Actually, the main thrust of this bill is to provide for a standardized, cross-state acceptance of digital signatures; mostly for legal documents and whatnot--electronic filing of court documents, yadda^3.
As it is, each state has their own law or version of a law (UETA) that is for the most part incompatible with the other laws. So, a contract digitally signed in one state is invalid in another; which severely limits the usefulness of digital signatures, naturally.
IANACryptographer, I just listen reeeel goood, and read the right stuff. The following is what I recall from an RSA2000 presentation:
Actually, many digital sig algorithms are not as secure as you say; for example, almost all algos that don't spit out a piece of the intended original message along with the hash of it are vulnerable to what is called 'existential' forgeries--any collection of gobbledygook fed to the verification algo will spit out another collection of digitally signed gobbledygook. USeless, but interesting.
More interesting is that if one is careful, many algos are vulnerable to a mathematical trick that if you can get someone to sign off on a few separate things, then tie them together, one can use the signatures of each part to create a signature of the whole. The parts may be acceptable in their own contexts; the whole may not be anything near acceptable.
Didn't you see the top lvl-2+ post? No Such Agency...exists on the net. Yeah, I think the NSA has been slashdotted.
Hey CmdrTaco, here's a new slashbox or side-menu item, list of famous websites we've slashdotted back to the stoneage.
MODERATE ABOVE UP White's "Re:Deception ToolKit"
on
Intrusion Detection
·
· Score: 2
very informative post there.
Also, there's a fundamental problem with all of these honeypot systems. Say you're running a web server, no ssl or any weird stuff, and have locked it down to JUST port 80. You get portscanned, maybe a kiddie devotes a few seconds trying the best port-80 hacks.
OTOH, you have a honeypot or port listener running, and you pop up like a glowing beacon in the night as, well, a honeypot worthy of much, much attention.
Of course if your server's already a mound of tantalizing open ports, the loss in making it (look) more attractive are less in comparison with being able to capture kiddies, or at least scare them with lawyers.
I met her briefly at RSA2000 (...and got a signed copy, heh.) (should I ebay it?).
Anyway, when I met her, Peter Neumann (yes,/that/ Peter Neumann, borrowed my copy to flip through and see the references to him and to check the TOC for topics covered. He seemed pleased... I haven't had time to read the book yet, though I've flipped through and seen various references to SATAN and similar...
This is very much in line with China's information policy...and we can be sure to expect to see a crop of hactivist websites publishing news from inside transmitted over SSL/ssh/etc.
I wonder what the Hong Kong Blondes are going to do...?
The white ones, I mean. The grey was a bit dingy, y'know.
But seriously, this is fantastic. Hackers get VC, story at 11--network security gets accepted as a real, actualy important thing. ohmigosh! What a concept! I've always admired the l0pht's methods of impriving security, and their general air of professionalism (with the normal caveats).
Oh, the NT password hash file comes to mind as a valuable file to upload and then run l0phtcrack on... Or, say, certificate private keys from the netscape directory, or anything in the pgp directory...
Can you imagine the commercial viability of an independent data haven site? There's some serious problems in setting the whole thing up, like getting recongnition of other countries, getting power from sufficient numbers of sources such that no one coalition could shut us out (buy from US, Mexico, Canada and Cuba, perchance??)
But wow. Imagine the possibilities of servers hosted there, with some powerful ssh/ssl interfaces, a few anonymous remailers and liberal use of Zero-Knowledge's Freedom or similar products and some hard-drive wipers (PGP has one, IIRC, as does SynCrypt).
It could charge an arm and a leg for commercial hosting, and provide a few dedicated servers for free use for open-source projects--especially those that don't fall under the 'retail' or 'fully-open-source' categories in the new US crypto-export regs.
We could even tap Neal Stephenson and Bruce Sterling and Gibson for venture capital, as they've all mentioned the idea at one time or the other. Or maybe they'd like to buy homes there...
as most of the job hunt takes place online, what are graduating seniors to do with this? Universities are supposed to help you get a job, right? That's why each college has a fully funded career program to connect you with people who are hiring, right?
