Re: FC: Hollywood wants to plug "analog hole," regulate A-D converters

[Nomen Nescio]

Peter Trei writes:
> My mind has been boggled, my flabbers have been ghasted.
>
> In the name of protecting their business model, the MPAA
> proposes that every analog/digital (A/D) converter - one of
> the most basic of chips - be required to check for US
> government mandated copyright flags. Quite aside from
> increasing the cost and complexity of the devices many,
> manyfold, it eliminates the ability of the US to compete
> in the world electronics market.

This is absurd.  In all the commentary on this issue, no one has made
the obvious point that the MPAA has no interest or intention in putting
watermark detectors into every ADC chip!  They don't care about the ADC
chip in a digital thermometer or even a cell phone.  All they care about
are things like PC video capture cards, which are high fidelty consumer
devices capable of digitizing copyright protected content.

Their white paper is a brief summary of their goals and intentions and
does not go into full technical detail.  But let's use a little common
sense here, folks.

It's pointless to try to shoot down this proposal by raising all these
horror stories about ADC chips in industrial and technical devices
being crippled by a watermark detector which will never be activated.
If you waste time developing this line of argument, you will be left
with nothing to say when the actual bill focuses only on the specific
devices that the content holders are worried about.

And sure, a sufficiently talented electrical engineer can produce a custom
board to do non-watermark-aware ADC, and digitize TV shows and music.
The MPAA has to accept that such activity will continue to go on at a
low level.  They just want to make sure that consumer devices are not
sold that enable every customer to make easy digital copies of copyrighted
data based on an analog source, as they can now with the Replay DVR.

Please, let's use some common sense and not go overboard with an obviously
mistaken interpretation of the MPAA's intentions.  That wastes everyone's
time.

Re: FC: Hollywood wants to plug "analog hole," regulate A-D converters

[Mike Rosing]

On Thu, 30 May 2002, Nomen Nescio wrote:

> This is absurd.  In all the commentary on this issue, no one has made
> the obvious point that the MPAA has no interest or intention in putting
> watermark detectors into every ADC chip!  They don't care about the ADC

If they don't they are screwed.

> chip in a digital thermometer or even a cell phone.  All they care about
> are things like PC video capture cards, which are high fidelty consumer
> devices capable of digitizing copyright protected content.

And everyone outside the US will build their cards without the detector,
or with a software switch to turn it off so they can sell more in the US.

> Their white paper is a brief summary of their goals and intentions and
> does not go into full technical detail.  But let's use a little common
> sense here, folks.

Common sense says they are corrupt pigs who will stop at nothing to
get their profits back up.

> It's pointless to try to shoot down this proposal by raising all these
> horror stories about ADC chips in industrial and technical devices
> being crippled by a watermark detector which will never be activated.
> If you waste time developing this line of argument, you will be left
> with nothing to say when the actual bill focuses only on the specific
> devices that the content holders are worried about.

And what are they going to do when people build MP3 players from auto
ADC's that don't detect watermarks?  Make them illegal?

> And sure, a sufficiently talented electrical engineer can produce a custom
> board to do non-watermark-aware ADC, and digitize TV shows and music.
> The MPAA has to accept that such activity will continue to go on at a
> low level.  They just want to make sure that consumer devices are not
> sold that enable every customer to make easy digital copies of copyrighted
> data based on an analog source, as they can now with the Replay DVR.

And what's to prevent it from happening at a high level if there's
enough profit in it?  MPAA is a tiny market compared to the rest of
the electronics industry - it will be easy to bypass the law on a
huge scale.  You don't need to be a "sufficiently talented electrical
engineer" when you can go across the border, buy 1000 simple/cheap
devices and bring 'em back in your pickup truck.

> Please, let's use some common sense and not go overboard with an obviously
> mistaken interpretation of the MPAA's intentions.  That wastes everyone's
> time.

MPAA is definitly a waste of everybody's time.  They need to be shot
so we don't have to listen to them anymore!!!
:-)

Patience, persistence, truth,
Dr. mike

Re: When encryption is also authentication...

[Curt Smith]

I concur.  The problem is that the most prevalent e-mail
program (Outlook) requires no user intervention as a default
when signing and/or encrypting a message with S/MIME.  One can
override the default to "High Security" (requiring password)
only while the X.509 certificate is being installed.

I also agree that alternative authorization mechanisms (or
combination thereof) are entirely appropriate:  smartcards,
flashcards, biometric readers, magnetic strips, bar codes, etc.
 Different schemes will work provided the hardware is available
and adequate authentication can be assured.

