011, at 3:22, Andy Steingruebl wrote:
> On Fri, Sep 9, 2011 at 6:22 PM, Peter Gutmann
> wrote:
>
>> May I make the following modest proposal:
>>
>> A "fix" (of whatever form you want to try) is only regarded as valid if it
>> leads to at least a 25% decrease in phishing, measure
On 11/09/2011, at 10:02, "James A. Donald" wrote:
> On 2011-09-11 9:10 AM, Andy Steingruebl wrote:
>> 1. Phishing isn't the only problem right?
Malware + breaches might be the other 2 biggies.
Note that the malware/pc takeover market was probably financed by profits from
phishing. Breaches
On 11/09/2011, at 9:10, Andy Steingruebl wrote:
> On Sat, Sep 10, 2011 at 4:01 PM, Peter Gutmann
> wrote:
>>
>> Sure, figuring out whether it'll actually work is an experiment. OTOH we
>> have
>> vast masses of data on what phishers are doing,
Which can be reduced to one observation:
Phis
On 11/09/2011, at 7:50, Steven Bellovin wrote:
>
> On Sep 10, 2011, at 4:14 00PM, John Levine wrote:
>
>>> This makes no sense whatsoever. Credit card numbers are *universally*
>>> encrypted; of course there's no interception of them.
>>
>> There's a fair amount of low-level ecommerce by e-
Lucky & Peter said:
>
>> Moreover, I noticed that some posts list one or more desirable properties
>> and requirements together with a proposed solution.
>
> That's the nice thing about PKI, there's more than enough fail to go around.
So, what happens now? As we all observe, there are two app
The problem with "shifts of faith" is that if there is really a groundswell
against, we're as likely to miss it. People who leave generally do exactly
that, and don't bother talking about it.
That said ..
>>> Some of us observe a third, more likely approach: nothing significant
>>> happens due
On 13/09/2011, at 0:15, "M.R." wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~be
On 13/09/2011, at 5:12, Marsh Ray wrote:
> It never was, and yet, it is asked to do that routinely today.
>
> This is where threat modeling falls flat.
>
> The more generally useful a communications facility that you develop, the
> less knowledge and control the engineer has about the condit
On 13/09/2011, at 23:57, Jeffrey Walton wrote:
> On Mon, Sep 12, 2011 at 5:48 PM, James A. Donald wrote:
>>--
>> On 2011-09-11 4:09 PM, Jon Callas wrote:
>>> The bottom line is that there are places that continuity
>>> works well -- phone calls are actually a good one. There
>>> are places
On 15/09/2011, at 15:40, "Kevin W. Wall" wrote:
> Trust is not binary.
Right. Or, in modelling terms, trust isn't absolute.
AES might be 99.99% reliable, which is approximately 100% for any million
or so events [1].
Trust in a CA might be more like 99%.
Now, if we have a 1% untrustworth
On 16/09/2011, at 1:22, Andy Steingruebl wrote:
> On Wed, Sep 14, 2011 at 7:34 PM, Arshad Noor
> wrote:
>>
>> However, an RP must assess this risk before trusting a self-signed
>> Root CA's certificate. If you believe there is uncertainty, then
>> don't trust the Root CA. Delete their cert
On 17/09/11 2:33 AM, Ben Laurie wrote:
A sufficiently low upper bound is convincing enough :-)
This is all the example seeks to show: There is a low upper bound.
We really don't care whether it is 1% or 30%, or +/- 2% or finger in the
air... as long as it is too low to be credible.
We ju
On 17/09/11 3:07 AM, M.R. wrote:
On 16/09/11 09:16, Jeffrey Walton wrote:
The problem is that people will probably die
due Digitar's failure.
I am not the one to defend DigiNotar, but I would not make such
dramatic assumption.
No one actively working against a government that is known to enga
On 18/09/11 8:38 AM, Jeffrey Walton wrote:
On Fri, Sep 16, 2011 at 1:07 PM, M.R. wrote:
On 16/09/11 09:16, Jeffrey Walton wrote:
The problem is that people will probably die
due Digitar's failure.
I am not the one to defend DigiNotar, but I would not make such
dramatic assumption.
I don't
On 18/09/11 4:34 PM, M.R. wrote:
On 17/09/11 17:56, lodewijk andré de la porte wrote:
> ...therefore assumes others assume SSL to be broken by design...
SSL is not "broken by design"!
See counter-proof at bottom.
SSL was designed to protect relatively low-value retail commerce,
and it still
1 - 100 of 110 matches
Mail list logo