So, what if I'm searching porno sites to find one that's hiring a webmaster? (...or a photographer? a programmer?)
What if I'm doing research on net porn? IRC? Hell, my 130-page senior thesis for my undergrad degree was written on conversation on the Internet, IRC comprising a large percentage of the research; and I've written numerous other papers on email, textual decoration, and speech acts on-line, using exmaples from every-day interaction in IRC, IM, email, web-chat rooms, etc.--some of which have been published, so they're not crap. I mean, c'mon. Is the network going to pop up an alert dialog box on each log on, "Do you promise that your activities will be restricted to educational research and work? Y/N"
So people will go through a proxy server like the defcon proxy or anonymizer, at worst. I can't imagine this even getting to a functional level, as I've found priceless info on geoshitties pages from time to time. In any case, the tech will be gotten around if it ever becomes functional.
as for no-opposite-sex visitation/restricted hours... riiiight. Who's enforcing those rules? RAs? Y'mean, fellow students? I've walked in the front door of dorms way past the witching hour. I've been smuggled in to women's halls. It's great fun to get around the security, why should this pleasure be restricted to only a few, when the entire nation could have the fun?
I should add that any campus looking to implement these rules should also instigate "first-two-years-must-be-spent-in-our-dorms" rules as well, or they'll get to see some awfully empty dorms.
When I get the flu, there are two general methods-- go on with life and hope it goes away soon enough, or settle in with lots of nyquil, soup, vitamin C and zinc oxide and go into full anti-flu mode, sleep and let my body fight.
Winning these small battles at the front is fine, great for morale, but until the we admit that this is part of a huge war for fair-use, freedom to watch bought media however we choose (be it on a Linux box, a *BSD, or any other OS), and a general show to the world that there needs to be a serious re-thinking of media in the Internet Age.
The whole war, through to the end, must be fought. By avoiding it, by winning the small prelims, we can push the rest back and delay it, but I fully expect this to end up before the supreme court. Lawyers, this will be the Scopes trial for the 21st century, so if you want a name, be the pro-bono defendant for the 500 John Does et al. I hope to see one of the techno-lawyers from Steptoe & Johnson or the like step forth to take this on.
The ACLU made itself, almost accidentally, with the Scopes 'monkey' trial; the EFF can become what we all need and want it to be with this legal war.
I am confident that in the end, we will prevail--the law cannot hold too long nowadays in the complete absence of a reality behind it, and the reality is, once someone owns a piece of media, there's no way to prevent them from their fair use of that media. I just bought a Voodoo 3 3500 with the TV-out feature. I don't even need deCSS to copy my DVDs, just a correctly set-up VCR. Not why I bought it, I want to watch DVDs on my TV from my computer's player, but what are they gonna do? Add me to the Doe list because I own a VCR?
IIRC, one of the original reports after deCSS quoted MoRE as being frankly surprised that the keys were so weak (thank you, soon-to-be-dead extreme export restrictions!), and hadn't figured that bruteforcing the keyspace would be worthwhile.
So, what does transmeta mean for the Oxygen project at MIT? I heard Deterzous' talk at RSA keynote on the handheld cellphone/palm-pilot/pager/etc.etc/ that links up to a stationary system (desktop)--I'd bet that the Crusoe will be the backbone behind Oxygen (I'd be surprised if there isn't some collusion already) and if not the Oxygen system, some decent portable connectivity device.
I'm saddened by the slow evaporaiton of sites that give you shell access. I can't code a page worth crap if I'm not in the ditches using pico (emacs flames directed to/dev/nul), reloading, fixing, reloading, etc. FTP'ing a page back and forth is a royal pain in the ass, and replicating a directory structure locally is as well, especially if you're working across platforms...
