1996-10-28 - Re: Secure Internet-based Electronic Commerce: The View from Outside the US
Header Data
From: “Nicolas J. Hammond” <njhm@ns.njh.com>
To: pgut001@cs.auckland.ac.nz
Message Hash: 140c0a2679e28d63ae34e24ec1a0779e75f230f9e08da8cf1f80606250a941b4
Message ID: <199610281736.MAA04140@ns.njh.com>
Reply To: <84648715026895@cs26.cs.auckland.ac.nz>
UTC Datetime: 1996-10-28 18:07:12 UTC
Raw Date: Mon, 28 Oct 1996 10:07:12 -0800 (PST)
Raw message
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Mon, 28 Oct 1996 10:07:12 -0800 (PST)
To: pgut001@cs.auckland.ac.nz
Subject: Re: Secure Internet-based Electronic Commerce: The View from Outside the US
In-Reply-To: <84648715026895@cs26.cs.auckland.ac.nz>
Message-ID: <199610281736.MAA04140@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain
pgut001@cs.auckland.ac.nz wrote ...
> I've just made a draft copy of this paper available for comment as
> http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is
> given below. The whole thing is around 170K long (40 A4 pages when printed).
> If anyone has any comments to make on it, please let me know.
>
> Peter.
1) "...the number of security problems inherent in SMTP are legendary"
Incorrect. SMTP is safe.
Some (most?) implementations of SMTP have not been safe.
There is a big distinction between the protocol and its implementation.
2) "C2...now being applied to networked single-user systems over
multiple windows (which may require different security levels)"
I'm not aware of anyone doing that - doesn't mean it's not happening -
just seems an unusual configuration.
Other than these nits seems a v. thoroughly researched paper.
> Introduction
> ------------
>
> [...]
>
> Because of well-publicized break-ins there has been a steadily increasing
> demand for encryption and related security measures to be included in software
> products. Unfortunately these measures often consist either of "voodoo
> security" techniques where security is treated as a marketing checkbox only,
> or are rendered ineffective by the US governments refusal to allow
> non-americans access to the same security measures which it allows its own
> citizens. Organisations employing such (in)security systems may make
> themselves liable for damages or losses incurred when they are compromised.
> This paper covers the issues of using weak, US government-approved security as
> well as problems with flawed security measures, examines some of the measures
> necessary to provide an adequate level of security, and then suggests several
> possible solutions.
In general you equare security with cryptography - which is fine -
but there are other tools that you need to use in addition to cryptography
to secure a system and network.
--
Nicolas Hammond NJH Security Consulting, Inc.
njhm@njh.com 211 East Wesley Road
404 262 1633 Atlanta
404 812 1984 (Fax) GA 30305-3774
Thread
Return to October 1996
- Return to “apache <apache@quux.apana.org.au>”
- Return to ““Nicolas J. Hammond” <njhm@ns.njh.com>”
- Return to “pclow <pclow@pc.jaring.my>”
Return to “pgut001@cs.auckland.ac.nz”
- 1996-10-28 (Sun, 27 Oct 1996 23:19:19 -0800 (PST)) - Secure Internet-based Electronic Commerce: The View from Outside the US - pgut001@cs.auckland.ac.nz
- 1996-10-28 (Mon, 28 Oct 1996 04:17:09 -0800 (PST)) - Re: Secure Internet-based Electronic Commerce: The View from Outside the US - pclow <pclow@pc.jaring.my>
- 1996-10-29 (Mon, 28 Oct 1996 20:37:48 -0800 (PST)) - Re: Secure Internet-based Electronic Commerce: The View from Outside the US - apache <apache@quux.apana.org.au>
- 1996-10-28 (Mon, 28 Oct 1996 10:07:12 -0800 (PST)) - Re: Secure Internet-based Electronic Commerce: The View from Outside the US - “Nicolas J. Hammond” <njhm@ns.njh.com>
- 1996-10-28 (Mon, 28 Oct 1996 04:17:09 -0800 (PST)) - Re: Secure Internet-based Electronic Commerce: The View from Outside the US - pclow <pclow@pc.jaring.my>