If you sign the revocation certificate in the compromised key, then
the only way it can get revoked is if the owner of the key revokes it
or it's been compromised...
_MelloN_
> So I would prefer to work with a CA where it is not a *necessary*
> condition for a revocation.
Why would someone grabbing your red and blue disks compromise your
key? You have it encrypted, right? The encryption key is only
present in wetware, right? :'}
I generally don't think of "som
If your compression algorithm is tuned for normal ASCII text, then
may be considered more frequent than
for all combinations of values of ,
and thus pairs of uppercased letters may result in longer bit streams
than pairs of lowercase letters or one uppercase letter followed by
one lowercase let
> One of the reasons they decided to do the switch is that newer
> technologies ensure that the item in front of the scanner is in fact
> alive :)
All that this really means is that now the thing the criminal needs to
bring to the scanner is somewhat larger. It might actually *increase*
the ris
> Er, how does the criminal's calculation of this change from
> before? A guy who's going to (pardon the image) chop off
> your hand to get past the hand-scanner is just not likely to
> have many qualms about shooting you first, to keep you from
> squirming or making too much noise.
True enough
> Although I share your anger and desire for a show-down, I worry about the
> result. Back when the Clipper chip was fresh in the papers was the time for
> this showdown. There is so little awareness on the public's part today
> about crypto that I would be surprised if a mass movement of th
> Suppose someone discovers a way to solve NP-complete problems with a
> quantum computer; should he publish?
Of course!
> Granted, the quantum computers aren't big enough yet, but the
> prospects look bright for larger ones in the near future. It would
> break all classical cryptography.
I'd
> You're just asserting this again. The fact that people get paid for
> making pigs dance and not primarily for making their code readable
> suggests that the purpose of the exercise is to make the computer
> do stuff, despite your assertion to the contrary.
I get paid by the ISC to write code t
> If we lose crypto, we must already have guns laid by.
How likely do you think it is that when you use rhetoric like this, it
is *not* then used to discredit you in the top-secret briefings the
Senate gets from the anti-crypto lobbyists? You must know that having
guns laid by is just going to
> It can only be resolved by software and hardware designers choosing
> to integrate it seamlessly into their products with or without the
> permission of their rulers.
To some degree this is happening in the Open Source community, but in
order to make strong crypto ubiquitous for, e.g., cell ph
Another point to consider is that if the CALEA standards are arrived
at in an open and public manner, it could be made easy to tell whether
or not a given device is implementing them, and one could then use the
CALEA status of a device as part of the purchasing decision.
If the CALEA protocol is
> Apparently the sources to PGPphone have been released (after many
> years). See:
According to that message, the license is not an open source license,
though, so this is unfortunately not very exciting. :'(
_MelloN_
> SpeakFreely (http://www.speakfreely.org) is already open source, so it
> sets a minimum bar on the restrictions you can expect to be able to
> set on the distribution of a freeware encrypting telephone package.
Precisely. Too bad, though - I'd like to see PGPphone Open Sourced.
> The only reason that justifies the existence of the player keys in the
> CSS scheme is control of the DVD consortium over the licensees: they
> can always threaten to revoke the player key of a given licensee if
> that licensee doesn't play by the rules (Macrovision, Region Codes,
> etc.).
>
>
Rich, in the one case in order to steal your key (and thus masquerade
as you) the person has to break into your machine and read a file. In
the other case, the person has to break into your machine and *write*
a *specific* file. While both sorts of attacks are possible, the
first sort of attack
> I believe better protection would be to
> keep private keys on external tamper-evident hardware.
This is certainly true. However, if somebody compromises your system
with the smart encryption card, then they can probably use the card to
sign things. This isn't as good as having your key, sin
> I was assuming the adversary had physical access to the machine's console
> and could reboot, etc., at will, which seems to make your defense moot,
> at least for the (very few) systems I'm aware of.
Yes, if they have physical access life gets very complicated. :'}
But most organizations I'v
> It is fun to read http://www.msnbc.com/msn/361936.asp especially at
> the end, because if "This isn't even small potatoes; it's no more
> than sprouts." -- then, while the hassle, prison and fine?
Well, he did try to extort money from the banks. I think this was
really the problem with what
> Comments?
I think your proposal is not entirely unreasonable, although I wonder
if the people who have the most interest in a secure system are not
the banks, but the insurance companies and the customers. My
impression of banks is that as long as they can quantify the potential
loss, they c
> What an extraordinary concept. We are supposed to thank manufacturers
> for telling us how to use stuff they want us to use?
Well, if we want to use it too, why not thank them for helping us?
Is help only help if the person giving it has absolutely nothing to
gain in doing so? Don't you than
20 matches
Mail list logo