When I ask a hoster if they give shell access, they tend to have one of two responses, either, 'huh?' (...but these folks support frontpage extensions!) or 'Why, you a hacker?' [sic].
I recently had to find a home for GriffJon.com and settled on a small outfit called TranSonicNet. Linux and BSD servers (they're pretty security-conscious) with not-that-great uptime, but clued tech support with reasonable email reply-times. The price was right ($10/month), and the feature set is good. They claim unlimited bandwidth allowance, but I can't say for sure what really happens when you start chugging gigs through their servers.
This and the Hilton-space hotel will open up a new market. Not for space hotels, no, but for zero-g porn. sure, 40M is a bit over budget for most outfits, but think of the strength of the investment--the first, EVER, weightless porn flick. Anyone wanna join in a business venture??
...is that they regularly rank on Fox (Fox turned into a soft core porn channel so slowly..., killing the Fox censor for Treehouse X, the scene with Rupert Murdoch at the superbowl special, etc. etc.) regularly and are still touted by the network as a premiere show, and used to bouy up new shows like (yecch) Malcom in the Middle.
It feels to me like the point in Wizard of Oz after the house (DoJ) landed on one witch, they learn that there's another one still to go.
Seriously, tho, my first response to this was to see it as the obvious reply to the rumors of the split-up--leverage the top execs so that they are all at least somewhat experienced with the CEO seat before they get plopped into it. That, combined with Gates getting tired of being at the helm. All reliable reports I've heard is that it is true that he'd rather be in the trenches.
...which has the added bonus of having the deCSS source code embedded in the comment blocks. I found it at savedvd.tripod.com. What a cool idea (hell, wish I'd thought of it)!
I wish to inquire of you how I may return my extensive collection of DVD movies I have acquired over the past year. I no longer wish to possess them, despite their vastly superior quality, number of options, and other market-changing, market-creating attributes. I wish full refund of my movies, less a reasonable fee collected because I have viewed them a few times each.
You see; I feel I can no longer, in good conscience as a law-abiding American citizen view these wondrous disks legally on my computer system. Though I bought or was given as a gift each DVD legally, as well as own legal copies of the DVD hardware and decoding software from my computer manufacturer, I have installed two components onto my computer since it was purchased that, I fear, jeopardize the legality of viewing DVDs on it.
Most relevant, I possess a copy of deCSS, the program you are undoubtedly familiar with that allows users to copy DVD movies from their handy DVD-ROM disk into unwieldy, 6+ gigabtye files on their hard drives. I downloaded this software in the hopes that it would enable me to view my copy of The Matrix more fully, or enjoy DVD movies with fewer problems due to disk access errors. It has proved far to cumbersome, however (I only have 3 gigabytes of free space, which are rapidly becoming full with MP3s from MP3.com and from my own CD collection (MP3s don't skip during dancing at parties, you see).
But furthermore, I have followed the slow progression of the production of a reliable and hardware-independent Linux/*nix DVD Player. The other component I have modified my computer with, you see, is a secondary hard drive from which I can boot the Linux operating system instead of Windows. Ideally, I would like to use Linux as my primary operating system.
Your recent letter to the LiVid (DVD for Linux) developers and the creative programmers who released deCSS, however, has me concerned. It seems that there is no possibility that any development in a Linux DVD player would be, by your definition, using secret technologies via reverse engineering, despite the fact that the CSS technique was not patented. I fear that because I wish to view DVDs on Linux, and that any Linux implementation would be illegal, that I can no longer in good conscience view DVDs on any Operating System running on my computer-it is, after all, the same computer which could view them illegally in one OS, so how could viewing the same DVD in the other OS be possibly legal? What if I upgraded my Linux partition one day after a DVD solution had been reached, possibly 'illegally', and accidentally entered into Linux, failed to recognize the difference, and played a DVD of mine? I would fear that the police would be knocking at my door instantaneously, and this time they wouldn't be asking me to turn down my music (or which Jazz singer that was, anyway?). Having no recourse to achieve my fair-use of the DVDs which I have purchased without entering into a legal gray-area, I wish to return my discs and receive refunds for them.
