on Thu, Dec 11, 2003 at 05:08:38AM -0800, John Young ([EMAIL PROTECTED]) wrote:
On December 10, 2003, the Bureau of Industry and Security issued
a final rule to revise the Commerce Control List which regulates
export of US technologhy. Below are excerpts involving encryption.
The full rule:
On Wed, 17 Dec 2003, Jerrold Leichter wrote:
Given this setup, a music company will sell you a program that you must
install with a given set of access rights. The program itself will check
(a) that it wasn't modified; (b) that a trusted report indicates that it
has been given exactly the
Jerrold Leichter writes:
Given this setup, a music company will sell you a program that you must
install with a given set of access rights. The program itself will check
(a) that it wasn't modified; (b) that a trusted report indicates that it
has been given exactly the rights specified.
Ross Anderson's Trusted Computing FAQ has a lot
to say about recent threads:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
iang
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Stefan Lucks [EMAIL PROTECTED] writes:
Currently, I have three smart cards in my wallet, which I did not want to own
and which I did never pay for. I never used any of them.
Conversation from a few years ago, about multifunction smart cards:
- Multifunction smart cards are great, because
John Gilmore [EMAIL PROTECTED] writes:
They eventually censored out all the sample application scenarios like DRM'd
online music, and ramped up the level of jargon significantly, so that nobody
reading it can tell what it's for any more. Now all the documents available
at that site go on for
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
In the late nineties, the smart card world
worked out that each smart card was so expensive,
it would only work if the issuer could do multiple
apps on each card. That is, if they could share
the cost with different uses (or users).
This resulted in
Carl Ellison wrote:
It is an advantage for a TCPA-equipped platform, IMHO. Smart cards cost
money. Therefore, I am likely to have at most 1.
If I glance quickly through my wallet, I find 7 smartcards (all credit
cards). Plus the one in my phone makes 8. So, run that at most 1
argument past me
We see here a difference between your and my sides of the Atlantic. Here in
the US, almost no one has a smart card.
Of those cards you carry, how many are capable of doing public key
operations? A simple memory smartcard doesn't count for what we were
talking about.
There are other problems
Stefan,
I replied to much of this earlier, so I'll skip those parts.
- Carl
+--+
|Carl M. Ellison [EMAIL PROTECTED] http://theworld.com/~cme |
|PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71
On Mon, 15 Dec 2003 19:02:06 -0500 (EST)
Jerrold Leichter [EMAIL PROTECTED] wrote:
However, this advantage is there only because there are so few smart cards,
and so few smart card enabled applications, around.
It is not really true that there are so few smartcards. Almost every
mobile phone
At 7:30 AM -0800 12/17/03, Jerrold Leichter wrote:
...
If the system were really trusted, it could store things like your credit
balance: A vendor would trust your system's word about the contents, because
even you would not be able to modify the value. This is what smart cards
attempt to
Perry is absolutely right.
There is no point in pursuing this.
It might even be analogous to what we now know about computers.
We were warned that there would never be a need for more than
A half-dozen - after all, they were extremely expensive just to get
A few more digits in the logarithm table
At 10:51 AM 12/16/2003 +0100, Stefan Lucks wrote:
I agree with you: A good compromise between security and convenience is an
issue, when you are changing between different smart cards. E.g., I could
imagine using the smart card *once* when logging into my bank account,
and then only needing it,
John Lowry [EMAIL PROTECTED] writes:
Perry is absolutely right.
There is no point in pursuing this.
It might even be analogous to what we now know about computers.
We were warned that there would never be a need for more than
A half-dozen - after all, they were extremely expensive just to
What is the source of the acronym PAIN?
Lynn said:
... A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
I.e., its provenance?
Google shows only a few hits, indicating
it is not widespread.
iang
16 matches
Mail list logo
