Re: Thawte "SuperCerts"

"Steven M. Bellovin" <[EMAIL PROTECTED]> writes: > In message <[EMAIL PROTECTED]>, EKR writes: > > > I'm assuming it's compiled into the code, since if it were in the > > cert database, it could be tampered with. > > Sure -- just like Fortify can't exist... Fair enough. I would have kind of exp

Re: Semantic Forests, from CWD (fwd)

Maybe I'm just dense, but what's with the emphasis on phone conversations? Voice processing is flaky at best, and computationally expensive regardless. Faxes, on the other hand, can be OCR'ed easily, and email is in plaintext to begin with. -Bram

Re: Thawte "SuperCerts"

> unless, of course, there's a built-in list of trusted CAs. That's exactly what it is. Patching the list is apparently pretty easy for Netscape Navigator -- instructions are included in the mod_ssl Apache patch -- but it's not currently known what needs to be done to make IE add a trusted CA.

"SuperCert" clarifications

Hi all Saw some traffic on this list about our announcement of SuperCerts. Yes, we have a full SGC licence, and have only been waiting for browser revisions to be released that recognized our certs for 128-bit sessions. Nav 4.7 and MSIE 5.01 now do this, hence our announcement. Our licence cove

Re: Thawte "SuperCerts"

Marcus, The answers to your questions, and more, are at: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/README.GlobalID Cheers -- Enzo - Original Message - From: Marcus Leech <[EMAIL PROTECTED]> To: Radia Perlman - Boston Center for Networking <[EMAIL PROTECTED]> Cc: <[EMAIL PROT

Re: Thawte "SuperCerts"

Marcus Leech wrote: > So: two questions (with a possible answer of "use the source, luke"): > > o What bits are set in a "super cert" to indicate that it's a SGC > or step-up cert? Or is it simply that certs issued by a super-cert > authority (as marked in the browser CA cert databa

Export control of Java VM ??

Here's a thought exercise: What happens if someone applies for an export license for a Java Virtual Machine, which he intends to use as an "encryption routine"? The idea (which is not new) is that a Java program (Java byte code) would be the "key" for the encryption. It specifies how to turn th

Re: Semantic Forests, from CWD (fwd)

At 1:34 PM -0800 12/1/99, Udhay Shankar N wrote: >>From: [EMAIL PROTECTED] >>Date: Wed, 1 Dec 1999 15:18:43 -0500 >>To: undisclosed-recipients: ; >> >>CyberWire Dispatch // (c) Copyright 1999 // November 30 >>Sender: [EMAIL PROTECTED] >>Precedence: bulk >>X-Loop: [EMAIL PROTECTED] >> >>Jacking in

Re: Siemens German Digital Signature Chip Hacked

[I posted this earlier today but it never appeared, apologies if you've seen it before. In any case the bit about the SigG card has been updated] Martin Minow <[EMAIL PROTECTED]> writes: >The Register reports that the Siemens >Digital Signature Chip used for cash

Re: Semantic Forests, from CWD (fwd)

At 20:49 12/01/1999 -0800, bram wrote: >Maybe I'm just dense, but what's with the emphasis on phone >conversations? Voice processing is flaky at best, and computationally >expensive regardless. Faxes, on the other hand, can be OCR'ed easily, and >email is in plaintext to begin with. Probably (I

Re: Export control of Java VM ??

Ron Rivest writes: > (*) A Post tag system has a number of rewrite rules of the form > L_i --> R_i > where L_i and R_i are strings over some alphabet (e.g. binary). > As long as the prefix of the input matches some L_i, that > L_i is removed from the beginning of the input, a

Re: Export control of Java VM ??

In article <[EMAIL PROTECTED]>, Ron Rivest <[EMAIL PROTECTED]> wrote: >If no per-key approval is needed, then I don't see why one can't >distribute code that embodies a fixed transformation procedure, since >this is really a "key" rather than a "program". That is, the >distributed specifies a si

Re: Export control of Java VM ??

Ron Rivest wrote: > > Here's a thought exercise: > > What happens if someone applies for an export license for a Java > Virtual Machine, which he intends to use as an "encryption routine"? > The idea (which is not new) is that a Java program (Java byte code) > would be the "key" for the encrypti

Re: Semantic Forests, from CWD (fwd)

In message , "Arnold G. Reinhold" writes: >>In April 1999, a report commissioned by the Parliament's Office of >>Scientific and Technological Options Assessment (STOA), concluded that >>"effective voice 'wordspotting' systems do not exist" and "are not in use

New Yorker article on NSA surveillance, crypto regs

The New Yorker in its December 6 issue includes this article: http://cryptome.org/nsa-hersh.htm The Intelligence Gap How the digital age left our spies out in the cold. By Seymour M. Hersh While much of it resonates as true, the timing -- just before crucial oversight hearings and conc

Re: Semantic Forests, from CWD (fwd)

On Thu, 2 Dec 1999, Arnold G. Reinhold wrote: > I wonder about the European Parliament. They sometimes make our > Congress look intelligent. The existence of speech recognition > technology is hardly a secret. The European Parliament Report was written by Duncan Campbell, an investigative journa

Re: Semantic Forests, from CWD (fwd)

At 10:42 AM 12/02/1999 -0500, Arnold G. Reinhold wrote: >http://www.dragonsystems.com/products/audiomining/ > >"New AudioMining Technology Uses Award-Winning Speech Recognition >Engine to Quickly Capture and Index Information Contained in Recorded >Video Footage, Radio Broadcasts, Telephone Con