Discussion:
USA ID card for federal employees and contractors
(too old to reply)
Peter Tomlinson
2004-09-08 06:33:21 UTC
Permalink
In the US they have a Presidential Directive:

http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html

but in the UK...

I'm sure this will use the GSC-IS spec, which is the generalised version
of the spec for the military CAC. As reported before, it includes space
for the material facts from the card holder's personnel file.

Peter

"Homeland Security Presidential Directive/Hspd-12

Subject: Policy for a Common Identification Standard for Federal
Employees and Contractors

(1) Wide variations in the quality and security of forms of
identification used to gain access to secure Federal and other
facilities where there is potential for terrorist attacks need to be
eliminated. Therefore, it is the policy of the United States to enhance
security, increase Government efficiency, reduce identity fraud, and
protect personal privacy by establishing a mandatory, Government-wide
standard for secure and reliable forms of identification issued by the
Federal Government to its employees and contractors (including
contractor employees).

(2) To implement the policy set forth in paragraph (1), the Secretary
of Commerce shall promulgate in accordance with applicable law a Federal
standard for secure and reliable forms of identification (the
"Standard") not later than 6 months after the date of this directive in
consultation with the Secretary of State, the Secretary of Defense, the
Attorney General, the Secretary of Homeland Security, the Director of
the Office of Management and Budget (OMB), and the Director of the
Office of Science and Technology Policy. The Secretary of Commerce shall
periodically review the Standard and update the Standard as appropriate
in consultation with the affected agencies.

(3) "Secure and reliable forms of identification" for purposes of this
directive means identification that (a) is issued based on sound
criteria for verifying an individual employee's identity; (b) is
strongly resistant to identity fraud, tampering, counterfeiting, and
terrorist exploitation; (c) can be rapidly authenticated electronically;
and (d) is issued only by providers whose reliability has been
established by an official accreditation process. The Standard will
include graduated criteria, from least secure to most secure, to ensure
flexibility in selecting the appropriate level of security for each
application.

(4) Not later than 4 months following promulgation of the Standard,
the heads of executive departments and agencies shall have a program in
place to ensure that identification issued by their departments and
agencies to Federal employees and contractors meets the Standard." ...

<snip>
and

" (6) This directive shall be implemented in a manner consistent with
the Constitution and applicable laws, including the Privacy Act (5
U.S.C. 552a) and other statutes protecting the rights of Americans."
Roland Perry
2004-09-08 07:01:44 UTC
Permalink
Post by Peter Tomlinson
I'm sure this will use the GSC-IS spec, which is the generalised
version of the spec for the military CAC
"By March 2004, five years since the origin of the project, 4.5
million CACs will have been issued to DoD employees, military
personal, and civilian contractors. A number of large military
facilities are successfully using the CAC in conjunction with
access control systems developed by AMAG Technology specifically
for federal applications."

With apparently a big deployment in the Pentagon; developed and
manufactured by Group 4 in Tewkesbury, UK.
--
Roland Perry
Peter Tomlinson
2004-09-08 07:59:18 UTC
Permalink
Activcard is another company (originally French, I believe, but now
firmly international) heavily involved in the CAC, particularly in the
systems for issuing cards and managing the card population. And I keep
seeing quotes from press releases issued by numerous companies saying
they have won a slice of the action.

Because the CAC was developed in conjunction with mutiple suppliers,
there is interchangeability of components and systems. Also there is a
guaranteed market. The same should happen with the federal card. (Not
that CAC deployment has been without interoperability problems or
without difficulty handling the growing hot-list of lost and blocked cards.)

Peter
Post by Roland Perry
Post by Peter Tomlinson
I'm sure this will use the GSC-IS spec, which is the generalised
version of the spec for the military CAC
"By March 2004, five years since the origin of the project, 4.5
million CACs will have been issued to DoD employees, military
personal, and civilian contractors. A number of large military
facilities are successfully using the CAC in conjunction with
access control systems developed by AMAG Technology specifically
for federal applications."
With apparently a big deployment in the Pentagon; developed and
manufactured by Group 4 in Tewkesbury, UK.
Roland Perry
2004-09-08 08:47:04 UTC
Permalink
(Not that CAC deployment has been without interoperability problems or
without difficulty handling the growing hot-list of lost and blocked cards.)
I find it encouraging when we discover these large roll-out programmes,
as they will serve to debug the technology *ahead* of a mass deployment
of UK ID cards. Some will be hoping that bugs are insuperable, I'm sure.
But it's far from the green field that is often suggested (and is to
some extent implied by the Home Office trial).
--
Roland Perry
Peter Tomlinson
2004-09-08 09:11:05 UTC
Permalink
There are several European smart ID card deployments (some just
voluntary add-ons to existing methods), both inside and outside the EU,
all different in their technology and attitude to the scope and type of
data stored on the cards. Certainly my current experience of talking to
UK public sector people in or knowing about the central spending depts
and agencies is that, in the big monolithic projects, their eyes are
firmly on the grounds of their own projects. The smaller projects and
the distributed projects are the ones to watch.

eGU (successor to OeE) has let a small contract to collect info about
all public sector e-Gov work.

Peter
Post by Roland Perry
(Not that CAC deployment has been without interoperability problems or
without difficulty handling the growing hot-list of lost and blocked cards.)
I find it encouraging when we discover these large roll-out programmes,
as they will serve to debug the technology *ahead* of a mass deployment
of UK ID cards. Some will be hoping that bugs are insuperable, I'm sure.
But it's far from the green field that is often suggested (and is to
some extent implied by the Home Office trial).
Ian Johnson
2004-09-08 09:32:36 UTC
Permalink
Post by Roland Perry
I find it encouraging when we discover these large roll-out programmes,
as they will serve to debug the technology *ahead* of a mass deployment
of UK ID cards. Some will be hoping that bugs are insuperable, I'm sure.
Different sorts of bugs I would think. Issuing people cards *they want*
has a totally different threat model to ID cards. Firstly people
aren't going to be deliberately losing or damaging them, secondly the
incentive to criminals to fake a national ID card would be very high.

Regards,

Ian
--
Ian Johnson Tel : +44 117 344 3167
Faculty of CEMS, UWE Bristol Email: irj-***@public.gmane.org
Frenchay Campus, Bristol. BS16 1QY. UK.
Roland Perry
2004-09-08 09:37:41 UTC
Permalink
Post by Ian Johnson
Post by Roland Perry
I find it encouraging when we discover these large roll-out programmes,
as they will serve to debug the technology *ahead* of a mass deployment
of UK ID cards. Some will be hoping that bugs are insuperable, I'm sure.
Different sorts of bugs I would think. Issuing people cards *they want*
has a totally different threat model to ID cards.
Although the UK ID cards will be piggy-backed on people who *want* a
driving licence or a passport.
Post by Ian Johnson
Firstly people aren't going to be deliberately losing or damaging them,
See above.
Post by Ian Johnson
secondly the
incentive to criminals to fake a national ID card would be very high.
Whereas terrorists have no incentive to forge a card to get into a US
military (and now federal) site?
--
Roland Perry
Ian Johnson
2004-09-08 10:26:06 UTC
Permalink
Post by Roland Perry
Although the UK ID cards will be piggy-backed on people who *want* a
driving licence or a passport.
It's very rare I need either. I tend to only need my passport in
August,
and I can't remember the last time I needed my driving licence.
Post by Roland Perry
Post by Ian Johnson
Firstly people aren't going to be deliberately losing or damaging them,
See above.
What happens will depend on the system that is imposed, what happens if
an electronic passport is non-functioning? how quickly and at what cost
can they be replaced?
Post by Roland Perry
Post by Ian Johnson
secondly the
incentive to criminals to fake a national ID card would be very high.
Whereas terrorists have no incentive to forge a card to get into a US
military (and now federal) site?
The motivation and numbers are probably very different. Career
criminals
for example are almost certainly more numerous and tend to want to
continue
to live.

Regards,

Ian
--
Ian Johnson Tel : +44 117 344 3167
Faculty of CEMS, UWE Bristol Email: irj-***@public.gmane.org
Frenchay Campus, Bristol. BS16 1QY. UK.
Roland Perry
2004-09-08 15:19:39 UTC
Permalink
Post by Ian Johnson
Post by Roland Perry
Although the UK ID cards will be piggy-backed on people who *want* a
driving licence or a passport.
It's very rare I need either. I tend to only need my passport in
August, and I can't remember the last time I needed my driving licence.
What I forgot to add was that this would mop up perhaps 80% of the
population. The other 20% will at least be joining a scheme that's
running smoothly by then.
Post by Ian Johnson
Post by Roland Perry
Post by Ian Johnson
Firstly people aren't going to be deliberately losing or damaging them,
See above.
What happens will depend on the system that is imposed, what happens if
an electronic passport is non-functioning? how quickly and at what cost
can they be replaced?
We've done the replacement thing to death already. Should be a trip to
the nearest High Street and a thumbprint.
Post by Ian Johnson
Post by Roland Perry
Post by Ian Johnson
secondly the
incentive to criminals to fake a national ID card would be very high.
Whereas terrorists have no incentive to forge a card to get into a US
military (and now federal) site?
The motivation and numbers are probably very different. Career
criminals for example are almost certainly more numerous and tend to
want to continue to live.
Yes, I agree that there will be an element of arms race in this. There
always is.
--
Roland Perry
Ian Johnson
2004-09-08 15:56:29 UTC
Permalink
Post by Roland Perry
Post by Ian Johnson
What happens will depend on the system that is imposed, what happens if
an electronic passport is non-functioning? how quickly and at what cost
can they be replaced?
We've done the replacement thing to death already. Should be a trip to
the nearest High Street and a thumbprint.
I think you missed my point. if HMG offers free replacement in the high
street
(which I feel they should) mine will need replacing *at least* daily,
I'm very careless you see :)

Lets say my passport had undergone several very severe thermal shocks. I
turn
up to board a flight with it, but the chip is non functioning - what
happens
if this is the case for say, half the passengers?

My real point was supportive and cooperative users versus a significant
number
who if offered a spanner will throw it in the works.

Ian
--
Ian Johnson Tel : +44 117 344 3167
Faculty of CEMS, UWE Bristol Email: irj-***@public.gmane.org
Frenchay Campus, Bristol. BS16 1QY. UK.
Owen Lewis
2004-09-08 17:15:21 UTC
Permalink
-----Original Message-----
Sent: 08 September 2004 16:56
Subject: Re: USA ID card for federal employees and contractors
Lets say my passport had undergone several very severe thermal shocks. I
turn
up to board a flight with it, but the chip is non functioning - what
happens
if this is the case for say, half the passengers?
Then you - or half the passengers will miss your flight. This will
inconvenience you/them but not the other passengers nor the airline.
My real point was supportive and cooperative users versus a significant
number
who if offered a spanner will throw it in the works.
Nah. You'll have to come up with something better.

BTW, you make the argument well for ensuring that replacements are issued
only at full cost. Personally, I can't see any reasonable option to that
but, if only for the presentational advantages, I think that the initial
card issue really should be made 'free of charge'. Of course as we all know
nothing in life is free but central funding of the initial issue of all
cards would be a smart move methinks.

Owen
Roland Perry
2004-09-08 18:31:31 UTC
Permalink
Post by Owen Lewis
BTW, you make the argument well for ensuring that replacements are issued
only at full cost. Personally, I can't see any reasonable option to that
but, if only for the presentational advantages, I think that the initial
card issue really should be made 'free of charge'. Of course as we all know
nothing in life is free but central funding of the initial issue of all
cards would be a smart move methinks.
Once again, let's look at historical precedent rather than merely
speculating. Look at things like the cost of replacing an existing card
driving licence in various jurisdictions (in the UK, address changes are
free, but a lost card is £19). Or replacing a railway season ticket
(free, but three strikes and you are out).
--
Roland Perry
Owen Lewis
2004-09-08 19:25:07 UTC
Permalink
-----Original Message-----
Sent: 08 September 2004 19:32
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
BTW, you make the argument well for ensuring that replacements are issued
only at full cost. Personally, I can't see any reasonable option to that
but, if only for the presentational advantages, I think that the initial
card issue really should be made 'free of charge'. Of course as
we all know
Post by Owen Lewis
nothing in life is free but central funding of the initial issue of all
cards would be a smart move methinks.
Once again, let's look at historical precedent rather than merely
speculating. Look at things like the cost of replacing an existing card
driving licence in various jurisdictions (in the UK, address changes are
free, but a lost card is £19). Or replacing a railway season ticket
(free, but three strikes and you are out).
So what point is it you wish to make? Is there some central thread in that
collection?

Owen
Roland Perry
2004-09-08 20:07:52 UTC
Permalink
Post by Owen Lewis
Post by Roland Perry
Post by Owen Lewis
nothing in life is free but central funding of the initial issue of all
cards would be a smart move methinks.
Once again, let's look at historical precedent rather than merely
speculating. Look at things like the cost of replacing an existing card
driving licence in various jurisdictions (in the UK, address changes are
free, but a lost card is £19). Or replacing a railway season ticket
(free, but three strikes and you are out).
So what point is it you wish to make? Is there some central thread in that
collection?
You suggested a free "initial issue", but this seems unlikely given the
current initial issue costs of passport and driving licence, and the
passport agency is run as a cost centre (with costs predicted to
increase as biometrics are introduced).

Certain kinds of replacement are currently free (for example the lost
season ticket or the UK-DL change of address) and others seem to have an
element of "fine" about them (losing your counterpart or card licence
are both as bad as one another at £19 - seems a bit steep for a piece of
A4). Replacing a lost UK passport seems to cost as much as a new one,
and requires a new application as well as the form 'fessing up to the
loss.

Over the water in the USA, a change of DL address is free once every 4
years, and more frequent moves or lost licences cost $15. A lost or
stolen USA Green Card is a stunning $185, and after naturalisation,
don't lose your certificate because that's $210 to replace.

So, on balance, I think that a replacement for a lost UK-ID might well
cost in the region of £20, with initial issue predicted to be somewhat
higher than current passport or DL fees.
--
Roland Perry
Owen Lewis
2004-09-08 21:08:09 UTC
Permalink
-----Original Message-----
Sent: 08 September 2004 21:08
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Post by Roland Perry
Post by Owen Lewis
nothing in life is free but central funding of the initial
issue of all
Post by Owen Lewis
Post by Roland Perry
Post by Owen Lewis
cards would be a smart move methinks.
Once again, let's look at historical precedent rather than merely
speculating. Look at things like the cost of replacing an existing card
driving licence in various jurisdictions (in the UK, address
changes are
Post by Owen Lewis
Post by Roland Perry
free, but a lost card is £19). Or replacing a railway season ticket
(free, but three strikes and you are out).
So what point is it you wish to make? Is there some central
thread in that
Post by Owen Lewis
collection?
You suggested a free "initial issue", but this seems unlikely given the
current initial issue costs of passport and driving licence, and the
passport agency is run as a cost centre (with costs predicted to
increase as biometrics are introduced).
The point is that if issue is to be mandatory then it'd sugar the pill for
some if the issue was 'free'. Forty quid to someone whose only income is
sixty-five a week is a near back-breaking sum to be told you *have* to
spend. OTOH for those on a daily fee rate of a thousand it's no more than
another round of drinks. Zo eeesily zey forget, nie?