Curt

--- David Howe <[EMAIL PROTECTED]> wrote:
> Partially agreed - a user doesn't have to know *how* it
> works, but must have to take a positive step (eg, type in a 
> password, answer "yes" to a "are you really sure you want to 
> do this" message, that sort of thing) for it to be binding 
> under most e-sig legislation. However, the law of contract 
> assumes every dotted i and crossed t is read and fully
> understood to the full measure of the law. Enough people get
> caught out this way each year (they find the contract they 
> signed isn't what they negotiated but (eg) binds them to a 
> full term of service (say, two years) when they wanted a 
> three month trial...
> There is a balance to be had here. it should be impossible
> for a random user to walk up to their powered off pc, power 
> it on, then sign a document. It should be extremely difficult

> for a random user to walk up to a pc that has been left 
> logged on (but which hasn't been used to sign documents for 
> five minutes or so) and sign a document; it should be easy
> for the user to sign a large number of documents in rapid
> succession, without having to type in a complex password 
> every single time. If this involves remembering the password 
> for a specified "idle" time, or using a smartcard to auth 
> (rather than a manual password or in addition) that the user 
> can remove when he takes a coffee break then fine - but
> whatever you do must almost certainly use no other hardware
> than is already fitted to the machine, so a usb dongle could 
> be ok for a home user but a credit-card style smartcard 
> almost certainly won't be (although if anyone knows a decent
> floppy-adaptor for smartcards, I would love to know about it)


=
Curt



end
eof

Re: Forward-secure public-key encryption eprint

[Anonymous]

David Hopwood writes:

> Forward-secure public-key encryption has been discussed here, on
> sci.crypt, and elsewhere. To recap - the goal is that an adversary who
> breaks into your computer today can't read messages sent/received
> yesterday. In the interactive case, you use ephermal Diffie-Hellman. The
> non-interactive case is more complicated and has had some ideas considered
> by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks
> relevance: forward security is nice for remailers.
>
> Anyway, there's a new eprint up which shows how to construct such a scheme
> starting from an ID-based encryption scheme by Boneh + Franklin.
>
> "A Forward-Secure Public-Key Encryption Scheme"
> Jonathan Katz
> http://eprint.iacr.org/2002/060/
>
> It's worth noting that the scheme this is based on has code available.
> http://crypto.stanford.edu/ibe/download.html

Adam Back noted several years ago that identity-based encryption systems
could be converted into forward-secure PK encryption methods.  At the
time it did not appear that any of the identity-based encryption systems
were very secure.

In the past few years a number of cryptographic results have been
achieved by using the Weil and Tate pairings, which are mappings among
groups associated with supersingular elliptic curves.  These mappings
have special mathematical properties which give a new slant to a number
of cryptographic problems.  For example it can be shown that in the
appropriate group, the Decision Diffie-Hellman problem is easy while
the Diffie-Hellman problem is still thought to be hard.  On coderpunks
this was discussed as a possible approach to ecash.  The Weil pairing
can also be used to create short signatures, only 20 bytes long for the
same security as a DSA sig taking 40 bytes.

At Crypto 2001, Boneh and Franklin showed how to use the Weil pairing
to create an identity based PK system.  Unlike earlier constructions,
this one seems to have a good security margin.  Following Adam Back's
earlier idea, this means a forward-secure PKCS can be constructed,
and the new paper does so, using the Weil and Tate pairings.

One concern is that these mathematical techniques are new in cryptography
and so it is possible that new attacks will be found against them.
While the underlying math is old, the specific application is new and
so weaknesses may still be discovered.  Another problem is that the
math is really advanced and not many implementors or users are likely
to understand it very well.  Sure we've got a library but the kind of
people who want forward security would like to understand the principles
a little better.

Re: FC: Hollywood wants to plug "analog hole," regulate A-D converters

[Steve Schear]

At 06:20 AM 5/30/2002 +0200, Nomen Nescio wrote:
>Peter Trei writes:
> > My mind has been boggled, my flabbers have been ghasted.
> >
> > In the name of protecting their business model, the MPAA
> > proposes that every analog/digital (A/D) converter - one of
> > the most basic of chips - be required to check for US
> > government mandated copyright flags. Quite aside from
> > increasing the cost and complexity of the devices many,
> > manyfold, it eliminates the ability of the US to compete
> > in the world electronics market.
>
>This is absurd.  In all the commentary on this issue, no one has made
>the obvious point that the MPAA has no interest or intention in putting
>watermark detectors into every ADC chip!  They don't care about the ADC
>chip in a digital thermometer or even a cell phone.  All they care about
>are things like PC video capture cards, which are high fidelty consumer
>devices capable of digitizing copyright protected content.

But that also means it could block sale of analog test instruments, such as 
programmable PC-based spectrum analyzers.

steve

Re: When encryption is also authentication...

[Ian Grigg]

> SSL for commerce is readily in place without batting an eyelid these days.

Costs are still way too high.  This won't change until
browsers are shipped that treat self-signed certs as being
valid.  Unfortunately, browser manufacturers believe in
cert-ware for a variety of non-security reasons.