Please indicate the shipping address to which they should be mailed, and when I should expect reimbursement of their cost and the rather large cost of shipping my substantial investment into what I had hoped would be a brave new world of theatrical experiences.
Warm up your letter-writing apparatuses, there's the 120-day delay for public commentary. It probably would be a Good Thing to write your congressmen, as well From the text of the doc at http://www.cdt.org/crypto/admin/000110cryptoregs.s html, here's the address to write to:
DATES: This rule is effective (DATE OF PUBLICATION). Comments must be received on or before [INSERT 120 DAYS FROM DATE OF PUBLICATION].
ADDRESSES: Written comments on this rule should be sent to Frank J. Ruggiero, Regulatory Policy Division, Bureau of Export Administration, Department of Commerce, P.O. Box 273, Washington, DC 20044. Express mail address: Frank J. Ruggiero, Regulatory Policy Division, Bureau of Export Administration, Department of Commerce, 14th Street and Pennsylvania Ave, N.W., Room 2705, Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT: James A. Lewis, Director, Office of Strategic Trade, at (202) 482-0092.
More on MS docs being encrypted--that sends shivers down my spine. I can't count the number of times that Word at work or school has choked on a document (I had it crashing within 1 second of loading a file, repeatedly, once) that has required me to open the file up in a text editor and pick out the pieces to restructure them in a new file. If they started encrypting everything, hell. I've been threatening to do all my word processing in HTML for a while now. This would cause me to do so.
Call me paranoid, but I think that this relazing of export controls is built upon a better infrastructure at NSA to deal with encrypted documents, whether it be to only care about ciphertext from areas under investigation/suspicion or merely a more powerful set of computers to deal with low-bit-length keys and the expectation of having much better computers by the time the world adopts strong encryption as standard.
You might notice that my public key is 4096 bits...
...In the market for personal digital certificates, at least, because Verisign and others don't offer any certificate beyond the self-attested-via-email (Got hotmail?) class 1 certs. The first CA that offers these for a reasonable price will be rolling in the dough.
In the Site.Cert market, I've had excellent experiences with Entrust support and their certificates. Of course, Entrust Certs were signed by...Thawte...
Slashdot Mirror
Actually, the main thrust of this bill is to provide for a standardized, cross-state acceptance of digital signatures; mostly for legal documents and whatnot--electronic filing of court documents, yadda^3.
As it is, each state has their own law or version of a law (UETA) that is for the most part incompatible with the other laws. So, a contract digitally signed in one state is invalid in another; which severely limits the usefulness of digital signatures, naturally.
IANACryptographer, I just listen reeeel goood, and read the right stuff. The following is what I recall from an RSA2000 presentation:
Actually, many digital sig algorithms are not as secure as you say; for example, almost all algos that don't spit out a piece of the intended original message along with the hash of it are vulnerable to what is called 'existential' forgeries--any collection of gobbledygook fed to the verification algo will spit out another collection of digitally signed gobbledygook. USeless, but interesting.
More interesting is that if one is careful, many algos are vulnerable to a mathematical trick that if you can get someone to sign off on a few separate things, then tie them together, one can use the signatures of each part to create a signature of the whole. The parts may be acceptable in their own contexts; the whole may not be anything near acceptable.
Didn't you see the top lvl-2+ post? No Such Agency ...exists on the net. Yeah, I think the NSA has been slashdotted.
Hey CmdrTaco, here's a new slashbox or side-menu item, list of famous websites we've slashdotted back to the stoneage.
very informative post there.
Also, there's a fundamental problem with all of these honeypot systems. Say you're running a web server, no ssl or any weird stuff, and have locked it down to JUST port 80. You get portscanned, maybe a kiddie devotes a few seconds trying the best port-80 hacks.
OTOH, you have a honeypot or port listener running, and you pop up like a glowing beacon in the night as, well, a honeypot worthy of much, much attention.
