Re: UK Government to force disclosure of encryption keys.

[Roy M. Silvernail]

Perry E. Metzger wrote:

Excerpt:

   The UK Government is preparing to give the police the authority to
   force organisations and individuals to disclose encryption keys, a
   move which has outraged some security and civil rights experts.

http://news.zdnet.co.uk/0,39020330,39269746,00.htm
  

Interesting.  That's the second reference I've received just this
morning to that page, which has gone 404.  Anyone have a mirror?

-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
CRM114-procmail-/dev/null-bliss
http://www.rant-central.com


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Crypto hardware with secure key storage

[Thor Lancelot Simon]

I'm trying to investigate which of the current high-end PCI crypto
accellerators include secure storage of key material -- that is, the
use model where one loads, say, an RSA private key or key for a symmetric
cipher into the device one, receives a reference, and can later, even
after device power down, tell the card use key with reference X for this
operation.

I realize that there are ways to do this without actual persistent storage
on the card, e.g. encryption of the key with a symmetric cipher using a
secret key stored in the card, which allows the cleartext key to be disposed
of so long as the card can be told okay, decrypt and use this key in the
future.  That's fine, too.

I've run into some vendors who claim to support secure key storage
but turn out to mean something else by it.  I'm specifically looking
for a device that accellerates pubkey operations and is aimed at SSL.

If people with experience with particular hardware want to share that
with me in private rather than broadcasting it to the list, that's fine,
too; I'm just trying to select a device to meet an immediate need and
am okay with not shouting out a comparison of vendor capabilites to the
entire world (though I do think it is regrettable that there's a lack
of information on this kind of device capability anywhere public).

-- 
  Thor Lancelot Simon[EMAIL PROTECTED]

  We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others.  - H.L.A. Hart

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

New UK law makes a wide range of software illegal.

[Perry E. Metzger]

A new amendment to the UK's computer crimes law makes it illegal to:

   [...]makes, adapts, supplies or offers to supply any article

a) intending it to be used to commit, or to assist in the commission
   of, an offence under section 1 or 3 [of the Computer Misuse Act];
   or
   (b) believing that it is likely to be so used.

A number of people have pointed out that, as phrased, this covers
virtually all software, including compilers, operating systems, etc.,
since it is clear that they will be used from time to time in computer
crimes.

Full article:

  http://news.zdnet.co.uk/business/legal/0,39020651,39270045,00.htm

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]