Hopefully, one day the independant browser manufacturers
will ship browsers that show a different icon for self-
certs, rather than annoy the user with mindless security
warnings.  Then, we can expect a massive increase in
secure browsing as sites start defaulting to self-signed
certs, and a consequent massive increase in security, as
well as a follow-on massive increase in the sale of certs.

Unfortunately, we probably won't see an enhanced market
for CA certs until Verisign goes broke.

> However, I'd be interested to know just how many users out there would enter
> their card details on an unprotected site, despite the unclosed padlocks
> and the
> alert boxes.

Huge numbers of them.  You won't see it in security
lists, but most of your average people out there do
not understand the significance of the padlock, and
when merchants request credit card numbers, they
quietly forget to tell them.

And, in a lot of cases, credit card details are
shipped over cleartext email rather than browsers.
Many of these merchants have card-holder-present
agreements, the restrictions of which, they just
ignore.  Commerce being what commerce is, it is
more important to get the sale than deal with some
obscure security nonsense that doesn't make sense.

> Have security fears and paranoia been abated by widespread crypto
> to the point whereby users will happily transmit private data, whether
> encrypted
> or nay, just because they *perceive* the threat to now be minimal? Now that the
> media has grown tired of yet-another-credit-card-hack story?

Much of today's body of (OECD) net users don't read
the news about the net and don't understand the debate,
nor can they make sense of how to protect themselves
from a site that is hacked...

Three or four years back, much of the body of the
net was still technically advanced and capable of
understanding the fallacious security arguments.

These days, perversely, the users are better able
to evaluate the security risks, because they don't
understand the arguments, so they look to the
actual experience, which provides no warnings.

> Pointers to any evidence/research into this much appreciated... ta.

Unfortunately, real data is being kept back by the
credit card majors.  It is my contention that there
has never been a case of sniffed-credit-card-abuse,
and nobody I've ever talked to in the credit card
world has ever been able to change that.

On the whole, all net-related credit card fraud is
to do with other factors:  mass thefts from hacked
databases, fraudulent merchant gatherings, fear-of-
wife revocations, etc.  Nothing, ever, to do with
on-the-wire security.

-- 
iang

Re: sources on steganography

[Hector Rosario]

Why would I be interested in "fool[ing] [you]." All I asked was for some
help with sources. If you cannot be of help, at least don't be a
hindrance. Besides, don't claim to speak for others. If envy is what
drives you, then I suggest that you work on that.

hr

On Wed, 29 May 2002, Morlock Elloi wrote:

> > I am writing my dissertation on steganography. Basically I'm writing a
>     ^ ^   ^  ^ ^
>
> You can't fool us.
>
>
>
> =
> end
> (of original message)
>
> Y-a*h*o-o (yes, they scan for this) spam follows:
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com

Re: When encryption is also authentication...

[David Howe]

Mike Rosing <[EMAIL PROTECTED]> wrote:
> Having it be "transparent" where the user doesn't need to know
> anything about how it works does not have to destroy the
> effectiveness of digital signatures or crypto.  When people sign a
> document they don't know all the ramifications because few bother to
> read all of any document they sign - most of it won't apply as long
> as you keep your part of the bargin, so why bother?
Partially agreed - a user doesn't have to know *how* it works, but must
have to take a positive step (eg, type in a password, answer "yes" to a
"are you really sure you want to do this" message, that sort of thing)
for it to be binding under most e-sig legislation. However, the law of
contract assumes every dotted i and crossed t is read and fully
understood to the full measure of the law. Enough people get caught out
this way each year (they find the contract they signed isn't what they
negotiated but (eg) binds them to a full term of service (say, two
years) when they wanted a three month trial...
There is a balance to be had here. it should be impossible for a random
user to walk up to their powered off pc, power it on, then sign a
document. It should be extremely difficult for a random user to walk up
to a pc that has been left logged on (but which hasn't been used to sign
documents for five minutes or so) and sign a document; it should be easy
for the user to sign a large number of documents in rapid succession,
without having to type in a complex password every single time. If this
involves remembering the password for a specified "idle" time, or using
a smartcard to auth (rather than a manual password or in addition) that
the user can remove when he takes a coffee break then fine - but
whatever you do must almost certainly use no other hardware than is
already fitted to the machine, so a usb dongle could be ok for a home
user but a credit-card style smartcard almost certainly won't be
(although if anyone knows a decent floppy-adaptor for smartcards, I
would love to know about it)

Re: sources on steganography

[Steve Furlong]

Hector Rosario wrote:
> 
> Why would I be interested in "fool[ing] [you]." All I asked was for some
  ^  ^^ 
^
> help with sources. If you cannot be of help, at least don't be a
   ^ ^   ^
> hindrance. Besides, don't claim to speak for others. If envy is what
  ^^   ^
> drives you, then I suggest that you work on that.
   ^   ^   ^^
-- 
Steve FurlongComputer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking

Re: sources on steganography

[Graham Lally]

Hector Rosario wrote:
> Why would I be interested in "fool[ing] [you]." All I asked was for some
> help with sources. If you cannot be of help, at least don't be a
> hindrance. Besides, don't claim to speak for others. If envy is what
> drives you, then I suggest that you work on that.
> 
> hr
> 
> On Wed, 29 May 2002, Morlock Elloi wrote:
> 
> 
>>>I am writing my dissertation on steganography. Basically I'm writing a
>    ^ ^   ^  ^ ^
>>
>>You can't fool us.

