[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Usenet Conference on Security
Just a few of the highlights:
(1) Ron Rivest speaking on SDSI
(2) Ian Goldberg et.al's secure environment for running untrusted programs
in Solaris. Since it runs Netscape, it may let Perry provide a second
layer of containment for Java.
(3) Carl Ellison's "Establishing Identity Without Certification Authorities
(4) Peter Gutmann's "Secure Deletion of Data from Magnetic and Solid-State
Memory". (Bottom line, use thermite for magnetic media.)
(5) Don Davis's "Compliance Defects in Public Key Cryptography"
(6) Sameer Parekh's description (advertisement for) Community Connexion
(7) Derek Atkins' description of the PGP Library API.
Other amusements:
While the Department of Justice guy (whose name slips my mind) was saying 4
horsemen over and over (really an oversimplification of his position), Data
Fellows Ltd., Paivantaite 8, FIN-02210 ESPOO, Finland
(http://www.datafellows.com) was in the vendor area offering strong crypto
products with the line in one of their handouts, "This is orders of
magnitude more security than DES-based or US products that are under the US
ITAR export restrictions." In talking with them I didn't smell any snake
oil.
A BOF on PKI with Ron Rivest (who had already described SDSI) where Matt
Blase describing PoliceMaker, and Carl Ellison described SPKI. All three
approaches get away from the central certificate hierarchy God. Each one
has something to offer that the other do not. (In a spirit of
advertising/disclosure, I have been working with Carl on SPKI.)
-------------------------------------------------------------------------
Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506 | [Beware the man of one | 16345 Englewood Ave.
[email protected] | book] - Anonymous Latin | Los Gatos, CA 95032, USA