Re: Absolute Snakeoil

2000-09-23 Thread R. A. Hettinga 


--- begin forwarded text


Date: Fri, 22 Sep 2000 15:18:29 -0700
From: Somebody
To: [EMAIL PROTECTED]
Subject: Re: Absolute Snakeoil

>From the SafeMessage Faq

What level of encryption is used in SafeMessage?

Unfortunately, there is no straightforward answer to this question,
because "level"
doesn't mean anything in the encryption world.

[le snippage]

The bottom line is that there is no straightforward and concise answer
to your
question. We at AFTI have analyzed a number of encryption systems, and
we believe
SafeMessage to be more secure than any of the competition. But we can't
provide a
simple bit-count, for example, because our system encrypts the same data
with
several different ciphers and keys, some symmetric, some asymmetric from
large
fields, complicating the math of arriving at said bitcount.

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Absolute Snakeoil over and out.

2000-09-23 Thread R. A. Hettinga 


--- begin forwarded text


Date: Fri, 22 Sep 2000 15:15:14 -0700
From: Somebody
To: [EMAIL PROTECTED]
Subject: Re: Absolute Snakeoil over and out.

I was hoping to find somebody working on real peer to peer, and they
sort of are.  Here's the summary:
a) encrypted messaging amongst a pre-registered population who have
bought the software
b) flexible transport options (you can deliver a message by):
i. socket-to-socket;
ii. ssl/http mediated through Absolute Snakeoil servers (for
firewall
 subversion)
iii. encrypted store and forward through Absolute Snakeoil
servers
c) corporate purchasers are run their own Snakeoil servers, but
these "VPN"s can be enabled to speak to other corporations'
Snakeoil
servers.  No discussion of the PKI implications of this whole
approach.

NETNET:  Somebody should embed PGP code into the AOL Instant
Messanger framework  (AIM), and you'd be in the same place, with
open-source pre-vetted crypto and an established approach to PKI (none).

Probably somebody has.

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Absolut Snake Oil?

2000-09-23 Thread Dennis Glatting 



>From a local paper dated July 10

http://www.eastsidejournal.com/sited/retr_story.pl/23856 

"According to AbsoluteFuture.com CEO and
President Graham Andrews, SafeMessage
gets around the security problem in two
ways. One, the message is encrypted
several times over, layering different
methods of encryption on top of each other.
The result is very strong encryption."







"R. A. Hettinga" wrote:
> 
> --- begin forwarded text
> 
> Date: Fri, 22 Sep 2000 14:11:27 -0700
> From: Somebody
> To: [EMAIL PROTECTED]
> Subject: Absolut Snake Oil
> 
> A start-up is set to release a novel messaging service that lets people
>send heavily encrypted email directly to each other, a development
>that could be a boon for privacy advocates but a headache for law
>enforcement authorities.
> 
>AbsoluteFuture.com of Bellvue, Wash., has dubbed its service
>"SafeMessage," describing it as a "direct messaging" service that
> transmits
>messages from party to party without the use of a central server.
> 
> To use SafeMessage, a person signs on to the program with an ID and
>password, similarly to an email client. When typing the recipient,
> the person
>sends the contact to AbsoluteFuture's server, which locates the
> recipient
>online and allows the sender to send the message directly to the
> recipient.
> 
>The message is encrypted before it leaves the sender's computer, and
> the
>decoder key is destroyed. If the recipient is not online, the sender
> must send
>the message to AbsoluteFuture's server, which will hold the message
> until the
>recipient logs on or the message times out.
> 
> Meta Group analyst David Thompson calls the market for peer-to-peer or
> encrypted messaging nascent. "People are just starting to realize that
> this
> kind of thing is even possible," he said.
> 
> --- end forwarded text
> 
> --
> -
> R. A. Hettinga 
> The Internet Bearer Underwriting Corporation 
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'


-- 
Dennis Glatting
Copyright (c) 2000 Software Munitions

Treasury Department worries about ecash, anonymity

2000-09-23 Thread Declan McCullagh 



http://www.wired.com/news/politics/0,1283,38955,00.html

Feds: Digital Cash Can Thwart Us
by Declan McCullagh ([EMAIL PROTECTED])

3:00 a.m. Sep. 22, 2000 PDT
WASHINGTON -- A Treasury Department report warns that technologies
such as the Internet and electronic cash could thwart the federal
government's efforts to conduct surveillance of bank and credit card
transactions.

The internal strategic plan predicts that technology may help law
enforcement by allowing agents to assemble ever-growing databases of
Americans' financial activities, but it can also provide more
anonymity than ever before.

Treasury's Financial Crimes Enforcement Network (FinCEN) prepared the
36-page document, which was obtained by Wired News.