...or "I am storb." for the proportionally-gifted.

Re: sources on steganography

[Peter Wayner]

At 11:19 AM -0400 5/29/02, Hector Rosario wrote:
>I am writing my dissertation on steganography. Basically I'm writing a
>technical monograph that would be of use to undergraduate instructors.
>What do you think are the best sources on steganography on
>the Web? What about books other than Johnson, Katzenbeiser & Peticolas,
>and the volumes covering the four international workshops on information
>hiding.


I know that my book, _Disappearing Cryptography_, is being used as a 
textbook in a few schools. It's a bit broader than the others because 
it uses a more inclusive view of the topic.

You can read a bit more here:

http://www.wayner.org/books/discrypt2/


The book on Watermarking by Cox et al is also very nice, although 
very focused and very detailed.

-Peter

Re: Forward-secure public-key encryption eprint

[dmolnar]

On Thu, 30 May 2002, Anonymous wrote:

> David Hopwood writes:

Did I miss a separate message in which David Hopwood followed up to my
post? Cypherpunks is more reliable for me than it used to be, but it's not
always all there.

>
> math is really advanced and not many implementors or users are likely
> to understand it very well.  Sure we've got a library but the kind of
> people who want forward security would like to understand the principles
> a little better.

Thanks for the detailed summary! Even if the system may not be ready for
prime time, I think it may still be worth looking at it and following
future developments.

-David

RE: Re: When encryption is also authentication...

[cypherpunk_reader]

I ain't got that much schooling in these here matters, but it seems to me
that
in terms of the agreements, online agreements are pretty slacking when it
comes to verifying
that the end user actually read the document.

Most agreements online take advantage of the fact that a user is going to
skip reading the document
and jump straight to the "Agree" button.

If the end user insists on e-signing a document without having read it it is
there perogative,
but I think there should be a better system in place to insure that they
either read it or that
they did not read it but agree anyway.

Something along the lines of timers (set to an average number of minutes it
takes to read the average contract),
a keyword in the document itself that forces the user to peruse the document
to find the keyword, or at least
force the user to type "Agree" rather than just click a button.

But hey, realistically speaking, I doubt there is much enforcement going on
regarding these online contracts.
Do we want the Federale involved in how these contracts are designed or is
the industry going to self police?

CW


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Curt Smith
Sent: Wednesday, May 29, 2002 12:21 PM
To: [EMAIL PROTECTED]
Subject: CDR: Re: When encryption is also authentication...


I agree that the signer does not need to understand the
mathematics or underlying technology for digital signatures to
be viable.  However, what good is an agreement when the parties
do not know what the terms of the agreement are?  A signature
(digital or otherwise) generally indicates that the signer not
only made an agreement, but also understood the agreement.

A digital signatures must involve a conscious decision by the
signer to keep their part of an agreement.  I maintain that
this requires user intervention to verify that the signer knew
that they making an agreement - a "click of understanding" or
pass phrase.

Curt

--- Mike Rosing <[EMAIL PROTECTED]> wrote:
...
> Having it be "transparent" where the user doesn't need to
know
> anything about how it works does not have to destroy the
> effectiveness of digital signatures or crypto.  When people
> sign a document they don't know all the ramifications because

> few bother to read all of any document they sign - most of it

> won't apply as long as you keep your part of the bargin,
> so why bother?
>
> The same thing should be true of digital signatures.  The
> user shouldn't have to know a thing, other than they've made
> a promise they better keep or all the bad clauses really do
> apply, and the proof of their signature will come to haunt
> them.  The way the digital signature works does not
> matter to them, and it shouldn't need to.
>
> If digital crypto, signatures or e-cash are going to get into
> mass appeal, then their operations will be "magic" to the
> majority.  And it all has to work, to 1 part in 10^8th or
> better, without user comprehension.
>
> It may well take "user intervention" to create a signature,
> but they shouldn't have to know what they are doing.
>
> Patience, persistence, truth,
> Dr. mike


=
end
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: sources on steganography

[cypherpunk_reader]

I AM OSAMA


Good one !!! lol



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Hector Rosario
Sent: Thursday, May 30, 2002 8:42 AM
To: Morlock Elloi
Cc: [EMAIL PROTECTED]
Subject:  Re: sources on steganography


Why would I be interested in "fool[ing] [you]." All I asked was for some
help with sources. If you cannot be of help, at least don't be a
hindrance. Besides, don't claim to speak for others. If envy is what
drives you, then I suggest that you work on that.

hr

On Wed, 29 May 2002, Morlock Elloi wrote:

> > I am writing my dissertation on steganography. Basically I'm writing a
>     ^ ^   ^  ^ ^
>
> You can't fool us.
>
>
>
> =
> end
> (of original message)
>
> Y-a*h*o-o (yes, they scan for this) spam follows:
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com

RE: Re: When encryption is also authentication...

