Amir Herzberg wrote:
Nicely put, but I think not quite fair. From friends in financial and
other companies in the states and otherwise, I hear that Trojans are
very common there as well. In fact, based on my biased judgement and
limited exposure, my impression is that security practice is much
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice Mr Smith (or Mme Michu) to buy an
expensive CC
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice Mr Smith (or Mme Michu) to buy an
expensive CC
Bill Stewart wrote:
Yup. It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you
Bill Stewart wrote:
Yup. It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you
fields reaches new peak; 1st
time enrollment of foreign students drops
http://www.nsf.gov/sbe/srs/infbrief/nsf04326/start.htm
--
Anne Lynn Wheelerhttp://www.garlic.com/~lynn/
.
--
Anne Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
At 06:12 PM 6/8/2003 -0600, Anne Lynn Wheeler wrote:
at a recent cybersecurity conference, somebody made the statement that (of
the current outsider, internet exploits, approximately 1/3rd are buffer
overflows, 1/3rd are network traffic containing virus that infects a
machine because
.
--
Anne Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
startup in menlo park (later moved to mountain
view and have since been bought by AOL) and people saying that SSL didn't
exist ... misc ref from the past
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
--
Anne Lynn Wheelerhttp://www.garlic.com/~lynn
I arrived at that decision over four years ago ... TCPA possibly didn't
decide on it until two years ago. In the assurance session in the TCPA
track at spring 2001 intel developer's conference I claimed my chip was
much more KISS, more secure, and could reasonably meet the TCPA
requirements at
I arrived at that decision over four years ago ... TCPA possibly didn't
decide on it until two years ago. In the assurance session in the TCPA
track at spring 2001 intel developer's conference I claimed my chip was
much more KISS, more secure, and could reasonably meet the TCPA
requirements at
actually it is possible to build chips that generate keys as part of
manufactoring power-on/test (while still in the wafer, and the private key
never, ever exists outside of the chip) ... and be at effectively the same
trust level as any other part of the chip (i.e. hard instruction ROM).
using
actually it is possible to build chips that generate keys as part of
manufactoring power-on/test (while still in the wafer, and the private key
never, ever exists outside of the chip) ... and be at effectively the same
trust level as any other part of the chip (i.e. hard instruction ROM).
using
small discussion of security proportional to risk:
http://www.garlic.com/~lynn/2002h.html#61 security proportional to risk
slightly related
http://www.garlic.com/~lynn/2001j.html#5 E-commerce security
http://www.garlic.com/~lynn/2001j.html#54 Does Strong Security Mean
Anything?
also
oops, finger slip that should be
http://www.garlic.com/~lynn/2001h.html#61 security proportional to risk
aka 2001h.html not 2002h.html
[EMAIL PROTECTED] on 8/10/2002 11:25 pm wrote:
small discussion of security proportional to risk:
http://www.garlic.com/~lynn/2002h.html#61 security
and just to make sure there is a common understanding regarding SSL cert
operation ... the browser code
1) checks that the SSL server cert can be validated by ANY public key that
is in the browser preloaded list (I haven't verified whether they totally
ignore all of the cert part of these
security modules are also inside the swipe pin-entry boxes that you see
at check-out counters.
effectively both smartcards and dongles are forms of hardware tokens
the issue would be whether a smartcard form factor might be utilized in a
copy protection scheme similar to TCPA paradigm
security modules are also inside the swipe pin-entry boxes that you see
at check-out counters.
effectively both smartcards and dongles are forms of hardware tokens
the issue would be whether a smartcard form factor might be utilized in a
copy protection scheme similar to TCPA paradigm
this is in reference to
the
use of public key certificates to secure ecommerce web sites. Every one
of
those https connections is secured by an X.509 certificate infrastructure.
That's PKI.
Opinion is divided on the subject -- Captain Rum, Blackadder, Potato.
The use with SSL is what Anne|Lynn Wheeler refer
this is in reference to
the
use of public key certificates to secure ecommerce web sites. Every one
of
those https connections is secured by an X.509 certificate infrastructure.
That's PKI.
Opinion is divided on the subject -- Captain Rum, Blackadder, Potato.
The use with SSL is what Anne|Lynn Wheeler refer
note that it didn't eliminate the economies of scale of network operation
there is still massive investment required in things like fiber. some
amount of the current pricing could possibly be an overbuilt
over-invested infrastructure ... some number of operations going bankrupt
... and then
24 matches
Mail list logo