Of course it'd not be free but that's beside the point. No one (normally)
insists that you buy a passport of a driving licence and therefore your
comparison is not good. N.B for those who *are* required to acquire either
or both of passport and driving licence, issue *is* free in my experience.


Owen
Roland Perry
2004-09-08 21:19:54 UTC
Permalink
Post by Owen Lewis
The point is that if issue is to be mandatory then it'd sugar the pill for
some if the issue was 'free'.
Yes, I understand that, but unless the issuing agencies are completely
re-financed (so ask Gordon Brown for money) it won't happen.
Post by Owen Lewis
No one (normally)
insists that you buy a passport of a driving licence and therefore your
comparison is not good. N.B for those who *are* required to acquire either
or both of passport and driving licence, issue *is* free in my experience.
I've been required to get or keep (ie re-new when required) both by
various employers. There's never been any suggestion that I could recoup
the cost.
--
Roland Perry
Owen Lewis
2004-09-09 09:01:12 UTC
Permalink
-----Original Message-----
Sent: 08 September 2004 22:20
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
No one (normally)
insists that you buy a passport of a driving licence and therefore your
comparison is not good. N.B for those who *are* required to
acquire either
Post by Owen Lewis
or both of passport and driving licence, issue *is* free in my
experience.
I've been required to get or keep (ie re-new when required) both by
various employers. There's never been any suggestion that I could recoup
the cost.
I suggest that all you have been required to do is to decide to purchase one
or both of those documents or to change/refuse that employment. This is just
not the same are being told unconditionally that you *must* possess these
items.

In cases such are yours, I suggest that you are offered a contract of
employment that has certain terms and conditions. Amongst these may be a
requirement, express or implied, to possess and maintain a passport and/or a
driving licence. I suggest to you that if you take such employment you do so
having decided that the emoluments offered with the package are sufficient
to re-imburse you fully for the expense of these personal outgoings. If the
possession of these documents were not stipulated in your contract, either
expressly or by reasonable implication, then your employer needs to
reimburse you for these expenses (by one means or another) if, later, this
requirement is placed upon you.

Surely, you agree?

Owen
--
Roland Perry
Roland Perry
2004-09-09 09:17:08 UTC
Permalink
Post by Owen Lewis
Post by Roland Perry
I've been required to get or keep (ie re-new when required) both by
various employers. There's never been any suggestion that I could recoup
the cost.
I suggest that all you have been required to do is to decide to purchase one
or both of those documents or to change/refuse that employment.
Oh please! That's a bankrupt argument usually heard from single young
men with highly portable job skills working in a market where they'll be
snapped up overnight. Not everyone fits that description.
Post by Owen Lewis
This is just not the same are being told unconditionally that you
*must* possess these items.
Plenty of job descriptions include "must have [clean] driving licence"
and "some element of foreign travel is involved".
Post by Owen Lewis
In cases such are yours, I suggest that you are offered a contract of
employment that has certain terms and conditions. Amongst these may be a
requirement, express or implied, to possess and maintain a passport and/or a
driving licence. I suggest to you that if you take such employment you do so
having decided that the emoluments offered with the package are sufficient
to re-imburse you fully for the expense of these personal outgoings.
In which case, please explain what you meant by:

N.B for those who *are* required to acquire either or both of
passport and driving licence, issue *is* free in my experience.
--
Roland Perry
Owen Lewis
2004-09-09 10:38:09 UTC
Permalink
-----Original Message-----
Sent: 09 September 2004 10:17
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Post by Roland Perry
I've been required to get or keep (ie re-new when required) both by
various employers. There's never been any suggestion that I
could recoup
Post by Owen Lewis
Post by Roland Perry
the cost.
I suggest that all you have been required to do is to decide to
purchase one
Post by Owen Lewis
or both of those documents or to change/refuse that employment.
Oh please! That's a bankrupt argument usually heard from single young
men with highly portable job skills working in a market where they'll be
snapped up overnight. Not everyone fits that description.
I see no argument bur an observation of fact.
Post by Owen Lewis
This is just not the same are being told unconditionally that you
*must* possess these items.
Plenty of job descriptions include "must have [clean] driving licence"
and "some element of foreign travel is involved".
Post by Owen Lewis
In cases such are yours, I suggest that you are offered a contract of
employment that has certain terms and conditions. Amongst these may be a
requirement, express or implied, to possess and maintain a
passport and/or a
Post by Owen Lewis
driving licence. I suggest to you that if you take such
employment you do so
Post by Owen Lewis
having decided that the emoluments offered with the package are
sufficient
Post by Owen Lewis
to re-imburse you fully for the expense of these personal outgoings.
N.B for those who *are* required to acquire either or both of
passport and driving licence, issue *is* free in my experience.
To my knowledge certain govt servants. For example, possession of either a
passport or a driving licence, clean or otherwise, are a prerequisite for
induction into military service but may become requisite at some time
thereafter, according to the 'exigencies of the Service'

It used to be (and may well still be) that joining the Armed Services was
the only route to possession of an HGV1 licence at age 17.5. Serve a three
year hitch and come out as a highly employable HGV1 driver with three years
experience and, quite possibly, some supervisory qualification and
experience to boot (one of those young men with 'highly portable job skills'
you were talking about) and at an age when your civvie contemporaries have a
further six months to wait before they can even begin HGV1 training and get
wet behind the ears.

And, AFAIK, *no one* has ever paid for a diplomatic passport. ISTR too that
ordinary passports are also free issue to all govt servants required to live
overseas. In most cases, they'd be paid rather less than you though :-)

Swings and roundabouts?

Owen
Roland Perry
2004-09-09 15:31:23 UTC
Permalink
Post by Owen Lewis
Post by Owen Lewis
Post by Owen Lewis
I suggest that all you have been required to do is to decide to
purchase one
Post by Owen Lewis
or both of those documents or to change/refuse that employment.
Oh please! That's a bankrupt argument usually heard from single young
men with highly portable job skills working in a market where they'll be
snapped up overnight. Not everyone fits that description.
I see no argument bur an observation of fact.
It's a fact that I can jump in front of a train. Doesn't make it very
practical way of conducting my life.
Post by Owen Lewis
Post by Owen Lewis
N.B for those who *are* required to acquire either or both of
passport and driving licence, issue *is* free in my experience.
To my knowledge certain govt servants.
Oh, so they don't get to make this choice between a job and
unemployment, how nice of the taxpayer to stump up for their Driving
Licence and Passports.
Post by Owen Lewis
In most cases, they'd be paid rather less than you though :-)
Currently they'd be paid rather more.
--
Roland Perry
Owen Lewis
2004-09-10 09:22:12 UTC
Permalink
-----Original Message-----
Sent: 09 September 2004 16:31
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Post by Owen Lewis
Post by Owen Lewis
I suggest that all you have been required to do is to decide to
purchase one
Post by Owen Lewis
or both of those documents or to change/refuse that employment.
Oh please! That's a bankrupt argument usually heard from single young
men with highly portable job skills working in a market where
they'll be
Post by Owen Lewis
Post by Owen Lewis
snapped up overnight. Not everyone fits that description.
I see no argument bur an observation of fact.
It's a fact that I can jump in front of a train. Doesn't make it very
practical way of conducting my life.
Well, if you choose to cast yourself as a wage-slave in one of Gradgrind's
mills, that is surely your privilege,
Post by Owen Lewis
Post by Owen Lewis
N.B for those who *are* required to acquire either or both of
passport and driving licence, issue *is* free in my experience.
To my knowledge certain govt servants.
Oh, so they don't get to make this choice between a job and
unemployment,
Well, not on the basis of whether they possess a driving licence and
passport anyway. However, lack of a birth certificate can be somewhat of a
stumbling block, though not an insuperable one.
how nice of the taxpayer to stump up for their Driving
Licence and Passports.
Tsk tsk... are you *sure* you want to be a Euro-MP? :) The truth of course
is that govt, rightly, does not expect, its servants to subsidise the public
exchequer by the private purchase of any document prerequisite to the
performance of some public service that, through one of its departments, it
has itself ordered.

This type of practise is by no means unique to govt service; a whole range
of industries either pay the total or else heavily subsidise the acquisition
of documents necessary to perform some duty on their behalf. PSV licences
are one example and commercial pilots' licences may be another

In the case of those who are required to live abroad, there are relocation
packages. In the case of those not required to take up residency abroad but
merely to travel frequently, there are reasonable travel allowances. Now, if
you would like to show that the cost of the requisite passport cannot be
comfortably covered within the average relocation package or within (say) a
year's overseas travel allowances, I'll listen with sympathy.

Owen
Roland Perry
2004-09-10 10:16:00 UTC
Permalink
Now, if you would like to show that the cost of the requisite passport
cannot be comfortably covered within the average relocation package or
within (say) a year's overseas travel allowances, I'll listen with
sympathy.
My own experience, in the commercial sector, of needing to go abroad on
business was that all my travel and hotel costs were paid, and any food
at cost on production of receipts. Everything else, including any vague
"allowance", or overtime, or the cost of getting a passport [1] was up
to me (although on consideration I think the company probably paid for
my USA Visa). You might say that my employer was less considerate than
the public sector appears to be. You could be right. There are many
factors to take into account when selecting (or changing) employment,
but I get irritated when people make flippant remarks as if it was
something you could do on a whim with little financial implication.

[1] I distinctly remember having to go to the old passport office in
Peterborough. If it had been a company expense we'd have done it via the
travel agents, like we did the Visa.
--
Roland Perry
Roland Perry
2004-09-08 18:23:55 UTC
Permalink
Post by Ian Johnson
Post by Roland Perry
Post by Ian Johnson
What happens will depend on the system that is imposed, what happens if
an electronic passport is non-functioning? how quickly and at what cost
can they be replaced?
We've done the replacement thing to death already. Should be a trip to
the nearest High Street and a thumbprint.
I think you missed my point. if HMG offers free replacement in the high
street (which I feel they should) mine will need replacing *at least*
daily, I'm very careless you see :)
I think you'll get very tired of doing that.
Post by Ian Johnson
Lets say my passport had undergone several very severe thermal shocks.
I turn up to board a flight with it, but the chip is non functioning -
what happens if this is the case for say, half the passengers?
The existing card rollouts that keep cropping up are the places to
discover what causes the hardware to fail. The 5 million USA DoD
workers, for example. How often a passenger gets denied boarding will no
doubt be a fundamental parameter for a combined passport/ID card; ask
the places that are deploying them, including several ones that are
electronic.
Post by Ian Johnson
My real point was supportive and cooperative users versus a significant
number who if offered a spanner will throw it in the works.
You'd find yourself denied the opportunity to do various things. Whether
that matters to you is another matter.
--
Roland Perry
Ian G Batten
2004-09-09 07:30:38 UTC
Permalink
Post by Ian Johnson
I think you missed my point. if HMG offers free replacement in the high
street
Aside from anything else, with the decline in the number of crown post
offices and a desire by government to fund other programmes by slimming
down the civil service, which arm of government has a branch in every
high street and can cope with this sort of work? And Blunkett is
building a poll tax on a small card anyway, because for many people
(rural, highlands and islands, sink estates) even the ``nearest'' high
street is a difficult journey logistically and/or financially. I want
to watch Blunkett, man of the people, telling a house bound pensioner in
a small highland village that unless she gets herself to Inverness her
pension will be cut off. But then, what's the interests of individuals
as compared to the grandeur of the Home Office?

ian
Roland Perry
2004-09-09 07:59:58 UTC
Permalink
Post by Ian G Batten
Aside from anything else, with the decline in the number of crown post
offices and a desire by government to fund other programmes by slimming
down the civil service, which arm of government has a branch in every
high street and can cope with this sort of work? And Blunkett is
building a poll tax on a small card anyway, because for many people
(rural, highlands and islands, sink estates) even the ``nearest'' high
street is a difficult journey logistically and/or financially. I want
to watch Blunkett, man of the people, telling a house bound pensioner in
a small highland village that unless she gets herself to Inverness her
pension will be cut off. But then, what's the interests of individuals
as compared to the grandeur of the Home Office?
These are all interesting practical issues. I look at what's happened
elsewhere (stop me if you've heard that line before). The State of
Georgia has regions that are probably sparser populated than the
highlands, and is about the size of England (200 miles E/W, 300 miles
N/S) but there's a requirement to issue drivers licenses. They've
achieved that by having over a hundred locations where they've installed
the facilities they need. The one I went to was like a sub-postoffice
tacked onto the side of a highway patrol depot.