[Mike Rosing]

On Thu, 30 May 2002, cypherpunk_reader wrote:

> If the end user insists on e-signing a document without having read it it is
> there perogative,
> but I think there should be a better system in place to insure that they
> either read it or that
> they did not read it but agree anyway.

I don't think so.  If they are fool enough to sign a document without
reading it, it's the same as using a pen to sign a contract without
reading it.  A fool is a fool, why try to protect them?  It's pretty
hopeless to try because fools are so clever!

I don't have a problem with a signing system that requires the user to
do something (like maybe even use a pda stylus and actually sign with
their own handwriting), but *forcing* them to read a contract is just
plain silly.  When enough fools have been burned by a scam, the word
will get out and the rest of the fools who don't read contracts might
think about not signing.

An e-signature can have the same weight in law as an ink one, and the
same rules apply.  A fool and their money are soon parted.

Patience, persistence, truth,
Dr. mike

Re: When encryption is also authentication...

[Jason Holt]

Ian Grigg wrote:
[...]
>> SSL for commerce is readily in place without batting an eyelid these days.
>
> Costs are still way too high.  This won't change until
> browsers are shipped that treat self-signed certs as being
> valid.  Unfortunately, browser manufacturers believe in
> cert-ware for a variety of non-security reasons.
[...]

Self signed certs defeat the purpose of the certificate chain mechanism, which
is not just there to make Veri$ign rich.  Mallory can self-sign a cert for
bob.com, and hack Alice's DNS to point bob.com at her own site.  But it's
(theoretically, anyway) much more difficult for her to convince Verisign that
she owns bob.com.  If we trust Verisign to do that, then we know we're really
talking to Bob when we visit bob.com.

Now, the ability to add other CAs which we trust would be a nice feature, and
if there were more trustworthy CAs which were added to the browsers by
default, we could get the costs down closer to the actual overhead of
verifying that the supplicant (er, applicant) actually owns the domain he's
trying to get a cert for.  But anyone can certify themselves as owning
amazon.com, and it's critical that my browser tell me when some stranger makes
such an assertion on their own.

-J

No law re electronic contracting?

[Greg Broiles]

At 01:52 PM 5/30/2002 -0400, Steve Furlong wrote:

>Summary: Recent laws have attempted to make electronic contracting
>binding, but they have not addressed some of the fundamental principles
>of contract law. These fundamental principles are often stretched or
>broken in electronic contracting. There is no case law on electronic
>contracts. I suspect that a contested electronic contract would be
>easily voided.

Nope. Back to the books for you.

Here's a three-letter hint about the enforceability of "electronic 
contracts" - EDI.

Also, take a look at these Internet-related cases -

_Caspi v. The Microsoft Network LLC_, 323 N.J. Super. 118, 732 A.2d 528 
(N.J. Super. Ct. App. Div. 1999) (at 
)

_Hotmail Corp. v. Van$ Money Pie_, 1998 U.S. Dist. LEXIS 10729; 47 
U.S.P.Q.2D 1020 (N.D. Cal. 1998) (No. C98-20064 JW) (at 
)

_Groff v. America Online_ 1998 WL 307001 (R.I. Super. Ct. May 27, 1998) (at 
)

_Specht v. Netscape_ 150 F. Supp. 2d 585 (S.D.N.Y 2001) (at 
)

You might find _Law of the Internet_, Lexis Law Pub (2001) of interest.


--
Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961

Re: When encryption is also authentication...

[Steve Furlong]

Mike Rosing wrote:
> 
> On Thu, 30 May 2002, cypherpunk_reader wrote:
> 
> > If the end user insists on e-signing a document without having read it it is
> > there perogative,
> > but I think there should be a better system in place to insure that they
> > either read it or that
> > they did not read it but agree anyway.
> 
> I don't think so.  If they are fool enough to sign a document without
> reading it, it's the same as using a pen to sign a contract without
> reading it.
...
> An e-signature can have the same weight in law as an ink one, and the
> same rules apply.  A fool and their money are soon parted.

Here's my analysis of the current situation regarding electronic
signatures in the United States. The following few paragraphs are the
way things are as I see them, not necessarily how they should be.

