-BEGIN PGP SIGNED MESSAGE-
David Honig wrote:
If you give people a paper receipt with their votes on it
(as WAS's scheme mentions) then their votes can be bought or blackmailed.
I'm unaware of how that interpretation might have arisen? I don't see
anything in the proposed text
-BEGIN PGP SIGNED MESSAGE-
I'm sorry for the second message, but I could not let the egregious
error pass uncorrected:
Ed Gerck wrote:
The law does not allow it, and for good reasons as you mention.
...
The voting apparatus may keep a serial record of each vote, in order, for
-BEGIN PGP SIGNED MESSAGE-
David Honig wrote:
From "Ballot Proposal" version 1.3
10 B DISPLAY
(5) Election software shall print the selected choices on a fixed
visible medium (such as paper), and shall require the voter to
affirm those choices prior to
-BEGIN PGP SIGNED MESSAGE-
Thanks everyone for the helpful comments. I've combined them as well
as I could. Some folks sent privately, as indicated.
David Honig wrote:
At 01:03 PM 1/25/01 -0500, William Allen Simpson wrote:
I've been working with Congresswoman Lynn Rivers
-BEGIN PGP SIGNED MESSAGE-
Long answer
Matt Crawford wrote:
It looks as if your VERIFIABILITY constraints allow pay-for-vote to
take place. The voter V can show his audit number to ward-heeler W,
who can subsequently verify, together with poll-watcher P, that V
voted for Boss
-BEGIN PGP SIGNED MESSAGE-
Declan, I've looked at the floor activity for that day, and searched
the house record [Page: H12100 et seq]. I cannot find any mention of
HR.46, or "encryption", or "wiretapping". I also looked at every
reference to the word "computer", which appears
-BEGIN PGP SIGNED MESSAGE-
David Wagner wrote:
History shows that it is extremely easy to propose schemes for
encryption-with-integrity that are plausible-looking yet nonetheless
entirely broken. At this point, I don't think I would trust very much
a proposal without a proof.
For
-BEGIN PGP SIGNED MESSAGE-
I remember you expressing such sentiments on the mozilla security list some
months ago. But, there are problems with the OpenSSL license. And not
enough crossplatform support. And, I'm a big believer in multiple
independent implementations.
Ben Laurie
-BEGIN PGP SIGNED MESSAGE-
Ben Laurie wrote:
As far as I can tell, the problems are invented rather than real. At
least I can't recall any real problems except "it isn't the licence we
want it to be".
I was not aware that OpenSSL had changed to be compatible with GPL.
And I
-BEGIN PGP SIGNED MESSAGE-
Now, I didn't start this thread to argue about licenses. I just wanted
folks to review code, should they be so inclined. So, this is my last
comment. Sorry that someone took umbrage.
Ben Laurie wrote:
William Allen Simpson wrote:
I was not aware
Fallout from the early RSA release into public domain, the references
to BSAFE have been replaced, and a bunch of stuff are GPL. Is there
a team of folks doing independent code review?
Since this is likely to show up on a lot of systems, and any bugs
will plague us for a long time, this
-BEGIN PGP SIGNED MESSAGE-
This was an issue last year. We've covered the same ground that was
covered elsewhere last year, including the same proposed names.
Having been awakend by a thunderstorm, I took a little time to check
on progress over in IEEE. The latest letter that I
Rodney Thayer wrote:
What shall we call
that-public-key-algorithm-that-will-not-be-patent-protected in late
September? we should not use a trademarked or copyrighted term, in my
opinion.
"The Public Key Algorithm Formerly Known as RSA"
In the usual academic tradition, it should continue
-BEGIN PGP SIGNED MESSAGE-
"Arnold G. Reinhold" wrote:
Nothing new here. I often buy stuff on line and only get e-mail
receipts. My credit card statements are a backup, I suppose. If
anything the new law will strengthen our case with the IRS.
Possibly, but I also see language in the
-BEGIN PGP SIGNED MESSAGE-
Don Davis wrote:
i'm sorry, but this is a foolish complaint. their specialty
is as demanding as ours; why demand that they should master
our specialty, when we make no effort to master theirs, and
when we make no effort to help them understand crypto?
-BEGIN PGP SIGNED MESSAGE-
Electronic Signatures Yield Unpleasant Surprises
Knowledgeable Internet users might think that the "Electronic Signatures
in Global and National Commerce Act" -- passed overwhelmingly by the US
Congress last week -- would provide virtual world commerce with
-BEGIN PGP SIGNED MESSAGE-
Ben Laurie wrote:
OK, so if I've got a passphrase of arbitrary length, and I wish to
condense it to make a key of length n bits (n 160), what's the
approved method(s) of doing that?
I assume it goes without saying that we wish to preserve as much
-BEGIN PGP SIGNED MESSAGE-
OK, thomas.loc.gov put up the text of the revised conference report
this morning, just in time for the US House "debate" and vote. It
was hard to find, being accessed under "bill status" rather than
"bill text".
I've been putting a cheap sound card in every machine, not connected to
any external wires, cp'ing from it on reboot. Seems to generate a nice
chunk of randomness, but I've never measured it.
[EMAIL PROTECTED] wrote:
So I'm curious about what all methods do folks currently use (on NT and
It was reported that Clinton was keeping the export controls going by
executive order, even tho' congress had failed to re-authorize the
sunsetted legislation. I asked my local congress-critter about it, and
here is the response. I found it enlightening.
Now, they are checking to see
Hmmm, I didn't see any:
"Xing, you'd better do a pretty good job of securing your keys, as if
your systems are compromised you'll wear the financial consequences."
What I saw was keys compromised, sue the folks that tell anyone about
it
Ian Farquhar wrote:
Look at it this way:
Catching up on the thread, the comments about fitting the stego into the
image reminded me of http://www.outguess.org/ by Niels Provos. Looks like
he's a few months ahead of you
Marc Horowitz wrote:
Rick Smith [EMAIL PROTECTED] writes:
Thus, a 'good' stego system must use a crypto
"Steven M. Bellovin" wrote:
I was about to make a snide comment that they're just endorsing open source
software -- but is there any definition of "other restriction"? Does the GPL
count? Are they trying to ban any publication of anything that isn't flat-out
public domain? And if
It is more important to look at both sources, and document the protocol(s),
for interoperability! Enough religiousity on source licenses. Let's get
together and do it!
Ted Lemon wrote:
SpeakFreely (http://www.speakfreely.org) is already open source, so it
sets a minimum bar on the
Zombie Cow wrote:
Or start producing Open Sourced CPUs and motherboards.
IBM has an Open Source PPC motherboard, and here's an
article referring to an Open Source CPU by Sun:
(Well, they're not really "Open Source", but still, open enough..)
(Search www.techweb.com for the source URL, I
-BEGIN PGP SIGNED MESSAGE-
Catching up, and after talking with John Kelsey and Sandy Harris at
SAC'99, it seems clear that there is some consensus on these lists that
the semantics of /dev/urandom need improvement, and that some principles
of Yarrow should be incorporated. I think that
I know I'm a bit out of the loop, as I have not been studying the AES
submissions like the rest of you, but a couple of questions come to mind
on reading the meeting reports.
1) Does the power analysis apply to all smart cards, or only those that
draw from a reader?
The reason that I
Catching up on email, I will point out that every major service provider
is probably compromised to one degree or another as frequently as 3
times per year from terminal rooms. For example, in addition to Usenix
meetings: IETF meetings, NANOG meetings, and every other computer
meeting or show
28 matches
Mail list logo