By analogy the UK-ID cards could be issued (say) anywhere there is a
municipal library, including the travelling ones. Perhaps not all of
them would be manned five days a week in outlying areas, rather like the
libraries! But people cope. And iirc there were proposed age limits, and
no politician is going to make a martyr of the sort of case you
describe.
--
Roland Perry
Ian G Batten
2004-09-09 18:06:11 UTC
Permalink
Post by Roland Perry
N/S) but there's a requirement to issue drivers licenses. They've
achieved that by having over a hundred locations where they've installed
the facilities they need. The one I went to was like a sub-postoffice
tacked onto the side of a highway patrol depot.
The more places you can have a card issued, the more people there are
who can be suborned into issuing fake ones, of course. In Blunkett's
``one card to bind them all'' world, acquisition of a false ID card is
probably more powerful than a false State of Georgia driver's license,
and now you're devolving the power to issue them to large numbers of
lightly trained, lightly motivated, lightly cleared people. How skilled
will they be as document examiners, for example? What threat can be
used to keep them honest, as the ID-card business will be but a tiny
part of their commerce?
Post by Roland Perry
By analogy the UK-ID cards could be issued (say) anywhere there is a
municipal library, including the travelling ones. Perhaps not all of
Libraries are, of course, being closed with monotonous regularity. And
are they the right people to do the document examining, iris prints,
etc?
Post by Roland Perry
them would be manned five days a week in outlying areas, rather like the
libraries! But people cope. And iirc there were proposed age limits, and
no politician is going to make a martyr of the sort of case you
describe.
Why not? Blunkett couldn't give a toss about anyone but himself.

ian
Roland Perry
2004-09-09 19:34:24 UTC
Permalink
Post by Ian G Batten
Post by Roland Perry
N/S) but there's a requirement to issue drivers licenses. They've
achieved that by having over a hundred locations where they've installed
the facilities they need. The one I went to was like a sub-postoffice
tacked onto the side of a highway patrol depot.
The more places you can have a card issued, the more people there are
who can be suborned into issuing fake ones, of course. In Blunkett's
``one card to bind them all'' world, acquisition of a false ID card is
probably more powerful than a false State of Georgia driver's license,
and now you're devolving the power to issue them to large numbers of
lightly trained, lightly motivated, lightly cleared people. How skilled
will they be as document examiners, for example? What threat can be
used to keep them honest, as the ID-card business will be but a tiny
part of their commerce?
Librarians tend to be honest people to start off with, but putting that
aside; yes there are challenges in getting the issuing process both
distributed enough and also rigorous enough. But given that it has to be
distributed, the threat model (remember them) can be developed to give
the required amount of rigor. Or if that's impossible, people will have
to think again.
Post by Ian G Batten
Post by Roland Perry
By analogy the UK-ID cards could be issued (say) anywhere there is a
municipal library, including the travelling ones. Perhaps not all of
Libraries are, of course, being closed with monotonous regularity. And
are they the right people to do the document examining, iris prints,
etc?
The library closure issue has been covered in my discussion with David.
And I think Irises will turn out to be a red herring, partly because of
this very issue that the biometric needs to be pretty foolproof. (But if
they didn't at least *try* irises, everyone would nag them about it.)
Post by Ian G Batten
Post by Roland Perry
them would be manned five days a week in outlying areas, rather like the
libraries! But people cope. And iirc there were proposed age limits, and
no politician is going to make a martyr of the sort of case you
describe.
Why not? Blunkett couldn't give a toss about anyone but himself.
Whatever you think about the individuals involved, the process will be
discredited if it's not run smoothly enough. That gives those whose job
it is to invent the processes enough incentive, I think.
--
Roland Perry
Ian G Batten
2004-09-10 07:53:29 UTC
Permalink
Post by Roland Perry
Librarians tend to be honest people to start off with, but putting that
They also tend to be badly paid, and the most honest of men can be
tempted by paying their mortgage off. And they may also have families,
and the most honest of men may be `tempted' by the threat of having
their children harmed. Lone workers with high-value goods are a health
and safety nightmare.

Aside from anything else, I can't believe that any remotely rigourous
will permit the issuing of cards under sole control. Which immediately
doubles the running costs of the libraries you're proposing to use.
Post by Roland Perry
Whatever you think about the individuals involved, the process will be
discredited if it's not run smoothly enough. That gives those whose job
it is to invent the processes enough incentive, I think.
Why? Involvement in a government IT disaster doesn't appear to carry
any penalities for the political, civil service or industry parties
involved.

ian
Roland Perry
2004-09-10 09:03:17 UTC
Permalink
Post by Ian G Batten
Post by Roland Perry
Librarians tend to be honest people to start off with, but putting that
They also tend to be badly paid, and the most honest of men can be
tempted by paying their mortgage off. And they may also have families,
and the most honest of men may be `tempted' by the threat of having
their children harmed. Lone workers with high-value goods are a health
and safety nightmare.
Well, we all know you have a very poor impression of almost every
profession. Is there anyone at all who meets your standards?
Post by Ian G Batten
Post by Roland Perry
Whatever you think about the individuals involved, the process will be
discredited if it's not run smoothly enough. That gives those whose job
it is to invent the processes enough incentive, I think.
Why? Involvement in a government IT disaster doesn't appear to carry
any penalities for the political, civil service or industry parties
involved.
Those IT disasters don't impact the man in the street going about his
normal business. The closest it cam was perhaps the CSA, where lots of
(but not quite enough) ordinary people became drawn into the mess and
decided to protest.
--
Roland Perry
Ian G Batten
2004-09-10 10:12:35 UTC
Permalink
Post by Roland Perry
Post by Ian G Batten
Post by Roland Perry
Librarians tend to be honest people to start off with, but putting that
They also tend to be badly paid, and the most honest of men can be
tempted by paying their mortgage off. And they may also have families,
and the most honest of men may be `tempted' by the threat of having
their children harmed. Lone workers with high-value goods are a health
and safety nightmare.
Well, we all know you have a very poor impression of almost every
profession. Is there anyone at all who meets your standards?
That's not a low opinion, that's a fact of _all_ human beings.

I do an annual lecture at my former university, and one year I covered,
inter alia, the topic of risk assessment and of deploying resources
suitably. There's no point in spending millions on physical security
when staff will hand over documents for a few grand, so you need to
ensure that you have internal processes in place to minimise the spread
of valuable material. I said that although I've never been offered
money, I would be surprised if I weren't tempted to hand over, say, ASIC
designs, for a suitable sum of money.

I got phoned up a couple of days later by my former tutor, who had been
told be the head of school to tell me off for displaying such low
morals. Bob was suitably sheepish about the proceedings and I couldn't
be bothered to argue.

If you believe there's a profession which, to a man and woman, cannot be
convinced to do what a bad person wants by a combination of (a) money
and (b) their spouse screaming in agony as their legs are broken then I
have some bridges to sell you.
Post by Roland Perry
Those IT disasters don't impact the man in the street going about his
normal business. The closest it cam was perhaps the CSA, where lots of
(but not quite enough) ordinary people became drawn into the mess and
decided to protest.
And did anyone responsible for the CSA disaster get sanctioned? No.

ian
Roland Perry
2004-09-10 10:20:00 UTC
Permalink
Post by Ian G Batten
And did anyone responsible for the CSA disaster get sanctioned?
I'm fairly sure the head of agency was given a dishonourable discharge.
Who knows what happened further down the pecking order.
--
Roland Perry
Brian Morrison
2004-09-10 18:12:23 UTC
Permalink
On Fri, 10 Sep 2004 11:20:00 +0100 in
Post by Roland Perry
Post by Ian G Batten
And did anyone responsible for the CSA disaster get sanctioned?
I'm fairly sure the head of agency was given a dishonourable
discharge. Who knows what happened further down the pecking order.
So invisible sanctions are effective at letting the taxpayer know their
cash is being spent wisely? These sanctions should have been very
public.
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Roland Perry
2004-09-11 08:44:19 UTC
Permalink
Post by Brian Morrison
Post by Roland Perry
I'm fairly sure the head of agency was given a dishonourable
discharge. Who knows what happened further down the pecking order.
So invisible sanctions are effective at letting the taxpayer know their
cash is being spent wisely? These sanctions should have been very
public.
I agree.
--
Roland Perry
David Hansen
2004-09-10 11:07:07 UTC
Permalink
Post by Ian G Batten
If you believe there's a profession which, to a man and woman, cannot be
convinced to do what a bad person wants by a combination of (a) money
and (b) their spouse screaming in agony as their legs are broken then I
have some bridges to sell you.
When I worked in the building industry a very wise quantity surveyor
and I had a long discussion about preventing fraud with one of our
internal auditors. The QS's view was simple and this is it almost word
for word. "Everyone has their price. My price is much higher than the
value of the contracts I award and sign off on my own."
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
David Hansen
2004-09-10 10:25:48 UTC
Permalink
Post by Roland Perry
Well, we all know you have a very poor impression of almost every
profession. Is there anyone at all who meets your standards?
As I went to college at one of the few places that does library studies
it might be worth setting the record straight. The people you see in
the public parts of libraries are mostly not professional librarians
(or whatever the name is this week), who are relatively well paid.
Rather they are generally the less well trained and less well paid
library assistants. Without wishing to detract from the library
assistants' many skills they are the equivalent of lowly clerks in
whatever the DHSS is called this week. Many of the former have left the
library service for better jobs elsewhere.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-10 10:35:51 UTC
Permalink
Post by David Hansen
Post by Roland Perry
Well, we all know you have a very poor impression of almost every
profession. Is there anyone at all who meets your standards?
As I went to college at one of the few places that does library studies
it might be worth setting the record straight. The people you see in
the public parts of libraries are mostly not professional librarians
(or whatever the name is this week), who are relatively well paid.
Rather they are generally the less well trained and less well paid
library assistants. Without wishing to detract from the library
assistants' many skills they are the equivalent of lowly clerks in
whatever the DHSS is called this week. Many of the former have left the
library service for better jobs elsewhere.
We seem to be converging on the view that there is no-one capable of
issuing anything. So we have driving examiners who give a "pass" to
avoid being beaten up and Post Offices routinely giving out tax disks to
people with no insurance because they've been slipped a tenner. What a
state we are in.
--
Roland Perry
Ian G Batten
2004-09-10 11:12:53 UTC
Permalink
Post by Roland Perry
We seem to be converging on the view that there is no-one capable of
issuing anything. So we have driving examiners who give a "pass" to
avoid being beaten up
http://news.bbc.co.uk/1/hi/england/london/3404333.stm

Tends to make the point that driving examiners don't check photographs
terribly carefully.
Post by Roland Perry
and Post Offices routinely giving out tax disks to
people with no insurance because they've been slipped a tenner.
I don't know how often this happens. I know someone who once got an MoT
certificate by mail order.

ian
Roland Perry
2004-09-10 11:22:56 UTC
Permalink
Post by Ian G Batten
Post by Roland Perry
We seem to be converging on the view that there is no-one capable of
issuing anything. So we have driving examiners who give a "pass" to
avoid being beaten up
http://news.bbc.co.uk/1/hi/england/london/3404333.stm
Tends to make the point that driving examiners don't check photographs
terribly carefully.
This seems to be one those ratholes that Brian and I dislike, but
hey-ho, it's Friday.

This chap was only impersonating black males, and was caught.
Post by Ian G Batten
Post by Roland Perry
and Post Offices routinely giving out tax disks to
people with no insurance because they've been slipped a tenner.
I don't know how often this happens. I know someone who once got an MoT
certificate by mail order.
Yes, we all know bent MOTs are ten a penny, but that wasn't the risk I
mentioned.
--
Roland Perry
Owen Lewis
2004-09-10 09:52:21 UTC
Permalink
-----Original Message-----
Sent: 09 September 2004 19:06
Subject: Re: USA ID card for federal employees and contractors
The more places you can have a card issued, the more people there are
who can be suborned into issuing fake ones, of course. In Blunkett's
``one card to bind them all'' world, acquisition of a false ID card is
probably more powerful than a false State of Georgia driver's license,
and now you're devolving the power to issue them to large numbers of
lightly trained, lightly motivated, lightly cleared people. How skilled
will they be as document examiners, for example? What threat can be
used to keep them honest, as the ID-card business will be but a tiny
part of their commerce?
This is a good point but one that I think can be fully covered, provided
there is a suitable implementation of a personal ID scheme. One way in which
successful fraudulent manufacture can be curtailed is by adding information
at the national data base of unique information to that of the biometric(s)
and other personal information. If (ob crypto) by the use of cryptographic
techniques, this additional information cannot be recovered from an ID card
other but its correct tie to the card can be confirmed only by checking the
card-borne information with the detail on the database. This might be done
by something like the secure hash that we discussed here a while back.

One of the problems with the UK scheme (at least on the information
presently available on it) is that no such security mechanism seems to be
incorporated. OTOH is should be possible to incorporate such a mechanism
without making public the detail of it.

Owen
Ian G Batten
2004-09-10 10:06:10 UTC
Permalink
Post by Owen Lewis
Post by Ian G Batten
The more places you can have a card issued, the more people there are
who can be suborned into issuing fake ones, of course. In Blunkett's
``one card to bind them all'' world, acquisition of a false ID card is
probably more powerful than a false State of Georgia driver's license,
and now you're devolving the power to issue them to large numbers of
lightly trained, lightly motivated, lightly cleared people. How skilled
will they be as document examiners, for example? What threat can be
used to keep them honest, as the ID-card business will be but a tiny
part of their commerce?
This is a good point but one that I think can be fully covered, provided
there is a suitable implementation of a personal ID scheme. One way in which
successful fraudulent manufacture can be curtailed is by adding information
at the national data base of unique information to that of the biometric(s)
and other personal information. If (ob crypto) by the use of cryptographic
I don't see how that would address some obvious attacks.

Let's assume that ID cards are to be issued to the people of the
Highlands by bolting the service onto the travelling library, or the
travelling cinema, or the post bus.

A van pulls up in a little village, and someone knocks on the door and
asks for an ID card. They present a passport, a birth certificate, a
photograph signed by a witness and a completed application form. What
skills does the librarian have to assess the validity of the documents?
In Ross' heirarchy of examiners, s/he's level 1: inexperienced,
ill-trained and actively motivated to pass the documents so s/he can get
on with the real job of issuing books to the queue of readers building
outside the van.

Result: an ID card in a false name, containing real biometrics. It
doesn't really matter if later the passport is shown to be fake, perhaps
from a scan taken at the time of issuing --- absent an online check, the
ID card holder has a valid ID card.

More insidiously, someone turns up with a _genuine_ passport which has
been crudely modified to contain a photograph of the applicant by
sticking a new photograph over the old one. If the librarian objects
they are either threatened --- lone worker, remember? --- or bribed.
The only way this one would be caught would be by comparing a scan of
the passport with a scan of the original issued document, and again, by
then it's too late.

How many librarians are going to be prepared to get beaten up in order
to protect the integrity of the ID card scheme?

ian
Roland Perry
2004-09-10 10:22:49 UTC
Permalink
Post by Ian G Batten
How many librarians are going to be prepared to get beaten up in order
to protect the integrity of the ID card scheme?
Not very many, but you need to think this through. All the cards they've
issued that day will be logged on the central database. And after
they've issued one under duress it will be simplicity itself to "mark
that card", so that when it's first presented somewhere that the people
*do* make a career out of not being beaten up, it can be confiscated and
the culprit apprehended.
--
Roland Perry
Brian Beesley
2004-09-13 08:08:55 UTC
Permalink
Post by Owen Lewis
One of the problems with the UK scheme (at least on the information
presently available on it) is that no such security mechanism seems to be
incorporated. OTOH is should be possible to incorporate such a mechanism
without making public the detail of it.
Ah, "security" by obfuscation again. This is effectively the same argument as
insisting that Microsoft products must be more secure than open source
software, or that gun crime cannot possibly exist since public ownership of
handguns was criminalized post-Dunblane.

The public MUST be able to evaluate the security mechanisms, otherwise there
will be neither trust nor security.