An e-signature in this situation would indicate assent to a contract.
One of the key points to forming a valid contract is a meeting of minds
between the parties. Another is authentication that the alleged
contracting party was actually the person who agreed to the contract.

Meeting of minds includes knowing, understanding, and agreeing to the
terms of the putative contract. With paper contracts, even lengthy ones,
knowledge and understanding are assumed if certain conventions are met,
such as font size and emphasis of important terms, as well as
opportunity to read the contract thoroughly. And the contracting party
is assumed to be able to take the contract to a lawyer if he's uncertain
about any part of it. Many electronic agreements fail on one or more of
these points. These contracts are often very lengthy, the equivalent of
several pages of printout, and are often viewed only through a very
small window, and often have small or otherwise illegible fonts. In
paper, this would be similar to a five-page contract being written out
on post-its, with only one visible at a time. Many of the agreements
cannot be printed out, which interferes with both reading and obtaining
expert advice. The situation is made even worse by the mingling of
technical jargon with the legal jargon; many software-related contracts
are even less intellegible than other contracts. Meeting of minds is
questionable under these circumstances.

Authentication is similarly problematic. Ordinary contracts are commonly
agreed to in person or with signatures. Electronic contracts are
commonly agreed to with one or two mouse clicks. There is nothing to
indicate that the "signer" was the person he alleged to be. Some laws
(see below) attempt to make this irrelevant, essentially saying that if
your computer agreed, you agreed, but this is unlikely to stand up in
court on basic principles.

I was unable to find any US case law (court cases which went to trial
and verdict, and which were written up for publication) on this subject.
Bear in mind that I no longer have access to Lexis or Westlaw, but
google and such can usually find relevent cases. I suspect that there
are no reported cases hinging on electronic signatures. This isn't
surprising, because the oldest electronic signature law is less than six
years old, and that's probably not enough time for a problem to have
arisen, been litigated, been appealed, and been written up.

The "e-sign" law of 2000 doesn't provide much help. It states simply
that a contract may not be denied solely because it was electronically
signed. Furthermore, it applies only to interstate and international
contracts. (Though most electronic contracts for, eg, downloaded
software will be interstate or international.) It doesn't provide
standards or guidance for what makes a valid electronic contract.

The Uniform Electronic Transactions Act (UETA) is a model law which
about half of the states have enacted. Some, maybe most, of these states
have modified UETA before passing it. It's not clear how this affects
contracts in which only one party is in a UETA state. UETA says that an
electronic record fulfills any requirements for a written contract
document and that an electronic signature fulfills any requirement for a
signature on the contract, and it outlines what constitutes an
electronic record and an electronic signature. Interestingly, UETA
states that an "agent", meaning a program, can fulfill the requirements
for a signature, even without human participation. See
http://www.ladas.com/BULLETINS/2002/0202Bulletin/USElectronicSignature.html
for a decent summary, and http://www.uetaonline.com/ for more detail.


Summary: Recent laws have attempted to make electronic contracting
binding, but they have not addressed some of the fundamental principles
of contract law. These fundamental principles are often stretched or
broken in electronic contracting. There is no case law on electronic
contracts. I suspect that a contested electronic contract would be
easily voided.



OK, that's the way I think it is, currently in the US. The way I think
it _should_ be is much more caveat emptor, as Dr Mike and others have
sa

Re: sources on steganography

[Morlock Elloi]

> Why would I be interested in "fool[ing] [you]." All I asked was for some
> help with sources. If you cannot be of help, at least don't be a

I think that perception and sense of humour are sort of required for crypto work.

=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Making Veri$ign rich(er)

[Ian Grigg]

> Ian Grigg wrote:
> 
> > Costs are still way too high.  This won't change until
> > browsers are shipped that treat self-signed certs as being
> > valid.  Unfortunately, browser manufacturers believe in
> > cert-ware for a variety of non-security reasons.
> [...]
> 
> Jason Holt <[EMAIL PROTECTED]> wrote:
>
> Self signed certs defeat the purpose of the certificate chain mechanism, which
> is not just there to make Veri$ign rich.

I understand that we are all working to make Veri$ign rich by
pushing their cert-ware.  Let me offer you a way in which we
could make them richer.  Believe me, they need our help.

> Mallory can self-sign a cert for
> bob.com, and hack Alice's DNS to point bob.com at her own site.  But it's
> (theoretically, anyway) much more difficult for her to convince Verisign that
> she owns bob.com.  If we trust Verisign to do that, then we know we're really
> talking to Bob when we visit bob.com.

What you describe above is an arcane theoretical attack.
An MITM is an extraordinarily difficult thing to do.  In
practice, totally impractical in risk analysis terms.  Its
impracticality is because there are always easier pickings
out there than conducting this attack.

