> A problem with including a public key with every plaintext message is that
> it isn't very discreet - actually looks kind of ugly in some peoples's
> email clients.
You could use a separate PGP/MIME bodypart...
> Come to think of it, there are some tricky issues with regards to crypto
> on mai
Why don't they use SSL between sender and Yahoo?!
http://news.cnet.com/news/0-1005-200-3901784.html?tag=st.ne.ron.lthd
Yahoo delivers encrypted email
By Paul Festa
Staff Writer, CNET News.com
November 28, 2000, 11:30 p.m. PT
Yahoo has quietly introduced a way for people to send scrambled messag
Bram Cohen wrote:
>What we really need is a system which just stops passive attacks. The best
>idea I've come up with so far is for all outgoing messages to have a
>public key attached, and if you have the public key of an email address
>you're sending to you use it
Indeed -- this is one of the c
EMAIL PROTECTED]
Telephone enquiries : 0207 955 6579
Organising Committee: Simon Davies (PI & LSE), Erich Moechel (Quintessenz),
Barry Steinhardt (ACLU), Ian Brown (UCL & Hidden Footprints), Stephanie
Perrin (ZKS), Gus Hosein (LSE).
Customers blast Comcast move to foil bandwidth hogs
By Corey Grice
Staff Writer, CNET News.com
August 16, 2000, 12:00 p.m. PT
Revisions made to a Comcast Online customer agreement document
have irked some high-speed cable-modem customers concerned about
a prohibition on the use of secure networ
>Wasn't there a story very much like this, a year or two ago, that turned
>out to be a hoax?
Not that I have heard about. Ken Cukier's original story was confirmed by a UK
Customs spokesperson: http://www.sightings.com/political/laptops.htm
'A spokesman for Customs and Excise said officials w
>IANAL but wouldn't the UK's proposed legislation make software that
>won't provide access to all keys implicitly illegal?
This has been the subject of great debate in the UK. The RIP Bill says that you can be
served with a key demand if you "have or have had" the
requested key. Until this week
Latest is that the UK's horrendous mish-mash of Internet surveillance and
decryption/key (actually government-issued) "warrants" legislation is facing
extreme opposition in our House of Lords. Unfortunately, the Government seems
intent on driving the bill through Parliament (as they have the powe
Sorry for the short notice, but we're going to multicast on Tuesday a talk
Whit Diffie did here last year on the history of PKC.
Unfortunately, multicast support is flaky at best on the UK Internet: most
universities will have it, but ISPs may not. I'm not sure about the global
situation.
You ne
Dorothy Denning wrote an interesting paper on authenticating location using
GPS signals... I think it's reachable from her home page as well as the
following citation:
D. E. Denning and P. F. MacDoran, "Location-Based Authentication: Grounding
Cyberspace for Better Security," Computer Fraud an
>It seems however, that Napster suffers from a few design flaws:
>centralism (there is a central database, right?)
Unfortunately, yes. Each client logs on to a server, hands over a list of the
files it currently is sharing, then uses the server for searches. This seems
bad even for Napster Inc.
>A question on UK legislative terminology:
>Does "published a bill" mean that Parliament approved it?
>Or does it just mean that the ministers are proposing this law
>that they'd _like_ to get Parliament to pass, but it
>hasn't been passed yet?
The latter. A Bill becomes an Act once it has been a
>Let's suppose that some stranger send me an unsolicited
>document encrypted with a key different from mine: how am I supposed to
>decrypt it? And can I really be thrown to jail for that??
Under the previous draft of the UK bill, yes -- see http://www.stand.org.uk/
for an amusing demonstration o
>How easy would it be to include some electronics or use
>the circuitry in keyboards and have them emit signals?
>
>How vulnerable are keyboards to emitting tempest emanations?
Some analysis, and suggestions on reducing this threat are at
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/nato-tempes
Perry Metzger wrote:
>Some parts of this description make me nervous. Why are PRIVATE keys
>being stored on a server, for instance?
It's still hard to give applets access to client-side data in a secure and
browser-independent way, but obviously this would be a great improvement.
>Why use SSL t
Ryan Lackey wrote:
>I believe this to be a categorical problem for all systems lacking a
>secured/tamper-resistant I/O conduit directly to the user. If you've solved
>it, I would be very interested to learn how.
cryptographic neural implants ;)
Phillip Hallam-Baker wrote:
>In addition under the single European act the entire country of Europe is
>one export zone for crypto control purposes.
Unfortunately, not yet. The European Commission has proposed amending the
Dual-Use regulations to allow the free circulation of crypto products amo
> Uhm, I see. But in that case, what happens if someone gets a (non-escrowed)
> DSA cert, and uses it for a secure web server only supporting the
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite (ephemeral Diffie-Hellman
> authenticated with DSS)? Strong, MIM-attack-resistant, and required by TLS
>
>Alas, the latest proposals by the Department of Trade and Industry in UK are
>to extend legal protection only to digital signatures whose keys are
>escrowed with OFTEL
Much as I dislike the DTI's proposals, it is more complex than that.
"Licensed" CAs do not have to escrow signature-only privat
19 matches
Mail list logo