Brian Beesley
Owen Lewis
2004-09-13 10:38:21 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 09:09
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
One of the problems with the UK scheme (at least on the information
presently available on it) is that no such security mechanism
seems to be
Post by Owen Lewis
incorporated. OTOH is should be possible to incorporate such a mechanism
without making public the detail of it.
Ah, "security" by obfuscation again. This is effectively the same argument as
insisting that Microsoft products must be more secure than open source
software, or that gun crime cannot possibly exist since public
ownership of
handguns was criminalized post-Dunblane.
The public MUST be able to evaluate the security mechanisms,
otherwise there
will be neither trust nor security.
This is the standard security newbie mantra.

The truth is:

- The 'public' is simply not competent to evaluate many security
mechanisms.

- Where evaluation is within the public competence, it rarely chooses to
make such evaluation (else why are Yale-type rimlocks fitted to >90% of
homes?).

- Govts (here and elsewhere) choose not to disclose nor discuss their own
security procedures. This does not mean that these procedures are not
evaluated by those qualified to do so.

- Much security rests necessarily on some degree of obscurity. Private
crypto keys are but one small example. In another example (e.g. book code)
the strength of the code relies on maintaining secrecy as to the method of
coding.


Owen
Adrian Midgley
2004-09-21 21:28:03 UTC
Permalink
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
That argument really doesn't help.
--
Adrian Midgley Open Source software is better
GP, Exeter http://www.defoam.net/
Ian G Batten
2004-09-22 09:32:01 UTC
Permalink
Post by Adrian Midgley
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
Hmm. That's a pretty flakey argument. Firstly, in many fields it's
been shown time and time again that the professions accord other members
of their profession vast lengths of slack even at the expense of the
public interest. Secondly, in many fields there is a monopoly employer
whose displeasure is career-ending. And thirdly, in the case of
security there is the Official Secrets Act and various clearance
issues.

ian
Owen Lewis
2004-09-22 09:54:57 UTC
Permalink
-----Original Message-----
Sent: 22 September 2004 10:32
Subject: Re: USA ID card for federal employees and contractors
Post by Adrian Midgley
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
Hmm. That's a pretty flakey argument. Firstly, in many fields it's
been shown time and time again that the professions accord other members
of their profession vast lengths of slack even at the expense of the
public interest.
Sad but true. 'I'll scratch your back if you scratch mine' is a common human
weakness. Nevertheless, it does not *have* to be so. I'd guess that in the
evaluation of security mechanisms, limitations on the agreed brief (and thus
limitations on cost) are probably the greatest single limitation on expert
advice. Consider ITSEC? Then there is commonly a lack of standards against
which to assess what is satisfactorily secure and what is not. IMO, ITSEC
(at the E4 level and below anyway) sidesteps rather than removes this
problem.
Secondly, in many fields there is a monopoly employer
whose displeasure is career-ending. And thirdly, in the case of
security there is the Official Secrets Act and various clearance
issues.
I think your underlying point is a fair one - that it is very hard above a
certain level to know who to trust.

Owen
Owen Lewis
2004-09-22 09:37:36 UTC
Permalink
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as narrow
and as brief as I can. Where source code is published, most of the public
cannot read it. Among those who can read it there are only a few who are
competent to properly evaluate cryptological strength. Of those few, only
some are both competent and are provided with sufficient information to
assess whether the implementation of the code and the manner in which the
whole cryptosystem is used provide good security.

Such work can be done but it requires both great knowledge and experience. I
think it was Kahn who once wrote that a DDIRNSA told him that none of the
NSA's employee's were employed on cryptanalysis until they had had several
years experience of and has shown themselves talented at cipher system
making. That sounds like good advice to me.

You are of course right that a member of the public is free to hire its own
experts and a few, a very few, do so - and at great expense. The remainder
either feel comfy in the knowledge that they could do so if they wanted to
or else have that arrogant confidence in their own abilities that is so
often a part of the human condition accompanying a little learning.

In the hands of the general public, most if not all cipher systems can be
subverted. This is often not because the ciphers are bad but because their
use is managed in a stupid way. The fundamental public conceit, that I think
it is fair to lay at the door of PRZ, is that (for most purposes) two
strangers can share a real secret securely where both do not owe some common
duty to a third party.

In the developed world, the govts of most countries have 'grown up' in the
last ten years in their attitude to the use by the general public of
cryptographic systems. Current policy is to encourage the provision systems
for mass use that are very hard indeed to break in a hostile manner but
which give fast and simple access to LEA in the legitimate pursuit of their
duties. GSM, designed in the early 90's, made no specific provision for
rapid access to call content by LEA - despite the limitation that the calls
are enciphered between the mobile and cell base station only. 3G UTMS, it
seems will have a good cipher, encryption over more of the call route,
spoofing counter-measures - and rapid access to call content for LEA.

Few if any of us would tolerate the conditions for perfect security even if
it were made available to us. Another way of saying the same is that to live
tolerably is a less that totally secure business. IMO, there are relatively
persons who have a real requirement to conduct part of their dealings in
great secrecy. those that do should make their arrangements with great care
and, as you imply, with expert advice.

The public are well advised to observe the maxim. 'Two can keep a secret if
one of them is dead'. However, such observance is simply antipathetic to
human nature.

Owen
Brian Gladman
2004-09-22 10:16:04 UTC
Permalink
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
Collectively the 'public' has found many weaknesses in published
encryption schemes that the authors themselves believed to be sound.

Moreover a number of government encryption schemes and protocols have
fallen within weeks of being made available for public review.

So the 'public' does have considerable competence in this respect.

The important points about public review are that the expertise bought
to bear is collective and the public get to decide for themselves who
they wish to trust.

Brian Gladman
Owen Lewis
2004-09-22 10:48:17 UTC
Permalink
-----Original Message-----
Sent: 22 September 2004 11:16
Subject: Re: USA ID card for federal employees and contractors
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
Collectively the 'public' has found many weaknesses in published
encryption schemes that the authors themselves believed to be sound.
We need to be careful as to what we consider 'the public' to be. Your
essential point, that authors are never the best persons to evaluate their
own work, is entirely a fair one.
Moreover a number of government encryption schemes and protocols have
fallen within weeks of being made available for public review.
Public review or peer (where peer=expert) review? The two are not the same
thing.
So the 'public' does have considerable competence in this respect.
Only if one twists the meaning of public into a quite unnatural shape. Doing
so merely confuses or deludes those who are not expert.
The important points about public review are that the expertise bought
to bear is collective
Again, you use the word 'public' but must, I think, mean 'peer'. The words
are simply not synonymous.
and the public get to decide for themselves who
they wish to trust.
And that has little to do with security, much to do with image and something
to do with the herd instinct.

Owen
Brian Gladman
2004-09-22 11:15:37 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Brian Gladman
- The 'public' is simply not competent to evaluate many security
mechanisms.
Collectively the 'public' has found many weaknesses in published
encryption schemes that the authors themselves believed to be sound.
We need to be careful as to what we consider 'the public' to be. Your
essential point, that authors are never the best persons to evaluate their
own work, is entirely a fair one.
I was using the term 'public' in the same way that I believe the
original poster was doing (I have lost track of who this was). He will
no doubt correct me if my interpretation is wrong.
Post by Owen Lewis
Post by Brian Gladman
Moreover a number of government encryption schemes and protocols have
fallen within weeks of being made available for public review.
Public review or peer (where peer=expert) review? The two are not the same
thing.
Yes, public review is wider than peer review and is the basis on which
publicly accountable peer review can take place.
Post by Owen Lewis
Post by Brian Gladman
So the 'public' does have considerable competence in this respect.
Only if one twists the meaning of public into a quite unnatural shape. Doing
so merely confuses or deludes those who are not expert.
It does not need to be twisted. The purpose of public review (not peer
review) is to bring the collective expertise of the community to bear on
an issue in a way that provides for public visibility, accountability
and trust in the processes involved and in the results achieved.
Post by Owen Lewis
Post by Brian Gladman
The important points about public review are that the expertise bought
to bear is collective
Again, you use the word 'public' but must, I think, mean 'peer'. The words
are simply not synonymous.
Post by Brian Gladman
and the public get to decide for themselves who
they wish to trust.
And that has little to do with security, much to do with image and something
to do with the herd instinct.
On the contrary, in my view this has everything to do with the security
and safety of the public.

Brian Gladman
Owen Lewis
2004-09-22 12:22:01 UTC
Permalink
-----Original Message-----
Sent: 22 September 2004 12:16
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
Post by Brian Gladman
- The 'public' is simply not competent to evaluate many security
mechanisms.
Collectively the 'public' has found many weaknesses in published
encryption schemes that the authors themselves believed to be sound.
We need to be careful as to what we consider 'the public' to be. Your
essential point, that authors are never the best persons to
evaluate their
Post by Owen Lewis
own work, is entirely a fair one.
I was using the term 'public' in the same way that I believe the
original poster was doing (I have lost track of who this was). He will
no doubt correct me if my interpretation is wrong.
Post by Owen Lewis
Post by Brian Gladman
Moreover a number of government encryption schemes and protocols have
fallen within weeks of being made available for public review.
Public review or peer (where peer=expert) review? The two are
not the same
Post by Owen Lewis
thing.
Yes, public review is wider than peer review and is the basis on which
publicly accountable peer review can take place.
I feel the sands shifting. Let's see if we can set them in place. Public
review (e.g. as envisaged by PRZ in his PGP manual) is largely delusory;
this envisages that everyman can make his own check. Peer (=expert) review
is the only way to go. Whether or not peer review is accountable to the
public is debatable. Sometimes it will clearly not be so and, where it
claims to be so, what are the terms of the claimed accountability and who
can determine whether or not those terms are met.
Post by Owen Lewis
Post by Brian Gladman
So the 'public' does have considerable competence in this respect.
Only if one twists the meaning of public into a quite unnatural
shape. Doing
Post by Owen Lewis
so merely confuses or deludes those who are not expert.
It does not need to be twisted. The purpose of public review (not peer
review) is to bring the collective expertise of the community to bear on
an issue in a way that provides for public visibility, accountability
and trust in the processes involved and in the results achieved.
See the above. Moreover, there are some methods for the securing of
information in transit or in store which are really quite strong, provided
critical elements of the method are kept strictly secret.
Post by Owen Lewis
Post by Brian Gladman
The important points about public review are that the expertise bought
to bear is collective
Again, you use the word 'public' but must, I think, mean
'peer'. The words
Post by Owen Lewis
are simply not synonymous.
Post by Brian Gladman
and the public get to decide for themselves who
they wish to trust.
And that has little to do with security, much to do with image
and something
Post by Owen Lewis
to do with the herd instinct.
On the contrary, in my view this has everything to do with the security
and safety of the public.
But not whilst it is driven by image and herd instinct.

Owen
Brian Gladman
2004-09-22 13:46:14 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Brian Gladman
I was using the term 'public' in the same way that I believe the
original poster was doing (I have lost track of who this was). He will
no doubt correct me if my interpretation is wrong.
Post by Owen Lewis
Post by Brian Gladman
Moreover a number of government encryption schemes and protocols have
fallen within weeks of being made available for public review.
Public review or peer (where peer=expert) review? The two are
not the same
Post by Owen Lewis
thing.
Yes, public review is wider than peer review and is the basis on which
publicly accountable peer review can take place.
I feel the sands shifting. Let's see if we can set them in place. Public
review (e.g. as envisaged by PRZ in his PGP manual) is largely delusory;
this envisages that everyman can make his own check. Peer (=expert) review
is the only way to go. Whether or not peer review is accountable to the
public is debatable. Sometimes it will clearly not be so and, where it
claims to be so, what are the terms of the claimed accountability and who
can determine whether or not those terms are met.
No shifting of sand here since I back exactly what PRZ says. Everybody
who relies on, or is required to rely on, some product for their
security or safety should, in principle, have all the information about
the product that is necessary to judge for themselves whether it is fit
for this purpose.

Whether this information is of any _direct_ value to them as an
individual _in practice_ is a quite different issue.
Post by Owen Lewis
Post by Brian Gladman
Post by Owen Lewis
Post by Brian Gladman
So the 'public' does have considerable competence in this respect.
Only if one twists the meaning of public into a quite unnatural
shape. Doing
Post by Owen Lewis
so merely confuses or deludes those who are not expert.
It does not need to be twisted. The purpose of public review (not peer
review) is to bring the collective expertise of the community to bear on
an issue in a way that provides for public visibility, accountability
and trust in the processes involved and in the results achieved.
See the above. Moreover, there are some methods for the securing of
information in transit or in store which are really quite strong, provided
critical elements of the method are kept strictly secret.
Yes - "keys" for example. Operational secrecy can (and very often is)
important but the security value of a design can be discounted just as
soon as its purveyor claims that the security of those who are asked to
rely on it depends on these very people not knowing the details of its
design.
Post by Owen Lewis
Post by Brian Gladman
Post by Owen Lewis
Post by Brian Gladman
The important points about public review are that the expertise bought
to bear is collective
Again, you use the word 'public' but must, I think, mean
'peer'. The words
Post by Owen Lewis
are simply not synonymous.
Post by Brian Gladman
and the public get to decide for themselves who
they wish to trust.
And that has little to do with security, much to do with image
and something
Post by Owen Lewis
to do with the herd instinct.
On the contrary, in my view this has everything to do with the security
and safety of the public.
But not whilst it is driven by image and herd instinct.
Those were your words not mine.

Brian Gladman
Owen Lewis
2004-10-01 08:08:26 UTC
Permalink
-----Original Message-----
Sent: 22 September 2004 14:46
Subject: Re: USA ID card for federal employees and contractors
[snip]
.... Public
review (e.g. as envisaged by PRZ in his PGP manual) is largely delusory;
this envisages that everyman can make his own check. Peer
(=expert) review
is the only way to go. Whether or not peer review is accountable to the
public is debatable. Sometimes it will clearly not be so and, where it
claims to be so, what are the terms of the claimed
accountability and who
can determine whether or not those terms are met.
..... I back exactly what PRZ says. Everybody
who relies on, or is required to rely on, some product for their
security or safety should, in principle, have all the information about
the product that is necessary to judge for themselves whether it is fit
for this purpose.
In terms of a cryptosystem that's far harder to do that providing the source
code for the cipher and its bindery. In terms of a cryptosystem delivered as
a piece of software only, on taking receipt of it one is at the beginning
and not the end of one's security concerns - and the software author or any
peer group review of that software is only able to offer general homilies by
way of advice to the tyro user.