Consider the attack.  You have to be able to so some spoofing,
or some interception, or some hacking of critical infrastructures
to do this.  After all, you have to be able to insert yourself
where Mallory needs to be in some sense, which means perverting
the normal flow of packets.

This is generally highly risky.  It is also expensive and
hard to control.

Say you are attacking Amazon.  If you pervert the DNS, as
you suggest, you will have to be able to handle a lot of DNS
requests.  Also, there is a high chance that you will be
noticed.  Net techies and hackers and ISP people are looking
at this sort of thing all the time.

Now consider what you get:  you can sit in the middle and
manage some SSL traffic.  So you'll need some capacity to
sift through all the different sessions to snaffle the good
data.  At the end of the day, you'll be burning up a lot of
CPU cycles to manage that traffic.  (So you'll need access
to some good sized hardware if you are attacking Amazon.)

Finally, you manage to start farming those valuable CCs.
Depending on how much hardware you've got that is managing
the thousands of MITM sessions, you could pick up quite a
bunch.

But, if you do manage to get to the point of actually
harvesting some CCs, you will by now have laid out such
a road map that someone should be able to find you.  So,
you had better have a fast exit.

Here's the thing:  even if you get some, it wasn't worth it.

Think like a crook.  Any thing that you can do with SSL,
you can do easier just by hacking into some poor NT box and
accessing the database to read off the CCs.  Then you get
to walk away without leaving any tracks.  Then you get the
last month's takings, because the company already did the
harversting for you.

And, in practice this is how it goes.  No thief ever bothers
to do an MITM, even over *un*encrypted traffic.  They simply
hack into the machines and steal it all.  That's why there
has never been a case of CCs sniffed over the net and being
used to commit a fraud (at least, no recorded ones).

Change the analysis to small merchants, and it is even worse
(of course Amazon will have a cert, so even its rich bounty
is unavailable, you have to do this on small merchants).



So, how do we make Veri$ign richer?  Easy, switch browsers
to accepting self-signed certs.  To see this, we have to
have tried or heard about small enterprises who have tried
to set up their SSL certs.

It's very expensive.  Most don't do it.  If we had the money
we could ask Netcraft.com for the figures, but, last I checked,
only 1% of servers have proper setups with proper certs.  Why?
because it is so expensive to set up.

Most sites try and fail.  They give up when they realise it
isn't worth their time.  So Veri$ign fails to sell the cert.
And the site remains unencrypted, uncerted, unprotected only
by the fact that nobody is watching.  (Security by obscurity
is indeed the greatest friend that we have, by actual saved
amounts of money.)

Now, if there was a halfway house, the site could at least
be set up so that it is encrypted.  Right there, is a big
improvement in security.  If we could do that, if we could
encourage the browsers to accept the self-signed but
encrypted web sites, that would let all the poor people in
the world (the other 99% that can't afford all the hoo-haa
of dealing with VeriSign and techies and ISPs and ...) have
a go at setting up secure web sites.  Secure by encryption
that is.

My guess is that it would get the number up to 10%.  Why
would that make Veri$ign richer?  Because taking that 10%
of encrypted sites would be a much more powerful target
market.  Veri$ign knows they care.  Those sites just haven't
got around to doing the work to get the cert set up.  But
they are encrypted.  They are half way there.  They wan

Re: When encryption is also authentication...

[John Saylor]

Hi

> > However, I'd be interested to know just how many users out there
> > would enter their card details on an unprotected site, despite the
> > unclosed padlocks and the alert boxes.

( 02.05.30 08:34 -0400 ) Ian Grigg:
> Huge numbers of them.  You won't see it in security
> lists, but most of your average people out there do
> not understand the significance of the padlock, and
> when merchants request credit card numbers, they
> quietly forget to tell them.

And even if they tried, network security is too arcane of a subject
matter for them to care about. They just want that big dildo [or
whatever it is that they're ordering].

One online merchant I know put big padlock .gifs on the site to reassure
users that their transactions were secure. The padlocks on the browsers
were there, but they weren't as reassuring to the customers as the
images.

-- 
\js "evolve real-time metrics"

Re: Making Veri$ign rich(er)

[Jason Holt]

On Thu, 30 May 2002, Ian Grigg wrote:
[...]
> And, in practice this is how it goes.  No thief ever bothers
> to do an MITM, even over *un*encrypted traffic.  They simply
> hack into the machines and steal it all.  That's why there
> has never been a case of CCs sniffed over the net and being
> used to commit a fraud (at least, no recorded ones).
> 
> Change the analysis to small merchants, and it is even worse
> (of course Amazon will have a cert, so even its rich bounty
> is unavailable, you have to do this on small merchants).
> 
> 
> 
> So, how do we make Veri$ign richer?  Easy, switch browsers
> to accepting self-signed certs.  To see this, we have to
> have tried or heard about small enterprises who have tried
> to set up their SSL certs.
[...]

