funsec mailing list archives
Re: National Strategy for Trusted Identities in Cyberspace
From: Faith Young <faith.m.young () gmail com>
Date: Tue, 29 Jun 2010 05:40:39 -0400
Accidentally only sent to Dave (sorry for sending you two). My first question was totally off topic, but what ever happened to IPv6....(just kidding) My second question was how? You too can submit your ideas here - http://www.nstic.ideascale.com/
From the DarkReading article -
http://www.darkreading.com/securityservices/security/government/showArticle.jhtml?articleID=225701705 On Mon, Jun 28, 2010 at 7:23 AM, Dave Paris <dparis () w3works com> wrote:
On 6/28/2010 2:42 AM, Rich Kulawiec wrote:On Sat, Jun 26, 2010 at 09:25:11PM -0400, Valdis.Kletnieks () vt edu wrote:a) How do you protect it? Both "private key stored on the computer" and "password sent to the certifying system" aren't very secure if the user's computer is one of the 150 million compromised systems. Other systems, like smart cards, assume that standardized smart card readers are ubiquitous...Exactly. It continues to simultaneously amaze and disappoint me that so many supposed "experts" are blissfully unaware of the current state of the 'net and have absolutely no idea that their latest Big Idea was already completely defeated years before they came up with it.It's not so much a case of the state being "aren't very secure", as much as it is a case of being 100% *non-trustable*. If you can't trust the source in the first place, everything stemming from it is inherently insecure. As to Rich's comment ...why be good & effective when you can be sloppy & irrelevant and still have people throw money at you? :( I stopped being amazed or disappointed when I accepted the fact that men with money will always throw more money at a stupid idea they know little about when there's the potential to make more money off far more people who know as little or less than they do. ...which pretty much encompasses the entirety of Wall St. -d _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- National Strategy for Trusted Identities in Cyberspace Robert Slade (Jun 26)
- Re: National Strategy for Trusted Identities in Cyberspace Valdis . Kletnieks (Jun 26)
- Re: National Strategy for Trusted Identities in Cyberspace Rich Kulawiec (Jun 27)
- Re: National Strategy for Trusted Identities in Cyberspace Dave Paris (Jun 28)
- Re: National Strategy for Trusted Identities in Cyberspace Faith Young (Jun 29)
- Re: National Strategy for Trusted Identities in Cyberspace Rich Kulawiec (Jun 27)
- Re: National Strategy for Trusted Identities in Cyberspace Valdis . Kletnieks (Jun 26)