Re: Shortcut digital signature verification failure

2002-06-22 Thread David Wagner
Bill Frantz wrote: If there is a digital signature algorithm which has the property that most invalid signatures can be detected with a small amount of processing, then I can force the attacker to start expending his CPU to present signatures which will cause my server to expend it's CPU. My

RSA touts DIY certificates

2002-06-22 Thread R. A. Hettinga
http://www.theregus.com/content/55/25329.html 21 June 2002 Updated: 06:57 EST The Register The Register USA RSA touts DIY certificates By ComputerWire Posted: 06/21/2002 at 06:42 EST ComputerWire: IT Industry Intelligence A new option for web authentication from RSA Security Inc will let

Book Review: Peter Wayner's Translucent Databases

2002-06-22 Thread R. A. Hettinga
Obvious All Along Robert Hettinga Translucent Databases By Peter Wayner Flyzone Press, 2002 ISBN 0-9675844-1-8 Through many popular books and articles in the New York Times, Peter Wayner has done more to promote the field of applied financial cryptography, and in particular open source

Secure mail relays [was:RE: DOJ proposes US data-rentention law. ]

2002-06-22 Thread Lucky Green
John wrote quoting Lucky: Locate the button in your MUA that's labeled Use secure connection or something to that effect, search the docs for your MTA for the words STARTTLS, relaying, and potentially SASL, don't use your ISP's smtp server, encourage those that you are

Recommended key sizes and lifespans

2002-06-22 Thread Bill Frantz
I have been reading a draft of, Key Management Guideline, from NIST describing key management requirements for non-classified, but confidential government information. When complete, it is expected to become a FIPS. While the guidence in it is subject to change, I found the recommendations for

Re: Shortcut digital signature verification failure

2002-06-22 Thread Bill Frantz
At 2:18 PM -0400 6/21/02, Ed Gerck wrote: A DoS would not pitch one client against one server. A distributed attack using several clients could overcome any single server advantage. A scalable strategy would be a queue system for distributing load to a pool of servers and a rating system for

Re: DOJ proposes US data-rentention law.

2002-06-22 Thread Steve Fulton
At 18:57 21/06/2002 -0700, John Young wrote: Data retention is being done now by programs and services which cache data to ease loading on servers and networks. [...] John, As a systems administrator @ an ISP, I can tell flat out that the software you describe has nothing to do with ISP

Re: Shortcut digital signature verification failure

2002-06-22 Thread Nomen Nescio
David Wagner describes a trick from Dan Bernstein to speed up RSA signature verification with e = 3: One of the nicest ideas from his work is easy to describe. In plain RSA, s is a valid signature on m if H(m) = s^3 (mod n). Now suppose we ask the signer to also supply an integer k such

Re: DOJ proposes US data-rentention law.

2002-06-22 Thread geer
Steve, Not arguing, but the hardware cost curve for storage has a shorter halving time than the cost curve for CPU (Moore's Law) and the corresponding halving time for bandwidth is shorter still. If that relationship holds up over a period of years, today's tradeoffs between cache,

Re: DOJ proposes US data-rentention law.

2002-06-22 Thread Steve Fulton
At 17:37 22/06/2002 -0400, [EMAIL PROTECTED] wrote: Not arguing, but the hardware cost curve for storage has a shorter halving time than the cost curve for CPU (Moore's Law) and the corresponding halving time for bandwidth is shorter still. You've got a point. Storage is becoming less and less

Re: DOJ proposes US data-rentention law.

2002-06-22 Thread John Young
I appreciate what an honorable ISP admin will do to abide customer rights over intrusive snoopers and perhaps cooperative administrators above the pay grade of a sysadmin. Know that a decent sysadmin is on for about 1/3 of a weekday for 24x7 systems is a small comfort but leaves unanswered what

Ross's TCPA paper

2002-06-22 Thread Lucky Green
I recently had a chance to read Ross Anderson's paper on the activities of the TCPA at http://www.cl.cam.ac.uk/ftp/users/rja14/.temp/toulouse.pdf I must confess that after reading the paper I am quite relieved to finally have solid confirmation that at least one other person has realized

Re: Ross's TCPA paper

2002-06-22 Thread John Young
Ross has shifted his TCPA paper to: http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf At 07:03 PM 6/22/2002 -0700, Lucky wrote: I recently had a chance to read Ross Anderson's paper on the activities of the TCPA at http://www.cl.cam.ac.uk/ftp/users/rja14/.temp/toulouse.pdf