If MITM attacks are so hard that you don't consider them a threat, why
bother with SSL at all?  SSL provides two things:

* A certificate chain that demonstrates who you're talking to
* Secrecy and message integrity between you and the person you're
talking to

You remove the first benefit by using self-signed certs.  The second
one is still nice, but if you're worried about me *watching* your traffic,
shouldn't you also be worried about me intercepting your DNS lookup and
replacing the response with my own IP?  If we all use self-signed certs,
you'll never be the wiser.

Yes, the attack you describe where I get the root nameservers to
redirect *all* amazon.com traffic to me is hard.  And it can be pretty tough
to watch and modify an individual user's traffic.  But it's not nearly as
tough as breaking the crypto behind SSL.  If we use it right, that security
extends to the domain I type into my browser.  If we don't, we reduce it to
the hardness of manipulating the wire.

I certainly agree that merchants need to use better security on the
server end.  But that's orthogonal to the SSL issue.

-J

Re: When encryption is also authentication...

[Mike Rosing]

On Thu, 30 May 2002, Steve Furlong wrote:

> Summary: Recent laws have attempted to make electronic contracting
> binding, but they have not addressed some of the fundamental principles
> of contract law. These fundamental principles are often stretched or
> broken in electronic contracting. There is no case law on electronic
> contracts. I suspect that a contested electronic contract would be
> easily voided.

Thanks, that was very enlightening.  The URL is good too - they mention
that "An electronic signature is defined as being:

   an electronic sound, symbol or process attached to or
   logically associated with a contract or other record and
   executed or adopted by a person with the intent to sign
   the record. "

I would never have thought of making a sound as part of a signature!
but for voice prints, it might be a good idea.

> OK, that's the way I think it is, currently in the US. The way I think
> it _should_ be is much more caveat emptor, as Dr Mike and others have
> said, but the legislators and judges have neglected to ask for my input.

Yes, and even if we tried to give input nobody would listen to me :-)

Most of the issues here are human interface, what is reasonable to expect
for a valid contract.  The only thing I've ever "signed" online is an
order for parts via credit card, and so far it's never been a legal
problem.

But I see where there could be major problems if people aren't really damn
careful, so I'll probably be a lot more careful than I thought I was
before!

Patience, persistence, truth,
Dr. mike

F.B.I. Given Broad Authority to Monitor the Public

[keyser-soze]

Get ready for the shit storm.

I'm making a list, checking it twice, gonna found who's tree gets watered tonight...

>F.B.I. Given Broad Authority to Monitor the Public
>By THE ASSOCIATED PRESS

>WASHINGTON (AP) -- Attorney General John Ashcroft on Thursday gave the FBI broad new 
>authority to monitor Internet sites, libraries, churches and political organizations, 
>calling restrictions on domestic spying ``a competitive advantage for terrorists.''

http://www.nytimes.com/aponline/national/AP-FBI-Reorganizing.html



Hush provide the worlds most secure, easy to use online applications - which solution 
is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? 
http://www.hush.com/partners/offers.cgi?id=domainpeople

Re: CDR: Re: sources on steganography

[measl]

Jesus christ Hector!  What the fuck are you planning to be when you grow
up?  A funeral director or something?  Grow a sense of humor for
chrissakes.  Or get lost, whichever is easier.




On Thu, 30 May 2002, Hector Rosario wrote:

> Date: Thu, 30 May 2002 09:41:54 -0400 (EDT)
> From: Hector Rosario <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: Morlock Elloi <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: CDR: Re: sources on steganography
> 
> Why would I be interested in "fool[ing] [you]." All I asked was for some
> help with sources. If you cannot be of help, at least don't be a
> hindrance. Besides, don't claim to speak for others. If envy is what
> drives you, then I suggest that you work on that.
> 
> hr
> 
> On Wed, 29 May 2002, Morlock Elloi wrote:
> 
> > > I am writing my dissertation on steganography. Basically I'm writing a
> >     ^ ^   ^  ^ ^
> >
> > You can't fool us.
> >
> >
> >
> > =
> > end
> > (of original message)
> >
> > Y-a*h*o-o (yes, they scan for this) spam follows:
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> 
> 

-- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...

Re: sources on steganography

[Bill Stewart]

Peter Wayner has a few books that deal with this and related topics.
Search for them on Amazon or wherever.

At 11:19 AM 05/29/2002 -0400, you wrote:
>I am writing my dissertation on steganography. Basically I'm writing a
>technical monograph that would be of use to undergraduate instructors.
>What do you think are the best sources on steganography on
>the Web? What about books other than Johnson, Katzenbeiser & Peticolas,
>and the volumes covering the four international workshops on information
>hiding.
>
>I am also interested in the history of the subject. One major problem with
>the available sources covering the history (like Kahn) is that they
>completely disregard China, India, and Arab countries. Any pointers?
>
>thanks,
>hector