The core of my concern here is that the tyro thinks that slipping his new
software into his PC gives him security as strong as he is assured that the
cipher is. He obtains no such thing. All security is a chain of interlocking
parts and the chain (his security) is only ever as strong as its weakest
link.
Whether this information is of any _direct_ value to them as an
individual _in practice_ is a quite different issue.
Well, I'd say that if the information is usually of little practical value
to them (and we seem agreed that this is the case) then any theoretic value
over and above this is a matter of politics only and benefits their security
not one jot. And it is the security and not the politics that is the issue
here.
...... Moreover, there are some methods for the securing of
information in transit or in store which are really quite
strong, provided
critical elements of the method are kept strictly secret.
Yes - "keys" for example. Operational secrecy can (and very often is)
important but the security value of a design can be discounted just as
soon as its purveyor claims that the security of those who are asked to
rely on it depends on these very people not knowing the details of its
design.
Well, take a book code. Provided the *method* of the coding is kept secret
these can be very secure. And that with the key of the day sent in plain
text by e-mail :-)

IMO, there is overemphasis on cipher breaking by key recovery. Though this
is sometimes done, a sensitive reading of Kahn would suggest cipher texts
are more often cracked by either spoofing attacks or a crib of some sort.
The stories of ULTRA and of VENONA give examples of this point.
Post by Brian Gladman
Post by Owen Lewis
Post by Brian Gladman
and the public get to decide for themselves who
they wish to trust.
And that has little to do with security, much to do with image
and something to do with the herd instinct.
On the contrary, in my view this has everything to do with the security
and safety of the public.
But not whilst it is driven by image and herd instinct.
Those were your words not mine.
Quite so. Image and herd instinct are two of the main drivers of public
opinion. Too frequently, it seems, they are the only discernible drivers.

Owen
Brian Gladman
2004-10-01 10:18:32 UTC
Permalink
Post by Owen Lewis
-----Original Message-----
Sent: 22 September 2004 14:46
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
The core of my concern here is that the tyro thinks that slipping his new
software into his PC gives him security as strong as he is assured that the
cipher is. He obtains no such thing. All security is a chain of interlocking
parts and the chain (his security) is only ever as strong as its weakest
link.
This is incorrect. Although it is frequently true that security is only
as strong as the weakest link, there are situations in which it is known
that the security achieved is at least as strong as the strongest link.
Post by Owen Lewis
Whether this information is of any _direct_ value to them as an
individual _in practice_ is a quite different issue.
Well, I'd say that if the information is usually of little practical value
to them (and we seem agreed that this is the case) then any theoretic value
Not quite - what we seem to agree on is that the information is usually
of little _direct_ practical value to them.
Post by Owen Lewis
over and above this is a matter of politics only and benefits their security
not one jot. And it is the security and not the politics that is the issue
here.
This is one area where we disagree. You take the view that the political
apects of public disclosure have no practical security value whereas I
take the exact opposite view.
Post by Owen Lewis
...... Moreover, there are some methods for the securing of
information in transit or in store which are really quite
strong, provided
critical elements of the method are kept strictly secret.
Yes - "keys" for example. Operational secrecy can (and very often is)
important but the security value of a design can be discounted just as
soon as its purveyor claims that the security of those who are asked to
rely on it depends on these very people not knowing the details of its
design.
Well, take a book code. Provided the *method* of the coding is kept secret
these can be very secure. And that with the key of the day sent in plain
text by e-mail :-)
However, if those who who are asked to rely on this for their security
want to be secure they will need to understand the details of the method
that is proposed.

[snip]
Post by Owen Lewis
But not whilst it is driven by image and herd instinct.
Those were your words not mine.
Quite so. Image and herd instinct are two of the main drivers of public
opinion. Too frequently, it seems, they are the only discernible drivers.
I suspect that the public do have a good idea of the importance of
public disclosure in a more general setting since they see plenty of
examples of what goes wrong when things are done in secret.

So it may well be that, if this particular herd instinct really exists,
it is one that has real benefits for the herd.

Brian Gladman
Paul Leyland
2004-10-01 11:15:35 UTC
Permalink
Post by Brian Gladman
This is incorrect. Although it is frequently true that security is only
as strong as the weakest link, there are situations in which it is known
that the security achieved is at least as strong as the strongest link.
Indeed. Parallel mechanisms as distinct from serial ones.

If I want to secure my house from burglars, having a door worthy of a
bank vault is of little consequence if the kitchen window is made of
regular glass.

On the other hand, if I want to secure myself when climbing down a
cliff, clipping one end of a length of string to my belt and the other
to an anchor point is not going to give me any less security than that
provided by the length of rope also thus attached.

Moral: "security" means many things. One meaning is "integrity". I
fail to see how adding an MD5 hash to a document weakens in anyway the
security provided by an attached SHA-1 hash. It almost certainly
strengthens the overall security of the document against wilful
modification.
Post by Brian Gladman
Post by Brian Gladman
Whether this information is of any _direct_ value to them as an
individual _in practice_ is a quite different issue.
Too true!


Paul
Owen Lewis
2004-10-03 22:05:03 UTC
Permalink
-----Original Message-----
Sent: 01 October 2004 12:16
Subject: Re: USA ID card for federal employees and contractors
Post by Brian Gladman
This is incorrect. Although it is frequently true that security is only
as strong as the weakest link, there are situations in which it
is known
Post by Brian Gladman
that the security achieved is at least as strong as the strongest link.
Indeed. Parallel mechanisms as distinct from serial ones.
If I want to secure my house from burglars, having a door worthy of a
bank vault is of little consequence if the kitchen window is made of
regular glass.
On the other hand, if I want to secure myself when climbing down a
cliff, clipping one end of a length of string to my belt and the other
to an anchor point is not going to give me any less security than that
provided by the length of rope also thus attached.
Whereas the point you make is not wrong, are you driving to an inappropriate
conclusion?

Let's take your example one step further:

Breaking strain of rope = 1000 lbs

Breaking strain of string = 10 lbs

Thus with rope and string, your protection is not 1000 lbs (strength of the
strongest link) but 1010lbs, giving you greater protection than you would
have with the rope alone (whether you need such over-protection is another
matter - though very germane to a discussion of cipher systems).

Now applying that thought properly to crypto systems is tricky , since the
'time - to - crack' of a strong cipher (ttc1)and a weak cipher (ttc2)
sending the same information on parallel communication paths is not
additive. Rather, it remains the ttc2 afforded by the weaker cipher only.

How can one arrange communication so that the ttc is that of the strong
cipher? For the moment, it seems to me that if you arrange the strong and
weak ciphers in *series*, i.e. superencryption obtains for you the sum of
ttc1 + ttc2 (=TTC(T)).

So what arrangements can you make so that ttc1==TTC(T)?
Moral: "security" means many things. One meaning is "integrity". I
fail to see how adding an MD5 hash to a document weakens in anyway the
security provided by an attached SHA-1 hash. It almost certainly
strengthens the overall security of the document against wilful
modification.
Post by Brian Gladman
Post by Brian Gladman
Whether this information is of any _direct_ value to them as an
individual _in practice_ is a quite different issue.
Too true!
Amen. But, in my book, it is the practical benefit that is of importance. A
classic case of 'Never mind the quality, feel the width'?

Owen
David Hansen
2004-10-04 10:23:23 UTC
Permalink
Post by Owen Lewis
How can one arrange communication so that the ttc is that of the strong
cipher? For the moment, it seems to me that if you arrange the strong and
weak ciphers in *series*, i.e. superencryption obtains for you the sum of
ttc1 + ttc2 (=TTC(T)).
Does that not depend on various factors (which I do not even pretend to
know about)?

ISTR a long time ago the Germans believed this and those at Bletchley
Park showed that it aint necessarily so.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Owen Lewis
2004-10-04 11:49:31 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 11:23
Subject: RE: USA ID card for federal employees and contractors
Post by Owen Lewis
How can one arrange communication so that the ttc is that of the strong
cipher? For the moment, it seems to me that if you arrange the
strong and
Post by Owen Lewis
weak ciphers in *series*, i.e. superencryption obtains for you
the sum of
Post by Owen Lewis
ttc1 + ttc2 (=TTC(T)).
Does that not depend on various factors (which I do not even pretend to
know about)?
ISTR a long time ago the Germans believed this and those at Bletchley
Park showed that it aint necessarily so.
You are right; t'ain't necessarily so but, for a simple illustration of
principles, its a reasonably fair approximation where the ciphers are
entirely dissimilar. Particularly where one re-enciphers a text using the
same algorithm one may have to be rather more circumspect.

Owen
Peter Tomlinson
2004-10-02 06:06:40 UTC
Permalink
Post by Brian Gladman
.. Image and herd instinct are two of the main drivers of
public opinion. Too frequently, it seems, they are the only
discernible drivers.
I suspect that the public do have a good idea of the importance of
public disclosure in a more general setting since they see plenty of
examples of what goes wrong when things are done in secret.
So it may well be that, if this particular herd instinct really
exists, it is one that has real benefits for the herd.
Many of the public are suspicious and cynical about the activities of
large organisations (private or public), but at the same time often
cannot do other than go along with the claims made about products and
services. Disclosure then needs vicarious authority in the hands of
those outside the secret ring - namely the regulators, academics, the
independent experts and the media - to even the balance on behalf of the
public.

Peter
Owen Lewis
2004-10-03 22:05:04 UTC
Permalink
-----Original Message-----
Tomlinson
Sent: 02 October 2004 07:07
Subject: Re: USA ID card for federal employees and contractors
Post by Brian Gladman
.. Image and herd instinct are two of the main drivers of
public opinion. Too frequently, it seems, they are the only
discernible drivers.
I suspect that the public do have a good idea of the importance of
public disclosure in a more general setting since they see plenty of
examples of what goes wrong when things are done in secret.
So it may well be that, if this particular herd instinct really
exists, it is one that has real benefits for the herd.
Many of the public are suspicious and cynical about the activities of
large organisations (private or public), but at the same time often
cannot do other than go along with the claims made about products and
services. Disclosure then needs vicarious authority in the hands of
those outside the secret ring - namely the regulators, academics, the
independent experts and the media - to even the balance on behalf of the
public.
Well, that's a thought. But where is the *practical* as opposed to the
*political* benefit?

Owen
Brian Gladman
2004-10-04 08:26:19 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Peter Tomlinson
Many of the public are suspicious and cynical about the activities of
large organisations (private or public), but at the same time often
cannot do other than go along with the claims made about products and
services. Disclosure then needs vicarious authority in the hands of
those outside the secret ring - namely the regulators, academics, the
independent experts and the media - to even the balance on behalf of the
public.
Well, that's a thought. But where is the *practical* as opposed to the
*political* benefit?
Your comment implies that (at least for the issue being discussed) you
see no overlap between these two categories of benefit.

I suspect that many will not share this view.

In fact I am very doubtful that the benefits of political advances can
ever be sensibly judged when isolated from the practical benefits that
they are intended to secure.

Brian Gladman
Owen Lewis
2004-10-04 09:38:31 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 09:26
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
Post by Peter Tomlinson
Many of the public are suspicious and cynical about the activities of
large organisations (private or public), but at the same time often
cannot do other than go along with the claims made about products and
services. Disclosure then needs vicarious authority in the hands of
those outside the secret ring - namely the regulators, academics, the
independent experts and the media - to even the balance on behalf of the
public.
Well, that's a thought. But where is the *practical* as opposed to the
*political* benefit?
Your comment implies that (at least for the issue being discussed) you
see no overlap between these two categories of benefit.
I suspect that many will not share this view.
=======
Well, I'd say that if the information is usually of little practical value
to them (and we seem agreed that this is the case) then any theoretic
value

Brian:
Not quite - what we seem to agree on is that the information is usually
of little _direct_ practical value to them.
over and above this is a matter of politics only and benefits their
security
not one jot. And it is the security and not the politics that is the issue
here.
Brian:
This is one area where we disagree. You take the view that the political
aspects of public disclosure have no practical security value whereas I
take the exact opposite view.

======

Politics and religion in common rest on belief - a leap of faith. No
politician or religionist of any of the many different creeds could ever
think that their belief was of not practical value. Amazing than that so
many manage so successfully without the blessing of either.

More seriously, it may well be a necessary condition of humanity to believe
in something - but very few of us cleave to an identical set of beliefs. In
practical terms, this makes the value of any given set of beliefs suspect. I
think that such benefit that is to be derived from beliefs is comes mainly
from the vectors created where beliefs impinge one on another. In my view,
this is not a practical benefit. Nevertheless, is a benefit worth having.
In fact I am very doubtful that the benefits of political advances can
ever be sensibly judged when isolated from the practical benefits that
they are intended to secure.
Quod ed demonstrandum :-)

Owen
Roland Perry
2004-09-22 11:21:22 UTC
Permalink
the public get to decide for themselves who they wish to trust.
Mori says 80% trust the Home Office to run an ID Card scheme.
--
Roland Perry
Brian Morrison
2004-09-22 15:14:47 UTC
Permalink
On Wed, 22 Sep 2004 12:21:22 +0100 in
Post by Roland Perry
the public get to decide for themselves who they wish to trust.
Mori says 80% trust the Home Office to run an ID Card scheme.
And the exact question that this answer emerged from could easily have
been slanted....
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Roland Perry
2004-09-22 15:29:43 UTC
Permalink
Post by Brian Morrison
Post by Roland Perry
Mori says 80% trust the Home Office to run an ID Card scheme.
And the exact question that this answer emerged from could easily have
been slanted....
Yes, but are you arguing that a less slanted question would have got 75%
support, or 7.5% support?

Methinks a new and entirely transparent market research exercise by the
"anti's" is one of the few ways to resolve this.
--
Roland Perry
Brian Morrison
2004-09-22 15:36:56 UTC
Permalink
On Wed, 22 Sep 2004 16:29:43 +0100 in
Post by Roland Perry
Post by Brian Morrison
Post by Roland Perry
Mori says 80% trust the Home Office to run an ID Card scheme.
And the exact question that this answer emerged from could easily
have been slanted....
Yes, but are you arguing that a less slanted question would have got
75% support, or 7.5% support?
I don't know, I suspect that reality is somewhere in the middle of these
figures.
Post by Roland Perry
Methinks a new and entirely transparent market research exercise by
the "anti's" is one of the few ways to resolve this.
Yes, but as ever some education is needed from both sides before asking
the questions again.
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Adrian Midgley
2004-09-22 18:17:47 UTC
Permalink
Post by Owen Lewis
Post by Adrian Midgley
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as
narrow and as brief as I can. Where source code is published, most of the
public cannot read it. Among those who can read it there are only a few who
are competent to properly evaluate cryptological strength. Of those few,
only some are both competent and are provided with sufficient information
to assess whether the implementation of the code and the manner in which
the whole cryptosystem is used provide good security.
There is a much simpler underlying principle which is that the fear of being
caught helps keep (some) people honest, and that laziness is reduced by
observation.