Of course if your server's already a mound of tantalizing open ports, the loss in making it (look) more attractive are less in comparison with being able to capture kiddies, or at least scare them with lawyers.
I met her briefly at RSA2000 (...and got a signed copy, heh.) (should I ebay it?).
/that/ Peter Neumann, borrowed my copy to flip through and see the references to him and to check the TOC for topics covered. He seemed pleased... I haven't had time to read the book yet, though I've flipped through and seen various references to SATAN and similar...
Anyway, when I met her, Peter Neumann (yes,
This is very much in line with China's information policy...and we can be sure to expect to see a crop of hactivist websites publishing news from inside transmitted over SSL/ssh/etc.
I wonder what the Hong Kong Blondes are going to do...?
The white ones, I mean. The grey was a bit dingy, y'know.
But seriously, this is fantastic. Hackers get VC, story at 11--network security gets accepted as a real, actualy important thing. ohmigosh! What a concept! I've always admired the l0pht's methods of impriving security, and their general air of professionalism (with the normal caveats).
Oh, the NT password hash file comes to mind as a valuable file to upload and then run l0phtcrack on ...
Or, say, certificate private keys from the netscape directory, or anything in the pgp directory...
Can you imagine the commercial viability of an independent data haven site? There's some serious problems in setting the whole thing up, like getting recongnition of other countries, getting power from sufficient numbers of sources such that no one coalition could shut us out (buy from US, Mexico, Canada and Cuba, perchance??)
But wow. Imagine the possibilities of servers hosted there, with some powerful ssh/ssl interfaces, a few anonymous remailers and liberal use of Zero-Knowledge's Freedom or similar products and some hard-drive wipers (PGP has one, IIRC, as does SynCrypt).
It could charge an arm and a leg for commercial hosting, and provide a few dedicated servers for free use for open-source projects--especially those that don't fall under the 'retail' or 'fully-open-source' categories in the new US crypto-export regs.
We could even tap Neal Stephenson and Bruce Sterling and Gibson for venture capital, as they've all mentioned the idea at one time or the other. Or maybe they'd like to buy homes there...
as most of the job hunt takes place online, what are graduating seniors to do with this? Universities are supposed to help you get a job, right? That's why each college has a fully funded career program to connect you with people who are hiring, right?
So, what if I'm searching porno sites to find one that's hiring a webmaster? (...or a photographer? a programmer?)
What if I'm doing research on net porn? IRC? Hell, my 130-page senior thesis for my undergrad degree was written on conversation on the Internet, IRC comprising a large percentage of the research; and I've written numerous other papers on email, textual decoration, and speech acts on-line, using exmaples from every-day interaction in IRC, IM, email, web-chat rooms, etc.--some of which have been published, so they're not crap.
I mean, c'mon. Is the network going to pop up an alert dialog box on each log on, "Do you promise that your activities will be restricted to educational research and work? Y/N"
So people will go through a proxy server like the defcon proxy or anonymizer, at worst. I can't imagine this even getting to a functional level, as I've found priceless info on geoshitties pages from time to time. In any case, the tech will be gotten around if it ever becomes functional.
as for no-opposite-sex visitation/restricted hours... riiiight. Who's enforcing those rules? RAs? Y'mean, fellow students? I've walked in the front door of dorms way past the witching hour. I've been smuggled in to women's halls. It's great fun to get around the security, why should this pleasure be restricted to only a few, when the entire nation could have the fun?
I should add that any campus looking to implement these rules should also instigate "first-two-years-must-be-spent-in-our-dorms" rules as well, or they'll get to see some awfully empty dorms.
When I get the flu, there are two general methods-- go on with life and hope it goes away soon enough, or settle in with lots of nyquil, soup, vitamin C and zinc oxide and go into full anti-flu mode, sleep and let my body fight.
