Ben,
> Ian Grigg wrote:
>> It should be obvious. But it's not. A few billions
>> of investment in smart cards says that it is anything
>> but obvious.
>
> That assumes that the goal of smartcards is to increase security instead
> of to decrease liability.
On whether the goal of smart cards is t
Ian Grigg wrote:
Alan Barrett wrote:
On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.
How much difference is there, practically, between this and using a
smartcard credit card in
At 10:29
AM 10/28/2004, James A. Donald wrote:
Is there a phone that is
programmable enough to store secrets
on and sign and decrypt stuff?
The ideal crypto device would be programmed by burning new
proms, thus enabling easy reprogramming, while making it
resistant to trojans and viruses.
the
James A. Donald wrote:
> R.A. Hettinga wrote:
> > [The mobile phone is] certainly getting to be like Chaum's
> > ideal crypto device. You own it, it has its own I/O, and it
> > never leaves your sight.
>
> Is there a phone that is programmable enough to store secrets
> on and sign and decrypt st
On Thu, Oct 28, 2004 at 09:29:21AM -0700, James A. Donald wrote:
> Is there a phone that is programmable enough to store secrets
> on and sign and decrypt stuff?
Er, it has been a while since you bought a new mobile, right?
About all of them have several MBytes memory, and run Java. Some Motorol
At 9:29 AM -0700 10/28/04, James A. Donald wrote:
>Is there a phone that is programmable enough to store secrets
>on and sign and decrypt stuff?
I think we're getting there. We're going to need a, heh, killer ap, for it,
of course.
:-)
Cheers,
RAH
--
-
R. A. Hettinga
The Inter
At 03:31
PM 10/25/2004, Ian Grigg wrote:
:-)
It should be obvious. But it's not. A few billions
of investment in smart cards says that it is anything
but obvious.
To be fair, the smart card investments I've been
familiar with have been at least very well aware of
the problem. It didn't stop th
--
R.A. Hettinga wrote:
> [The mobile phone is] certainly getting to be like Chaum's
> ideal crypto device. You own it, it has its own I/O, and it
> never leaves your sight.
Is there a phone that is programmable enough to store secrets
on and sign and decrypt stuff?
The ideal crypto device w
This is what I love about the Internet -- ask a question
and get silence but make a false claim and you get all the
advice you can possibly eat.
OK, I (quite happily) stand corrected about why Microsoft
bought Connectix -- it was cheaper given their extensive
dependence on the Virtual PC product
[EMAIL PROTECTED] writes:
>No need to buy a company just to use its product in your development shop.
They're not "using it in their development shop", that's their standard
development environment that they ship to all Windows CE, Pocket PC,
SmartPhone, and XP Embedded developers (and include fr
On Sun, 2004-10-24 at 09:35 -0400, [EMAIL PROTECTED] wrote:
> | [EMAIL PROTECTED] writes:
> |
> | >I'm pretty sure that you are answering the question
> | >"Why did Microsoft buy Connectix?"
> |
> | The answer to that one is actually "To provide a
> | development environment for Windows C
Alan Barrett wrote:
On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.
How much difference is there, practically, between this and using a
smartcard credit card in an external reader
At 9:30 AM -0400 10/25/04, Trei, Peter wrote:
>If we're going to insist on dedicated, trusted, physical
>devices for these bearer bonds, then how is this different
>than what Chaum proposed over 15 years ago?
I don't think that face to face will be necessary. It just means keeping
control of your
At 10:41 PM +0200 10/23/04, Eugen Leitl wrote:
>No, that's going to be the mobile phone.
Certainly getting to be like Chaum's ideal crypto device. You own it, it
has its own I/O, and it never leaves your sight.
Cheers,
RAH
--
-
R. A. Hettinga
The Internet Bearer Underwriting Co
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse
> Sent: Saturday, October 23, 2004 1:58 AM
> To: Ian Grigg
> Cc: [EMAIL PROTECTED]
> Subject: Re: Financial identity is *dangerous*? (was re: Fake
>
http://www.financialcryptography.com/mt/archives/000219.html
[EMAIL PROTECTED] wrote:
... to break the conundrum Ballmer finds himself
in where the road forks towards (1) fix the security
problem but lose backward compatibility, or (2) keep
the backward compatibility but never fix the problem.
I th
| [EMAIL PROTECTED] writes:
|
| >I'm pretty sure that you are answering the question
| >"Why did Microsoft buy Connectix?"
|
| The answer to that one is actually "To provide a
| development environment for Windows CE (and later XP
| Embedded)" (the emulator that's used for development
[EMAIL PROTECTED] writes:
>I'm pretty sure that you are answering the question "Why did Microsoft buy
>Connectix?"
The answer to that one is actually "To provide a development environment for
Windows CE (and later XP Embedded)" (the emulator that's used for development
in those environments is Vi
On Sat, Oct 23, 2004 at 06:58:26PM +1300, Aaron Whitehouse wrote:
> That would seem to me a more realistic expectation on consumers who are
> going to have, before too long, credit cards that fit that description
> and quite possibly the readers to go with them.
No, that's going to be the mobil
On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
> >Oh, and make it small enough to fit in the pocket,
> >put a display *and* a keypad on it, and tell the
> >user not to lose it.
>
> How much difference is there, practically, between this and using a
> smartcard credit card in an external reader with
Ian Grigg wrote:
James A. Donald wrote:
we already have the answer, and have had it for a decade: store it
on a trusted machine. Just say no to Windows XP. It's easy,
especially when he's storing a bearer bond worth a car.
What machine, attached to a network, using a web browser, and sending
a
| > What machine, attached to a network, using a web browser, and
| > sending and receiving mail, would you trust?
|
| I would suggest pursuing work along the lines of a Virtual Machine Monitor
| (VMM) like VMWare. This way you can run a legacy OS, even Windows,
| alongside a high securi
James Donald writes:
> On 19 Oct 2004 at 21:30, Ian Grigg wrote:
> > we already have the answer, and have had it for a decade:
> > store it on a trusted machine. Just say no to Windows XP.
> > It's easy, especially when he's storing a bearer bond worth a
> > car.
>
> What machine, attached to a
James A. Donald wrote:
we already have the answer, and have had it for a decade:
store it on a trusted machine. Just say no to Windows XP.
It's easy, especially when he's storing a bearer bond worth a
car.
What machine, attached to a network, using a web browser, and
sending and receiving mai
--
On 19 Oct 2004 at 21:30, Ian Grigg wrote:
> (In fact, one seems to have failed in the last few days -
> EvoCash - and another is on the watch list for failure -
> DMT/Alta. Both of them suffered from business style attacks
> it seemed, rather than what we would call security hacks.)
To
Hi John,
John Kelsey wrote:
Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich. Imagine a world where there are a few
>From: Chris Kuethe <[EMAIL PROTECTED]>
>Sent: Oct 13, 2004 1:15 PM
>To: "James A. Donald" <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED],
> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>Subject: Re: Financial identity is *dangerous*? (was re
27 matches
Mail list logo