So while the natural tendency in many areas seems to be to reassure rather
than demonstrate "yes, it is safe, our hand-picked carefully trained and (by
us) certified experts have checked it carefully but you don't need to see it
yourself" the knowledge that the innards _will_ be seen by people who
potentially some time in the career of the reassurer may be competent to spot
carelessness or deception makes it cheaper to do it right.
--
Adrian Midgley Open Source software is better
GP, Exeter http://www.defoam.net/
Ian G Batten
2004-09-23 11:46:53 UTC
Permalink
Post by Adrian Midgley
So while the natural tendency in many areas seems to be to reassure rather
than demonstrate "yes, it is safe, our hand-picked carefully trained and (by
us) certified experts have checked it carefully but you don't need to see it
yourself" the knowledge that the innards _will_ be seen by people who
potentially some time in the career of the reassurer may be competent to spot
carelessness or deception makes it cheaper to do it right.
Presumably you'd argue that it is the scrutiny of doctors who sign
cremation certificates that prevents doctors from embarking upon
long-running campaigns of offing their patients? The scrutiny of
auditors who sign accounts that prevents the boards of companies from
engaging in financial malpractice? The scrutiny of MPs who vote on
legislation that prevents governments from implementing bad law?

ian
Adrian Midgley
2004-09-25 06:40:14 UTC
Permalink
Post by Ian G Batten
Presumably you'd argue that it is the scrutiny of doctors who sign
cremation certificates that prevents doctors from embarking upon
long-running campaigns of offing their patients? The scrutiny of
auditors who sign accounts that prevents the boards of companies from
engaging in financial malpractice? The scrutiny of MPs who vote on
legislation that prevents governments from implementing bad law?
If laws were unpublished, secret laws, is it anticipated they would be better
as a result? They would have been scrutinised by the draftsmen and
government...

A closer analogy in my field would be whether there is merit in Practices and
hospitals publishing outcome figures, and if so whether there is more merit
in them being tied to individual doctors.
I tend to think that there is, and that fairly raw figures are usable, but
others might say that I would be interpreting such figures with knowledge (eg
of fitness classifications for patients undergoing cardiac surgery) that is
not available to the general public (eg people with malfunctioning heart
valves or coronary arteries) and that such figures owuld be unfair to thos
surgeons willing to operate on the hardest/sickest cases, to the detriment of
those who need it...

I don't think it is public scrutiny or even peer group scrutiny of the plans
of bridges that prevents engineers installing randomly activated trapdoors in
the centre, or garrotting wires at throat level, although it is possible that
fractions of current or attempted government might see electoral
possibilities in persuading the public that scrutiny against such ideas is
essential to their safety. Only an engineer may really understand how
bridges buckle and fail, but anyone who reads New Scientist may have an idea
about it, and a lot of people can follow a worked example.
--
Adrian Midgley Open Source software is better
GP, Exeter http://www.defoam.net/
Owen Lewis
2004-10-01 08:08:29 UTC
Permalink
-----Original Message-----
Midgley
Sent: 22 September 2004 19:18
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Post by Adrian Midgley
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as
narrow and as brief as I can. Where source code is published,
most of the
Post by Owen Lewis
public cannot read it. Among those who can read it there are
only a few who
Post by Owen Lewis
are competent to properly evaluate cryptological strength. Of those few,
only some are both competent and are provided with sufficient
information
Post by Owen Lewis
to assess whether the implementation of the code and the manner in which
the whole cryptosystem is used provide good security.
There is a much simpler underlying principle which is that the
fear of being
caught helps keep (some) people honest, and that laziness is reduced by
observation.
So while the natural tendency in many areas seems to be to
reassure rather
than demonstrate "yes, it is safe, our hand-picked carefully
trained and (by
us) certified experts have checked it carefully but you don't
need to see it
yourself" the knowledge that the innards _will_ be seen by people who
potentially some time in the career of the reassure may be
competent to spot
carelessness or deception makes it cheaper to do it right.
See other posts in this thread. The reality is that many (most) who buy
crypto out 'of the box' think that in buying it their security becomes as
strong as they are told the cipher is. But this is not so. Even the GSM
implementation of A5/1 is greatly stronger that the security of information
that most will provide for themselves. Making it stronger would be delusory
until one brought the rest of one's security up to the same level. Only
those who are really serious about their security (and suffer cost and some
inconvenience on its account) are prepared to do this.

Owen
Brian Beesley
2004-09-28 08:01:05 UTC
Permalink
Post by Owen Lewis
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as
narrow and as brief as I can. Where source code is published, most of the
public cannot read it. Among those who can read it there are only a few who
are competent to properly evaluate cryptological strength.
The real danger is that there are loopholes within the program that either
bypass cryptography altogether or substitute a much weaker cipher - so that a
message which is supposedly "unbreakable" is in fact trivially decoded to
anyone in the know.

It doesn't matter how well the AES module is coded if the program actually
uses Caesar substitution when the user selects AES.

These loopholes (together with other coding defects e.g. buffer overflows
which could reveal plaintext) can be found by a competent programmer with no
knowledge of cryptography.

Brian Beesley
Ian G Batten
2004-09-28 08:25:52 UTC
Permalink
Post by Brian Beesley
It doesn't matter how well the AES module is coded if the program actually
uses Caesar substitution when the user selects AES.
Or the USB dongle recently discussed on /. which turns out to use AES
`correctly', but stores the keymat, crudely XOR'd with a fixed pattern,
in case the user forgets their password.

ian
Charles Lindsey
2004-09-28 13:59:37 UTC
Permalink
On Tue, 28 Sep 2004 08:01:05 +0000, Brian Beesley
Post by Brian Beesley
Post by Owen Lewis
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as
narrow and as brief as I can. Where source code is published, most of the
public cannot read it. Among those who can read it there are only a few who
are competent to properly evaluate cryptological strength.
The real danger is that there are loopholes within the program that either
bypass cryptography altogether or substitute a much weaker cipher - so that a
message which is supposedly "unbreakable" is in fact trivially decoded to
anyone in the know.
It doesn't matter how well the AES module is coded if the program actually
uses Caesar substitution when the user selects AES.
Though that effect is easily discernible, without inspection of the code,
simply by inspecting the output of the program.

Essentially, if I want to produce a version (of PGP, say) with a trapdoor
in it, then these are my options:

0. Firstly, it cannot be done by tinkering with the actual encryption
process, because it would immediately fail to interoperate with other
implementations (e.g. GPG).

1. Arrange that the keys (whether private keys or session keys) are drawn
from a smaller set that is implied by the bit-length of the keys. Then, if
I know what that smaller set is, I can brute force any encrypted message.
That method cannot be detected by any inspection of input/output
behaviour, but onpy by examination of the key-generation code and
especially of the random number generator.

[As an aside, I understand that the weaknesses discovered in MD5 are such
as to make certain hashes more probable than others (i.e. they are not
spread uniformly over the space of all possible hashes. That worries me
because the PGP key generation process uses MD5 at various points to
jumble up various intermediate values arising during the process.]

2. Arrange for a covert channel to convey the private/session key,
possibly including it in some unused garbage bits in the encoded message
(e.g. somewhere in the PGP message headers). That should be detectable by
observation of input/output behaviour.

3. Arrange to use the wrong algorithm (but still one within the protocol)
as suggested by Brian.

4. Arrange for some evidence to be left on the sender's computer (this
presupposes that the 'enemy' can get access to that computer, or can
procure some excuse to seize it legally). PGP goes to a great deal of
trouble to 'wipe' storage areas that contained sensitive information,
paying due regard to paging and swap activities.

Are there any others? Anyway, my point is that you don't need to examine
the _whole_ of the source code to find such trojans (you won't find them
in the actual encoding, or in all the fancy GUI stuff). You concentrate on
the key generation, upon the assembly of the final message (where did all
the bits come from?) and on any attempt to open external connections, and
so on.

And you can gain a lot by following the action of the program with a
debugger, so that you will be lead to bits of code that might be worth
further investigation.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl-***@public.gmane.org      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
Owen Lewis
2004-10-03 18:55:27 UTC
Permalink
-----Original Message-----
Lindsey
Sent: 28 September 2004 15:00
Subject: Re: USA ID card for federal employees and contractors
On Tue, 28 Sep 2004 08:01:05 +0000, Brian Beesley
Post by Brian Beesley
Post by Owen Lewis
-----Original Message-----
Midgley
Sent: 21 September 2004 22:28
Subject: Re: USA ID card for federal employees and contractors
- The 'public' is simply not competent to evaluate many security
mechanisms.
The public is however at liberty to hire its own experts.
That argument really doesn't help.
This could actually be quite a large area of discussion. I keep it as
narrow and as brief as I can. Where source code is published, most of the
public cannot read it. Among those who can read it there are
only a few
Post by Brian Beesley
Post by Owen Lewis
who
are competent to properly evaluate cryptological strength.
The real danger is that there are loopholes within the program that either
bypass cryptography altogether or substitute a much weaker cipher - so that a
message which is supposedly "unbreakable" is in fact trivially
decoded to
Post by Brian Beesley
anyone in the know.
It doesn't matter how well the AES module is coded if the program actually
uses Caesar substitution when the user selects AES.
Though that effect is easily discernible, without inspection of the code,
simply by inspecting the output of the program.
Essentially, if I want to produce a version (of PGP, say) with a trapdoor
0. Firstly, it cannot be done by tinkering with the actual encryption
process, because it would immediately fail to interoperate with other
implementations (e.g. GPG).
As you imply, not a very sensible choice
1. Arrange that the keys (whether private keys or session keys) are drawn
from a smaller set that is implied by the bit-length of the
keys. Then, if
I know what that smaller set is, I can brute force any encrypted message.
That method cannot be detected by any inspection of input/output
behaviour, but onpy by examination of the key-generation code and
especially of the random number generator.
*Much* better choice, I'd say :-)

(Snip)
3. Arrange to use the wrong algorithm (but still one within the protocol)
as suggested by Brian.
This suggests deliberate wickedness. Whereas that can't be ruled out, I
suppose, I'd say that ignorance and oversight are the two most probable
causes of weakness in the design and coding. That said, I'd also guess that
weaknesses in implementation are by far the most common security flaws,
among the hardest to detect (because so many will be particular to the setup
of User A or User B).
4. Arrange for some evidence to be left on the sender's computer (this
presupposes that the 'enemy' can get access to that computer, or can
procure some excuse to seize it legally). PGP goes to a great deal of
trouble to 'wipe' storage areas that contained sensitive information,
paying due regard to paging and swap activities.
Well, I'd rather keep the discussion general but, since you mention PGP,
when he wrote PGP 1.0, PRZ, never having written a cipher before, wrote the
bulk cipher himself. That was not the best of ideas and was changed for ver
2.0 et seq. by the 'stone soup' crew who developed them. And there was no
secure wipe then either, nor for quite some years. Whilst secure wipe is not
a bad idea as a security measure, it does nothing to prevent the covert
acquisition of the user passphrase.
Are there any others?
Yes. There are :-) What and where is a matter of some sensitivity to those
whose interest is not academic in nature but whose trade relies on the
exploitation of weaknesses as and where and when they may be discovered.

One small example. A voice cipher unit, using a well-known 'secure cipher'
that radiated clear, two-way, analogue speech (NFM) speech in clear at
sufficient strength to be interceptable at a couple of hundred metres or
so, given a half-way decent receiver and antenna.
Anyway, my point is that you don't need to examine
the _whole_ of the source code to find such trojans (you won't find them
in the actual encoding, or in all the fancy GUI stuff). You
concentrate on
the key generation, upon the assembly of the final message (where did all
the bits come from?) and on any attempt to open external
connections, and
so on.
And you can gain a lot by following the action of the program with a
debugger, so that you will be lead to bits of code that might be worth
further investigation.
To return to the start of the sub-thread. Security is a chain that is only
as strong as its weakest link. In information security the cipher algorithm
is rarely if ever going to be the weakest link (pace PRZ). Expert analysis
'in the public interest' of the algorithm and the coding of the same is fair
enough - except that there are many (but not perhaps on lists such as this)
who see it as some 'Seal of Good Housekeeping' that assures their
information security if they use the product. But we know that life is not
that simple.

Brian says that his interest in such 'public good' examination is one of
principle. I'm happy to let that be, with the lie the rider only that my
interest is in its level of practical benefit.

Owen
Ian G Batten
2004-10-04 11:50:38 UTC
Permalink
Post by Owen Lewis
Yes. There are :-) What and where is a matter of some sensitivity to those
whose interest is not academic in nature but whose trade relies on the
exploitation of weaknesses as and where and when they may be discovered.
`Spycatcher' is full of nutcase paranoia and nutcase self-agrandisment,
but has some interesting stuff about cipher machines which radiated
cleartext baudot code down their power lead and cipher machines which
were so noisy when being set up that a microphone allowed you to have a
good go at what the settings were.

I must say, were I a bad person doing bad things I'd do them on a laptop
which I placed into a mesh bag while I used it...

ian
Owen Lewis
2004-10-04 12:22:38 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 12:51
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Yes. There are :-) What and where is a matter of some
sensitivity to those
Post by Owen Lewis
whose interest is not academic in nature but whose trade relies on the
exploitation of weaknesses as and where and when they may be discovered.
`Spycatcher' is full of nutcase paranoia and nutcase self-agrandisment,
Quite so. But it was a bloody good read that, red rag to a bull, would
ensure that HMG would make PW a millionaire - which was the purpose behind
its writing.
but has some interesting stuff about cipher machines which radiated
cleartext baudot code down their power lead and cipher machines which
were so noisy when being set up that a microphone allowed you to have a
good go at what the settings were.
I must say, were I a bad person doing bad things I'd do them on a laptop
which I placed into a mesh bag while I used it...
Tip. You need to earth the mesh bag. If you go that route, it also needs to
be large enough for you to climb into with the computer and then close the
double zips. :-) OTOH, if you can persuade them that you are a *good* person
and want to do *good* things - in Eye-rak or elsewhere - someone may be
prepared to sell you a laptop that doesn't need to be placed in that Cage.