Winning these small battles at the front is fine, great for morale, but until the we admit that this is part of a huge war for fair-use, freedom to watch bought media however we choose (be it on a Linux box, a *BSD, or any other OS), and a general show to the world that there needs to be a serious re-thinking of media in the Internet Age.
The whole war, through to the end, must be fought. By avoiding it, by winning the small prelims, we can push the rest back and delay it, but I fully expect this to end up before the supreme court.
Lawyers, this will be the Scopes trial for the 21st century, so if you want a name, be the pro-bono defendant for the 500 John Does et al. I hope to see one of the techno-lawyers from Steptoe & Johnson or the like step forth to take this on.
The ACLU made itself, almost accidentally, with the Scopes 'monkey' trial; the EFF can become what we all need and want it to be with this legal war.
I am confident that in the end, we will prevail--the law cannot hold too long nowadays in the complete absence of a reality behind it, and the reality is, once someone owns a piece of media, there's no way to prevent them from their fair use of that media. I just bought a Voodoo 3 3500 with the TV-out feature. I don't even need deCSS to copy my DVDs, just a correctly set-up VCR. Not why I bought it, I want to watch DVDs on my TV from my computer's player, but what are they gonna do? Add me to the Doe list because I own a VCR?
IIRC, one of the original reports after deCSS quoted MoRE as being frankly surprised that the keys were so weak (thank you, soon-to-be-dead extreme export restrictions!), and hadn't figured that bruteforcing the keyspace would be worthwhile.
Here's a gif graphic that has the code in the comment blocks:
the ribbon page
So, what does transmeta mean for the Oxygen project at MIT? I heard Deterzous' talk at RSA keynote on the handheld cellphone/palm-pilot/pager/etc.etc/ that links up to a stationary system (desktop)--I'd bet that the Crusoe will be the backbone behind Oxygen (I'd be surprised if there isn't some collusion already) and if not the Oxygen system, some decent portable connectivity device.
I'm saddened by the slow evaporaiton of sites that give you shell access. I can't code a page worth crap if I'm not in the ditches using pico (emacs flames directed to /dev/nul), reloading, fixing, reloading, etc. FTP'ing a page back and forth is a royal pain in the ass, and replicating a directory structure locally is as well, especially if you're working across platforms...
When I ask a hoster if they give shell access, they tend to have one of two responses, either, 'huh?' (...but these folks support frontpage extensions!) or 'Why, you a hacker?' [sic].
I recently had to find a home for GriffJon.com and settled on a small outfit called TranSonicNet. Linux and BSD servers (they're pretty security-conscious) with not-that-great uptime, but clued tech support with reasonable email reply-times. The price was right ($10/month), and the feature set is good. They claim unlimited bandwidth allowance, but I can't say for sure what really happens when you start chugging gigs through their servers.
This and the Hilton-space hotel will open up a new market. Not for space hotels, no, but for zero-g porn. sure, 40M is a bit over budget for most outfits, but think of the strength of the investment--the first, EVER, weightless porn flick. Anyone wanna join in a business venture??
...is that they regularly rank on Fox (Fox turned into a soft core porn channel so slowly..., killing the Fox censor for Treehouse X, the scene with Rupert Murdoch at the superbowl special, etc. etc.) regularly and are still touted by the network as a premiere show, and used to bouy up new shows like (yecch) Malcom in the Middle.
It feels to me like the point in Wizard of Oz after the house (DoJ) landed on one witch, they learn that there's another one still to go.
Seriously, tho, my first response to this was to see it as the obvious reply to the rumors of the split-up--leverage the top execs so that they are all at least somewhat experienced with the CEO seat before they get plopped into it. That, combined with Gates getting tired of being at the helm. All reliable reports I've heard is that it is true that he'd rather be in the trenches.
Whether that's a good thing or not, well...
...which has the added bonus of having the deCSS source code embedded in the comment blocks. I found it at savedvd.tripod.com. What a cool idea (hell, wish I'd thought of it)!