It says: "The development of new technologies -- such as electronic
cash, electronic purses, Internet or smartcard based electronic
payment systems, and Internet banking -- is increasing the ability of
individuals to rapidly transfer large sums of money, and could pose a
challenge for FinCEN and other law enforcement agencies combating
money laundering."

[...]

FC'01 Final Call for Papers

2000-09-23 Thread R. A. Hettinga 


--- begin forwarded text


Resent-From: [EMAIL PROTECTED]
Resent-Date: 23 Sep 2000 18:14:31 +0200
Resent-To: [EMAIL PROTECTED]
Date: Mon, 11 Sep 2000 17:08:37 -0400 (EDT)
From: Paul Syverson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FC'01 Final Call for Papers
Resent-Sender: [EMAIL PROTECTED]

   Final Call for Papers

 Financial Cryptography '01

 February 19-22, 2000
  Grand Cayman Marriott Beach Resort
 Cayman Islands, BWI


Original papers are solicited on all aspects of financial data security and
digital commerce in general for submission to the Fifth Annual Conference on
Financial Cryptography (FC01). FC01 aims to bring together persons involved
in the financial, legal and data security fields to foster cooperation and
exchange of ideas. Relevant topics include

Anonymity Protection   Infrastructure Design
Auditability   Legal/ Regulatory Issues
Authentication/Identification  Loyalty Mechanisms
Certification/AuthorizationPayments/ Micropayments
Commercial TransactionsPrivacy Issues
Copyright/ I.P. Management Risk Management
Digital Cash/ Digital Receipts Secure Banking Systems
Economic Implications  Smart Cards
Electronic Purses  Trust Management
ImplementationsWaterMarking


INSTRUCTIONS FOR AUTHORS: Electronic submission strongly encouraged.
(Instructions available at http://www.fc01.uwm.edu).  Alternatively,
send a cover letter and 15 copies of an extended abstract to be
received no later than October 13, 2000 (or postmarked by October 6,
2000 and sent via airmail) to the Program Chair. The extended abstract
should start with the title, names of authors, abstract, and keywords
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, background, main
achievements, and significance to financial data security. Submissions
are limited to 15 single-spaced pages of 11pt type and should
constitute substantially original material. Panel proposals are due no
later than November 27, 2000 (or postmarked and airmailed by November
20).  Panel proposals should include a brief description of the panel
and a list of prospective panelists.  Notification of acceptance or
rejection of papers and panel proposals will be sent to authors no
later than December 8, 2000.  Authors of accepted papers must
guarantee that their papers will be presented at the conference and must
be willing to sign an acceptable copyright agreement with Springer-Verlag.
Use the above address for electronic submissions or send hardcopy to:

Paul Syverson, FC01 Program Chair
Center for High Assurance Computer Systems  (Code 5540)
Naval Research Laboratory
Washington DC 20375  USA
email: [EMAIL PROTECTED]
Web: www.syverson.org
phone: +1 202 404-7931

PROCEEDINGS: Final proceedings will be published by Springer Verlag in
their Lecture Notes in Computer Science (LNCS) series.  Preproceedings
will be available at the conference, but final versions will not be
due until afterwards, giving authors the opportunity to revise their
papers based on presentations and discussions at the meeting.

Program Committee

Matt Blaze, AT&T Labs - Research
Yair Frankel, Ecash
Matt Franklin, UC Davis
David Kravitz, Wave Systems Corp.
Arjen Lenstra, Citicorp
Philip MacKenzie, Lucent Bell Labs
Avi Rubin, AT&T Labs - Research
Jacques Stern, Ecole Normale SupÈrieure
Kazue Sako, NEC
Stuart Stubblebine, CertCo
Paul Syverson (Chair), Naval Research Laboratory
Win Treese, Open Market, Inc.
Doug Tygar, UC Berkeley
Michael Waidner, IBM Zurich Research Lab
Moti Yung, CertCo

Important Dates

Extended Abstract Submissions Due: Oct. 13, 2000
Panel Proposal Submissions Due: November 27, 2000
Notification: Dec 8, 2000

Electronic submission information:
See http://www.fc01.uwm.edu

General Chair
Stuart Haber, InterTrust STAR Lab

Electronic Submission chair
George Davida, UWM

Further Information about conference registration and on travel, hotels, and
Grand Cayman itself will follow in a separate general announcement. FC01 is
organized by the International Financial Cryptography Association.
Additional information will be found at http://fc01.ai

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Loud-who?

2000-09-23 Thread R. A. Hettinga 

http://www.thestandard.com/article/display/0,1151,18811,00.html

Universal Music Group hires Loudeye.com to encrypt streaming media for them.

Intrestingly, some people from loudeye.com show up on the cryptix email
discussion list archives, when I started looking them up on alltheweb.com...

Cheers,
RAH
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'