Owen
Ian G Batten
2004-10-04 13:33:04 UTC
Permalink
Post by Owen Lewis
Tip. You need to earth the mesh bag.
Clearly.
Post by Owen Lewis
If you go that route, it also needs to
be large enough for you to climb into with the computer and then close the
double zips. :-) OTOH, if you can persuade them that you are a *good* person
I would be hoping that I could find a mesh flexible to type through. Or
I would cut two holes in the mesh bag and then attach (mechanically and
electrically) a pair of conductive gloves.
Post by Owen Lewis
and want to do *good* things - in Eye-rak or elsewhere - someone may be
prepared to sell you a laptop that doesn't need to be placed in that Cage.
Ah. But if someone told me that laptop they'd sold me didn't radiate,
could I trust them? There happens to be a certified EMC test facility
the other side of the corridor from my desk, so I could check, but many
people aren't so fortunate.

ian
Owen Lewis
2004-10-04 16:58:00 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 14:33
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
Tip. You need to earth the mesh bag.
Clearly.
Post by Owen Lewis
If you go that route, it also needs to
be large enough for you to climb into with the computer and
then close the
Post by Owen Lewis
double zips. :-) OTOH, if you can persuade them that you are a
*good* person
I would be hoping that I could find a mesh flexible to type through. Or
I would cut two holes in the mesh bag and then attach (mechanically and
electrically) a pair of conductive gloves.
Post by Owen Lewis
and want to do *good* things - in Eye-rak or elsewhere - someone may be
prepared to sell you a laptop that doesn't need to be placed in
that Cage.
Ah. But if someone told me that laptop they'd sold me didn't radiate,
could I trust them? There happens to be a certified EMC test facility
the other side of the corridor from my desk, so I could check, but many
people aren't so fortunate.
Quite so :-) But if you were paranoid enough to want one of the things,
wealthy enough - and privileged enough - to be able to get one and yet
stupid enough not to put it through a good EMC test facility - then you'd
deserve everything that might be coming to you :-)

Owen
David Hansen
2004-10-04 13:43:49 UTC
Permalink
Post by Ian G Batten
Or
I would cut two holes in the mesh bag and then attach (mechanically and
electrically) a pair of conductive gloves.
Something like a glove box, only not for containing the usual things
such boxes contain.

Typing might be difficult through the gloves:-) You would also need
some way of seeing the screen.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
David Hansen
2004-10-04 13:21:05 UTC
Permalink
Post by Ian G Batten
`Spycatcher' is full of nutcase paranoia and nutcase self-agrandisment,
I have never read it.
Post by Ian G Batten
but has some interesting stuff about cipher machines which radiated
cleartext baudot code down their power lead
Hopefully these were not under the control of the UK government.
Post by Ian G Batten
I must say, were I a bad person doing bad things I'd do them on a laptop
which I placed into a mesh bag while I used it...
As time passes a number of people with experience of this field feel
more able to pass on some of their knowledge, for a suitable fee.

While looking for something to illustrate this comment I came across
the following, which does not make the point that I wanted to make, but
does reveal some of the work that has been done outwith the view of the
public. http://www.compliance-club.com/archive/old_archive/030326.htm
is about moving test sites. Like many such things the skill is in
determining what has not been said in the article.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Roland Perry
2004-09-13 11:57:40 UTC
Permalink
Post by Brian Beesley
The public MUST be able to evaluate the security mechanisms, otherwise there
will be neither trust nor security.
Out of interest, how do you ensure that the bad guys don't get all sorts
of ideas about how to circumvent the security mechanisms? Or are you
replying on them having an intrinsic security, like Crypto, rather than
a surprise factor like "we'll double-xray every bag over 40 lbs" [and so
the terrorists make sure all their bags are below 39 lbs].
--
Roland Perry
Peter Tomlinson
2004-09-14 05:36:56 UTC
Permalink
Yes, its the intrinsic security methods that need peer review. If those
can be broken, the whole scheme may fail. Being able to circumvent
surprise factors will probably allow only small scale penetration.

Here we get straight into the fundamentals:

- are we trying to prevent a singularity (another twin towers)?

- or are we trying to provide assured ID in order to make life more
convenient for the sheep and make it easier for governments to weed out
the goats?

Peter
Post by Roland Perry
Post by Brian Beesley
The public MUST be able to evaluate the security mechanisms, otherwise there
will be neither trust nor security.
Out of interest, how do you ensure that the bad guys don't get all sorts
of ideas about how to circumvent the security mechanisms? Or are you
replying on them having an intrinsic security, like Crypto, rather than
a surprise factor like "we'll double-xray every bag over 40 lbs" [and so
the terrorists make sure all their bags are below 39 lbs].
Roland Perry
2004-09-14 13:11:31 UTC
Permalink
Post by Peter Tomlinson
- are we trying to prevent a singularity (another twin towers)?
- or are we trying to provide assured ID in order to make life more
convenient for the sheep and make it easier for governments to weed out
the goats?
I think it's both. And hence many of the difficulties. TPTB seem to
think that by spotting a few goats they can prevent the singularities.

ps. Anyone noticed how good these "fathers 4 justice" people are at
getting into things? Purple flour, then London Eye at the weekend
(Spiderman), now the Palace (Batman). And quite a few others before. If
they can't nab these people (and God forbid they try to address some of
the very real issues they are protesting about) what hope is there for
stopping folk dressed as OBL getting into Windsor Castle (oops).
--
Roland Perry
David Hansen
2004-09-10 10:32:48 UTC
Permalink
Post by Owen Lewis
One way in
which successful fraudulent manufacture can be curtailed is by adding
information at the national data base of unique information to that of
the biometric(s) and other personal information. If (ob crypto) by the
use of cryptographic techniques, this additional information cannot be
recovered from an ID card other but its correct tie to the card can be
confirmed only by checking the card-borne information with the detail on
the database. This might be done by something like the secure hash that
we discussed here a while back.
I see a problem.

The people we are talking about are government officials and their smug
big business consultants. We know that their concept of security is
rather different to ours, a prime example being that these thick
people, a phrase I use deliberately, entertained the concept of
shuttling unencrypted medical records around for more than one second.
Had they any concept of privacy than such an idea would have been
instantly thrown out, but I doubt if those involved were even aware of
the issues.

Let me add that this is not the worst example I know of. I have come
across things more sensitive than medical records being sent by
unencrypted e-mail across open networks by people who were unaware of
the issues until I, a small business consultant, asked them some
questions in the course of giving them some advice on e-mail problems.
I am not even going to indicate the sector that this was in.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Owen Lewis
2004-09-10 13:38:39 UTC
Permalink
-----Original Message-----
Sent: 10 September 2004 11:33
Subject: RE: USA ID card for federal employees and contractors
Post by Owen Lewis
One way in
which successful fraudulent manufacture can be curtailed is by adding
information at the national data base of unique information to that of
the biometric(s) and other personal information. If (ob crypto) by the
use of cryptographic techniques, this additional information cannot be
recovered from an ID card other but its correct tie to the card can be
confirmed only by checking the card-borne information with the detail on
the database. This might be done by something like the secure hash that
we discussed here a while back.
I see a problem.
The people we are talking about are government officials and their smug
big business consultants. We know that their concept of security is
rather different to ours, a prime example being that these thick
people, a phrase I use deliberately, entertained the concept of
shuttling unencrypted medical records around for more than one second.
Had they any concept of privacy than such an idea would have been
instantly thrown out, but I doubt if those involved were even aware of
the issues.
You seem to think that this issue is a clear cut one and I need to be
careful what I say. If you were to find that all confidential information on
whatever subject or for whatever purpose was treated similarly, would you
suppose that govt should make an extraordinary exception for medical
records? I think we live in a time of great change and of changing
expectations. One such change is the present ubiquity and negligible cost of
enciphering information in electronic transmission and storage to quite
passable standards of security.

If govt is dragged into this new world only some ten years after it was
enthusiastically embraced by others, would you still be so caustic? It was
once said to me and, over many years, I have found it to be a wise thought,
that we are best served if govt and the law follow about ten years behind
the first appearance of a need for change.
Let me add that this is not the worst example I know of. I have come
across things more sensitive than medical records being sent by
unencrypted e-mail across open networks by people who were unaware of
the issues until I, a small business consultant, asked them some
questions in the course of giving them some advice on e-mail problems.
I am not even going to indicate the sector that this was in.
Hush, hush, whisper who dares.... let's not hear the shuffle of the size
13's outside our doors - or of squirrels gnawing secretly at our wiring :-)

Owen
Roland Perry
2004-09-10 13:53:07 UTC
Permalink
Post by Owen Lewis
If you were to find that all confidential information on
whatever subject or for whatever purpose was treated similarly, would you
suppose that govt should make an extraordinary exception for medical
records?
I saw my medical records [1] yesterday. They were in a white A4 folder
marked "Confidential" in letters about an inch high. But none of the
papers inside the folder were cyphered in any way.

[1] OK, a subset of them, but an important and current subset.
--
Roland Perry
David Hansen
2004-09-10 16:57:36 UTC
Permalink
Post by Owen Lewis
If you were to find that all confidential
information on whatever subject or for whatever purpose was treated
similarly, would you suppose that govt should make an extraordinary
exception for medical records?
Without further discussion on what you are being careful about it is
not possible for me to say.
Post by Owen Lewis
I think we live in a time of great change
I think the major changes in this field happened some time ago, but
there are still may more to come.
Post by Owen Lewis
and of changing expectations.
I'm not sure expectations are changing. What is changing is the general
public's knowledge of how shabbily they have been treated in the past.
Post by Owen Lewis
One such change is the present ubiquity
and negligible cost of enciphering information in electronic
transmission and storage to quite passable standards of security.
I think that ubiquity is at least a decade old. It would have been
older had officials not deliberately prevented it from happening.
Post by Owen Lewis
If govt is dragged into this new world only some ten years after it was
enthusiastically embraced by others, would you still be so caustic? It
was once said to me and, over many years, I have found it to be a wise
thought, that we are best served if govt and the law follow about ten
years behind the first appearance of a need for change.
Such an approach has some merits in many areas. For example the rush by
the Home Office to prove how big their willy is by the number of laws
they can push through the rogues gallery is rather pathetic. It would
be far better if the number of such episodes were reduced and that
reduced number were properly thought out before rushing in. RIP and the
so-called anti-terrorist laws are good examples. Things were not always
done in the current fashion.

However, the question is when the first appearance of a need for change
occurred and whether that appearance was natural or interfered with by
vested interests. I started thinking about the subject in an organised
way in the late 1970s, but government was thinking about it long before
that.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Owen Lewis
2004-09-10 18:22:10 UTC
Permalink
-----Original Message-----
Sent: 10 September 2004 17:58
Subject: RE: USA ID card for federal employees and contractors
Post by Owen Lewis
If you were to find that all confidential
information on whatever subject or for whatever purpose was treated
similarly, would you suppose that govt should make an extraordinary
exception for medical records?
Without further discussion on what you are being careful about it is
not possible for me to say.
That's all he wrote and he is now out to lunch. No, I don't know when he'll
be back - but if you would like to leave word and a telephone number I'm
sure he'll want to get right back to you on his return.
Post by Owen Lewis
I think we live in a time of great change
I think the major changes in this field happened some time ago, but
there are still may more to come.
Depends on what we're talking about. Our age is the age of electronic
communication, It began before us and will continue to develop after us. But
we have the thrill and the privilege of living through the steep part of the
progressional curve.
Post by Owen Lewis
and of changing expectations.
I'm not sure expectations are changing. What is changing is the general
public's knowledge of how shabbily they have been treated in the past.
Would you not say that that was a change in expectations? (i.e. that they
should be treated differently in the future to the way they were treated in
the past) You put this in a very perjorative way. It feels like reviewing
past actions with the eyes of today. IMO one can only fairly assess the
actions of the past by seeing through the eyes of the past. The perspective
lent is very different.
Post by Owen Lewis
One such change is the present ubiquity
and negligible cost of enciphering information in electronic
transmission and storage to quite passable standards of security.
I think that ubiquity is at least a decade old.
Not from where I stand. I'm still having difficulty in persuading many of my
customers to the development of a proper integrated information security
policy, within which cipher systems play a key role. At a guess, more
businesses than not are have still to optimise their use of crypto.
Sometimes it is the key management issues that put then off but in most
cases it is simply seen as another concern and expense that 'we don't need
because the heuristic evidence of loss is only anecdotal'. It may be
different for you but I find there's still a long way to go.
It would have been older had officials not deliberately prevented it from
happening.

Not by much. The revolution rode in on the back of desktop computing and the
x086 and other chips of that generation. It was always unstoppable and was
scarcely delayed at all by the early huffings and puffings attributed to NSA
and GCHQ. Whatever the public pronouncements may have been, it may well be
that those that mattered in those agencies knew pretty exactly, back into
the late '80's what would happen - would have to happen back.
Post by Owen Lewis
If govt is dragged into this new world only some ten years after it was
enthusiastically embraced by others, would you still be so caustic? It
was once said to me and, over many years, I have found it to be a wise
thought, that we are best served if govt and the law follow about ten
years behind the first appearance of a need for change.
Such an approach has some merits in many areas. For example the rush by
the Home Office to prove how big their willy is by the number of laws
they can push through the rogues gallery is rather pathetic. It would
be far better if the number of such episodes were reduced and that
reduced number were properly thought out before rushing in. RIP and the
so-called anti-terrorist laws are good examples. Things were not always
done in the current fashion.
Quite so.
However, the question is when the first appearance of a need for change
occurred and whether that appearance was natural or interfered with by
vested interests. I started thinking about the subject in an organised
way in the late 1970s, but government was thinking about it long before
that.
Thinking about what? About the confidential handling of personal
information? I think one needs to pull the matter apart a little before
seeing what we can knit. As recently at the late eighties, RSA crypto was
still a govt controlled US export available commercially only to financial
institutions and just a very few others in selected countries (mainly the
core NATO club). ISTR that in 1988 the standard exported version was limited
to a 256 bit key. It was PGP - if mainly because of all the free publicity
for crypto issues that the Uncle Sam/PRZ panto created - that popped the lid
right off the box in the period 92-94 but it was the back end of the 90's
before commercial take up of crypto was substantial. And before the early
'90's those sizable businesses using computers at all themselves (remember
bureau services?) were using mainframes or midi systems. And 1200 bps was
still thought of as a good speed for long distance data communication. It is
from there that we have all built in the last ten years.

Owen
David Hansen
2004-09-12 17:12:20 UTC
Permalink
Post by Owen Lewis
Not from where I stand. I'm still having difficulty in persuading many
of my customers to the development of a proper integrated information
security policy, within which cipher systems play a key role. At a
guess, more businesses than not are have still to optimise their use of
crypto. Sometimes it is the key management issues that put then off but
in most cases it is simply seen as another concern and expense that 'we
don't need because the heuristic evidence of loss is only anecdotal'. It
may be different for you but I find there's still a long way to go.
I think we need to separate things into segments. I agree there is a
long way to go in places, but whether that is natural or a matter of
incompetence is a matter of debate.