Dear DVD Copyright Control Association;
I wish to inquire of you how I may return my extensive collection of DVD movies I
have acquired over the past year. I no longer wish to possess them, despite their
vastly superior quality, number of options, and other market-changing,
market-creating attributes. I wish full refund of my movies, less a reasonable fee
collected because I have viewed them a few times each.
You see; I feel I can no longer, in good conscience as a law-abiding American
citizen view these wondrous disks legally on my computer system. Though I
bought or was given as a gift each DVD legally, as well as own legal copies of the
DVD hardware and decoding software from my computer manufacturer, I have
installed two components onto my computer since it was purchased that, I fear,
jeopardize the legality of viewing DVDs on it.
Most relevant, I possess a copy of deCSS, the program you are undoubtedly
familiar with that allows users to copy DVD movies from their handy DVD-ROM
disk into unwieldy, 6+ gigabtye files on their hard drives. I downloaded this
software in the hopes that it would enable me to view my copy of The Matrix more
fully, or enjoy DVD movies with fewer problems due to disk access errors. It has
proved far to cumbersome, however (I only have 3 gigabytes of free space, which
are rapidly becoming full with MP3s from MP3.com and from my own CD
collection (MP3s don't skip during dancing at parties, you see).
But furthermore, I have followed the slow progression of the production of a
reliable and hardware-independent Linux/*nix DVD Player. The other component
I have modified my computer with, you see, is a secondary hard drive from which
I can boot the Linux operating system instead of Windows. Ideally, I would like to
use Linux as my primary operating system.
Your recent letter to the LiVid (DVD for Linux) developers and the creative
programmers who released deCSS, however, has me concerned. It seems that
there is no possibility that any development in a Linux DVD player would be, by
your definition, using secret technologies via reverse engineering, despite the fact
that the CSS technique was not patented. I fear that because I wish to view DVDs
on Linux, and that any Linux implementation would be illegal, that I can no longer
in good conscience view DVDs on any Operating System running on my
computer-it is, after all, the same computer which could view them illegally in one
OS, so how could viewing the same DVD in the other OS be possibly legal? What
if I upgraded my Linux partition one day after a DVD solution had been reached,
possibly 'illegally', and accidentally entered into Linux, failed to recognize the
difference, and played a DVD of mine? I would fear that the police would be
knocking at my door instantaneously, and this time they wouldn't be asking me to
turn down my music (or which Jazz singer that was, anyway?). Having no recourse
to achieve my fair-use of the DVDs which I have purchased without entering into a
legal gray-area, I wish to return my discs and receive refunds for them.
Please indicate the shipping address to which they should be mailed, and when I
should expect reimbursement of their cost and the rather large cost of shipping my
substantial investment into what I had hoped would be a brave new world of
theatrical experiences.
Regretfully,
From the text of the doc at http://www.cdt.org/crypto/admin/000110cryptoregs.
More on MS docs being encrypted--that sends shivers down my spine. I can't count the number of times that Word at work or school has choked on a document (I had it crashing within 1 second of loading a file, repeatedly, once) that has required me to open the file up in a text editor and pick out the pieces to restructure them in a new file. If they started encrypting everything, hell. I've been threatening to do all my word processing in HTML for a while now. This would cause me to do so.
Call me paranoid, but I think that this relazing of export controls is built upon a better infrastructure at NSA to deal with encrypted documents, whether it be to only care about ciphertext from areas under investigation/suspicion or merely a more powerful set of computers to deal with low-bit-length keys and the expectation of having much better computers by the time the world adopts strong encryption as standard.
You might notice that my public key is 4096 bits...
...In the market for personal digital certificates, at least, because Verisign and others don't offer any certificate beyond the self-attested-via-email (Got hotmail?) class 1 certs. The first CA that offers these for a reasonable price will be rolling in the dough.
In the Site.Cert market, I've had excellent experiences with Entrust support and their certificates. Of course, Entrust Certs were signed by...Thawte...