Re: CFP: PKI research workshop (fwd)
-- Forwarded message -- Date: Wed, 16 Jan 2002 08:38:40 +0800 From: Enzo Michelangeli <[EMAIL PROTECTED]> Reply-To: Enzo Michelangeli <[EMAIL PROTECTED]> To: EKR <[EMAIL PROTECTED]>, Stef Caunter <[EMAIL PROTECTED]>, "D. A. Honig" <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: CFP: PKI research workshop > Here you're talking about "reputation of nyms", which doesn't require > third parties or certs, just well-kept secret keys of a PK pair. > If the remote entity keeps using the same PK keys, you can reasonably > update reputation > based on that alone. (They're essentially signing their behaviors.) On the other hand it must be said that, if reputation really worked as we would like, some sloppy and deservingly accident-prone Certification Authorities would be out of business by now. Enzo - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: CFP: PKI research workshop (fwd)
-- Forwarded message -- Date: Mon, 31 Dec 2001 22:32:41 -0500 (EST) From: Russell Nelson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: CFP: PKI research workshop Andrew Odlyzko writes: > 1. Cryptography does not fit human life styles easily. > 2. Novel technologies take a long time to diffuse through society. to which I would add: 3. Cryptography, and therefore PKI, is meaningless unless you first define a threat model. In all the messages with this Subject, I've only see one person even mention "threat model". Think about the varying threat models, and the type of cryptography one would propose to address them. Even the most common instance of encryption, encrypted web forms for hiding credit card numbers, suffers from addressing a limited threat model. There's a hell of a lot of known plaintext there. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | If you argue with someone 521 Pleasant Valley Rd. | +1 315 268 1925 voice | who is not rational, he will Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | always win, in his own mind. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: CFP: PKI research workshop (fwd)
-- Forwarded message -- Date: Sun, 30 Dec 2001 17:01:30 -0700 From: [EMAIL PROTECTED] To: Ray Dillinger <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED], Peter Gutmann <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: CFP: PKI research workshop somewhat as an aside the "gift" cards (and other flavors) that you see at large percentage of retail check-out counters in the US are effectively digital cash ... although the current incarnation results in a different card at every retailer. however, they are online, magstripe-based digital cash utilizing the same ubquituous point-of-sale infrastructure as debit & credit (it is just that the transaction routing goes to different online transaction processing than credit & debit). The issue of whether or not it would be possible to use any card at any merchant is more of a business rule issue than a technology issue. note from a higher assurance standpoint ... the x9.59 work is applicable to all electronic transactions whether they are credit, debit, e-check, OR (online) digital cash ... AND x9.59 transactions could flow over both existing ubiquituous point-of-sale network and/or a ubiquituous internet network (or any other kind of network). random refs: http://www.garlic.com/~lynn/index.html#x959 http://www.garlic.com/~lynn/index.html#aads [EMAIL PROTECTED] on 12/28/2001 4:50 pm wrote: A "local" financial branch implementation and a digital cash implementation might have a number of similar useability attributes aka from the standpoint of how local funds do you have immediately available aka funds are transferred into you local PDA as digital cash for immediate use or funds are transferred into the local financial institution for immediate use. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
CFP: PKI research workshop
[Sorry if the headers munge, but I'm using the Eudora Annoying Redirect command to keep >s from interfering with signatures. It's actually from Carl Ellison <[EMAIL PROTECTED]> ] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Included below is the ASCII CFP for our upcoming PKI research workshop. We're especially soliciting papers on ways to use public key authentication/authorization that solve real problems, rather than merely follow the traditional marketing patter about PKI. == === 1st Annual PKI Research Workshop April 24-25, 2002. NIST, Gaithersburg MD, USA. www.cs.dartmouth.edu/~pki02/ Sponsors include NIST, NIH, and Internet2. To a large extent, the hoped-for public key infrastructure (PKI) has not "happened yet." PKI for large, eclectic populations has not materialized; PKI for smaller, less diverse "enterprise" populations is beginning to emerge, but at a slower rate than many would like or had expected. Why is this? This workshop among leading security researchers will explore the issues relevant to this question, and will seek to foster a long-term research agenda for authentication and authorization in large populations via public key cryptography. The workshop is intended to promote a vigorous and structured discussion---a discussion well-informed by the problems and issues in deployment today. We solicit papers, panel proposals, and participation. * Papers and Proposals Due: January 28, 2002 * Authors Notified: March 5, 2002 * Final Materials Due: April 1, 2002 * Workshop: April 24-25, 2002. Submitted works for panels and papers should address one or more critical areas of inquiry. Topics include (but not are not limited to): * Cryptographic methods in support of security decisions * The characterization and encoding of security decision data (e.g., name spaces, x509, SDSI/SPKI, XKMS, PGP, SAML, KeyNote, PolicyMaker), policy mappings and languages, etc. * The relative security of alternative methods for supporting security decisions; * Privacy protection and implications of different approaches; * Scalability of security systems; (are there limits to growth?) * Security of the rest of the components of a system; * User interface issues with naming, multiple private keys, selective disclosure * Mobility solutions * Approaches to attributes and delegation * Discussion of how the "public key infrastructure" required may differ from the ``PKI'' traditionally defined Papers should be submitted electronically in PDF. The final version of refereed papers should ideally be between 8 and 15 pages, and in no case more than 20 pages. Proposals for panels should be no longer than five pages in length, and should include possible panelists, and an indication of which of those panelists have confirmed participation. Full instructions will appear on our Web site by December 15, 2001. Program Committee Peter Alterman NIH Steve Bellovin AT&T Labs Research Stefan BrandsMcGill University Bill BurrNIST Carl Ellison Intel Stephen Farrell Baltimore Technologies Richard GuidaJohnson and Johnson Peter Honeyman University of Michigan Ken Klingenstein University of Colorado Larry Landweber University of Wisconsin Neal McBurnett Internet2 Clifford Neuman USC Sean Smith (chair) Dartmouth College Steve Tuecke Argonne National Laboratory Contacts General Chair: Ken Klingenstein, University of Colorado. [EMAIL PROTECTED] Program Chair: Sean Smith, Dartmouth College. [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQA/AwUBPAlWFHPxfjyW5ytxEQL0tQCeIrRXXnbSpIMeSBxWFonre4VQGpoAnRzG h4JpL3OKU+ah4WizoLzP4qbj =wN/e -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+ - The SPKI Mailing List Unsubscribe by sending "unsubscribe spki" to [EMAIL PROTECTED]