Starting with the small business sector, cost is the prime concern for
many. I am currently sitting in my office at home looking at a blue box
that has an ADSL modem, firewall, radio network access point & router
inside and will run 16 VPN tunnels. The VPN light is currently on,
because I spent some time yesterday getting it to communicate over a
tunnel with the office (a computer problem rather than a problem with
the router:-) The box cost £130 and it's cousin in the office £109 as
it has no radio. It is only recently that such things became affordable
to small businesses (along with reasonably high speed communications)
and they will drive much better use of computers. However, I have
produced on-line shops for small businesses since the late 1990s, which
have used https and PGP/GPG, so the technology has had partial
penetration for some time.

I do agree that managing keys is a deterrent. With 20 teleworker and 16
VPN profiles, fully using the blue box and changing keys regularly is
just about possible. There are solutions to remove the hassle, but the
cost of some of these is probably geared to big business and there is
the "being sold out by the administrator" problem. I'm pleased to see
that one can be one's own Certificate Authority and so bypass this,
though this introduces other problems in a larger network. The tension
between centralisation and localisation seems to occur everywhere.

Big business is a different matter. They have been able to afford
rather more expensive versions of the blue box for perhaps 15 years.
They also have large IT departments that should be on-top of
developments rather more rapidly than smaller businesses. Ditto for
government, except that they first dealt with the issues many decades
ago.
Post by Owen Lewis
And before the early '90's those sizable businesses using
computers at all themselves (remember bureau services?)
Very much.
Post by Owen Lewis
were using mainframes or midi systems.
Many of which were equipped with primitive forms of crypto in the form
of essentially Enigma, but which was usually not turned on and was not
that suitable for the bit to the terminal.
Post by Owen Lewis
And 1200 bps was still thought of as a good
speed for long distance data communication.
We had a 2400 bps modem in the late 1980s, on loan from the
manufacturer to test it. However, we only had one pair of them and it
was a rush to get the terminal with that modem. It had no error
correction, which made displays interesting at times. Obviously we made
them dial by issuing commands at the terminal, which we programmed into
function keys.
Post by Owen Lewis
It is from there that we have all built in the last ten years.
I think the question is whether what we now see was the only
possibility, starting from say the 1970s when interested members of the
public became aware of the issues via the Enigma revelations
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Owen Lewis
2004-09-12 21:16:25 UTC
Permalink
-----Original Message-----
Sent: 12 September 2004 18:12
Subject: RE: USA ID card for federal employees and contractors
Post by Owen Lewis
Not from where I stand. I'm still having difficulty in persuading many
of my customers to the development of a proper integrated information
security policy, within which cipher systems play a key role. At a
guess, more businesses than not are have still to optimise their use of
crypto. Sometimes it is the key management issues that put then off but
in most cases it is simply seen as another concern and expense that 'we
don't need because the heuristic evidence of loss is only anecdotal'. It
may be different for you but I find there's still a long way to go.
I think we need to separate things into segments. I agree there is a
long way to go in places, but whether that is natural or a matter of
incompetence is a matter of debate.
It might be quite a short debate ;-)
Starting with the small business sector, cost is the prime concern for
many. I am currently sitting in my office at home looking at a blue box
that has an ADSL modem, firewall, radio network access point & router
inside and will run 16 VPN tunnels. The VPN light is currently on,
because I spent some time yesterday getting it to communicate over a
tunnel with the office (a computer problem rather than a problem with
the router:-) The box cost £130 and it's cousin in the office £109 as
it has no radio. It is only recently that such things became affordable
to small businesses (along with reasonably high speed communications)
and they will drive much better use of computers. However, I have
produced on-line shops for small businesses since the late 1990s, which
have used https and PGP/GPG, so the technology has had partial
penetration for some time.
I do agree that managing keys is a deterrent. With 20 teleworker and 16
VPN profiles, fully using the blue box and changing keys regularly is
just about possible. There are solutions to remove the hassle, but the
cost of some of these is probably geared to big business and there is
the "being sold out by the administrator" problem. I'm pleased to see
that one can be one's own Certificate Authority and so bypass this,
though this introduces other problems in a larger network. The tension
between centralisation and localisation seems to occur everywhere.
Big business is a different matter. They have been able to afford
rather more expensive versions of the blue box for perhaps 15 years.
They also have large IT departments that should be on-top of
developments rather more rapidly than smaller businesses. Ditto for
government, except that they first dealt with the issues many decades
ago.
One might think so but Small business, particularly in hi-tech oriented
sectors generally seem to move well ahead of most big business. The
introduction of desktop PC's being a case in point, I think.
Post by Owen Lewis
And before the early '90's those sizable businesses using
computers at all themselves (remember bureau services?)
Very much.
Post by Owen Lewis
were using mainframes or midi systems.
Many of which were equipped with primitive forms of crypto in the form
of essentially Enigma, but which was usually not turned on and was not
that suitable for the bit to the terminal.
Post by Owen Lewis
And 1200 bps was still thought of as a good
speed for long distance data communication.
We had a 2400 bps modem in the late 1980s, on loan from the
manufacturer to test it. However, we only had one pair of them and it
was a rush to get the terminal with that modem. It had no error
correction, which made displays interesting at times. Obviously we made
them dial by issuing commands at the terminal, which we programmed into
function keys.
Post by Owen Lewis
It is from there that we have all built in the last ten years.
I think the question is whether what we now see was the only
possibility, starting from say the 1970s when interested members of the
public became aware of the issues via the Enigma revelations
Well, ISTR that ENIGMA started life as a commercial system in the late 20's?

The main difficulties were, I think:

- After WWII commercial uptake of crypto was limited primarily by cost (all
special purpose hardware. This combined with the key management costs in
large organisations was a killer. Plus the fact that industrial espionage
was still virtually unheard of in the UK. One of the first companies
specialising in it was set up in London about 1962 by its US parent. About
two (very clever) young men and an office dog. They made a *lot* of money.
Took a bag of money to Switzerland and tried to repeat the success - and
lost their shirts :-)

- Govt export controls. AFAIK there were never import controls in this
country as there were in some others (e.g. France). There was very little
indigenous UK commercial crypto product.

- The lack of commercially available certifiably good ciphers for the
emergent computer systems. AFAIK the first attempt to produce such a product
for the commercial market (subject to export controls) was IBM's LUCIFER in
the '70's. When this proved fatally flawed, NSA got into bed with IBM to
help produce its successor, DES, which became the first 'runaway' commercial
crypto product in 1977, very shortly followed by RSA. These ushered in the
age of cheap reliable crypto, only just trailing the wave of computerisation
of businesses. that really began in UK and in earnest in the 80's and
gathered pace in the '90s.

It's no state secret to say that (outside of the Pay Service that had been
partially main-framed a very few years earlier), there were no computers in
the Army for administrative purposes until 1979. In that year some 'I treat
it as though its my own money' person released the funds for the purchase of
a single Apple II, which was given to HQ Eastern District to see what uses
it could find for it and report back (crude cost/benefit analysis if you
like). I remember their report well which, in summary, was that 'the concept
was grand and, if better systems could be developed, there should be
widespread adoption of such things. However, as it stood, the Apple II was a
dog and far too many expensive man-hours were spent waiting for it do even
such simple things as to put on screen the qualifications presently held by
Corporal X; one could look it up in a manual card index system in a fraction
of the time'. Widespread adoption for administrative use did not follow the
second half of the '80's with some of the very first being word processors
only. Commerce in the UK was not much ahead of this I think. I bought my
first, a 10Mhz 286AT clone with 640kb of RAM and a 40Mb hard drive, prior to
setting up in business in '88. At that time I reckoned that
'computerisation' saved me the cost of at least one and possibly two
salaries. It also enabled me to do things that, without a computer, could
only be done by large businesses with departments full of expensive talent.

Owen
Roland Perry
2004-09-13 11:54:50 UTC
Permalink
Post by Owen Lewis
It's no state secret to say that (outside of the Pay Service that had been
partially main-framed a very few years earlier), there were no computers in
the Army for administrative purposes until 1979.
I remember showing some of the multiuser CP/M systems I was working on
at the time to the folks from Army stores in Bicester. They wanted them
for stock control, in the field, which was a bit scary at the time.
79-80 timeframe.
--
Roland Perry
Owen Lewis
2004-09-13 13:59:41 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 12:55
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
It's no state secret to say that (outside of the Pay
Service that had been
Post by Owen Lewis
partially main-framed a very few years earlier), there were no
computers in
Post by Owen Lewis
the Army for administrative purposes until 1979.
I remember showing some of the multiuser CP/M systems I was working on
at the time to the folks from Army stores in Bicester. They wanted them
for stock control, in the field, which was a bit scary at the time.
79-80 timeframe.
--
There were (some) computers for operational research, and some operational,
communications and logistical tasks well before the end of the 70's. They
tried to teach me computer programming on a Fire Control computer (used for
adjusting artillery fire) in 1971 (used Elliott Autocode and used punched
tape with five binary state Murray code as a storage medium). The roots of
course stem from the work at Bletchley in WWII which was, I think, the Armed
Forces first involvement with electronic computing, though there may have
been some interest the analogue computing developed at Manchester before the
war.

Owen
David Hansen
2004-09-13 15:43:24 UTC
Permalink
The roots of course stem from the work at Bletchley in
WWII which was, I think, the Armed Forces first involvement with
electronic computing, though there may have been some interest the
analogue computing developed at Manchester before the war.
Their interest in analogue computing dates back around 100 years. Fire
control for warships (initially just the large ones) was based on
mechanical analogue computers (called fire control tables). These are
most interesting devices to look at, were very expensive to build and
the methods of doing things like differentiation fascinating.

Analogue computing using electrical components would be a step forward.
Indeed in the 1920s they introduced a very simple analogue transmission
system to take information from the fire control table to guns. This
had the benefit of varying the speed of the gun depending on how far
away it was from where it should be aimed, obviously within limits.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-13 16:41:35 UTC
Permalink
Fire control for warships (initially just the large ones) was based on
mechanical analogue computers (called fire control tables). These are
most interesting devices to look at, were very expensive to build and
the methods of doing things like differentiation fascinating.
I've been on a tour that includes the computer room of a (preserved) US
Navy Aircraft Carrier. It was built at the start of WW2, but not sure
when the current set of computers were installed. The VDUs are the same
as the ones I was using in 1979.
--
Roland Perry
Owen Lewis
2004-09-13 17:00:48 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 17:42
Subject: Re: USA ID card for federal employees and contractors
Fire control for warships (initially just the large ones) was based on
mechanical analogue computers (called fire control tables). These are
most interesting devices to look at, were very expensive to build and
the methods of doing things like differentiation fascinating.
I've been on a tour that includes the computer room of a (preserved) US
Navy Aircraft Carrier. It was built at the start of WW2, but not sure
when the current set of computers were installed. The VDUs are the same
as the ones I was using in 1979.
Then you can bet your backside that they wer not installed in 1942 :-)

Owen
Roland Perry
2004-09-13 17:39:53 UTC
Permalink
Post by Owen Lewis
The VDUs are the same as the ones I was using in 1979.
Then you can bet your backside that they wer not installed in 1942 :-)
That's for sure, but it suggests deployment of computers before 1979.

In fact, my memory has been jogged, and the computer room was initially
fitted out with IBM/Hollerith punch-card equipment. But used only for
things like payroll, and not for weapon guidance.
--
Roland Perry
Owen Lewis
2004-09-13 18:15:25 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 18:40
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
The VDUs are the same as the ones I was using in 1979.
Then you can bet your backside that they wer not installed in 1942 :-)
That's for sure, but it suggests deployment of computers before 1979.
Please read the fine print (if I manage to garble it little less than
usual). The discussion was of the introduction of computers into the British
army for administrative purposes. Other posts from several have been a
stroll down memory lane describing the introduction of mechanical
computation for limited military/naval operational purposes back to the turn
of 20th cent.
In fact, my memory has been jogged, and the computer room was initially
fitted out with IBM/Hollerith punch-card equipment. But used only for
things like payroll, and not for weapon guidance.
:-) ah those Yanks.

Owen
Roland Perry
2004-09-13 18:20:06 UTC
Permalink
Post by Owen Lewis
The discussion was of the introduction of computers into the British
army for administrative purposes.
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
--
Roland Perry
Brian Gladman
2004-09-13 19:01:07 UTC
Permalink
Post by Roland Perry
Post by Owen Lewis
The discussion was of the introduction of computers into the British
army for administrative purposes.
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
No. I was working on commisioning trials of Ferranti Poseidon computers
for air space management on the aircraft carriers HMS Eagle and HMS Ark
Royal in, I think, 1972 or even earlier (I will have to dig some old
diaries out to be certain of the dates).

Brian Gladman
Roland Perry
2004-09-13 19:54:34 UTC
Permalink
Post by Brian Gladman
Post by Roland Perry
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
No. I was working on commisioning trials of Ferranti Poseidon
computers for air space management on the aircraft carriers HMS Eagle
and HMS Ark Royal in, I think, 1972 or even earlier (I will have to dig
some old diaries out to be certain of the dates).
Not sure I follow. Are you dis-allowing punch-card operated computers,
or have you forgotten that "my" carrier's were installed during WW2?

Of course, such machines must have been used in the US military for
admin between the wars as well.
--
Roland Perry
Owen Lewis
2004-09-13 20:38:44 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 20:01
Subject: Re: USA ID card for federal employees and contractors
Post by Roland Perry
Post by Owen Lewis
The discussion was of the introduction of computers into the British
army for administrative purposes.
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
No. I was working on commissioning trials of Ferranti Poseidon computers
for air space management on the aircraft carriers HMS Eagle and HMS Ark
Royal in, I think, 1972 or even earlier (I will have to dig some old
diaries out to be certain of the dates).
Brian,

'Ow queek zey forget nie?

The TB2 system was fielded about 1965 (I joined 36 Hy AD Regt as a part of
its integrated Scalyback squadron in '66 just as it was equipped with its
second missile battery and soon after we'd retired TB1 in '65. Three
computers per missile battery, each using a ferrite ring memory store, the
rings being held in a matrix of crossing conductors. One talked to them
nicely and stroked their cores gently. I've still got some old photos of
that. Weapons system engineer was a lovely but haunted man called Tom Cadman
who resigned his commission in '67 to take BAE's silver dollar and go to
Libya as the weapons system engineer for TB1 when they sold that refurbished
system to King Idris (contract cancelled after Gadaffi's coup and Tom
disappeared down the plug-hole with it as development of a TB3 was
cancelled).

TB1 must have been commissioned about '59 or even earlier, along with the
MkI Ferranti Bloodhound system which had a generally similar level of
technology. I'm pretty certain, as you should be, that that there were other
operational computerised systems in the field too in the mid 60's..

Owen
Brian Gladman
2004-09-13 21:41:24 UTC
Permalink
Post by Owen Lewis
-----Original Message-----
Sent: 13 September 2004 20:01
Subject: Re: USA ID card for federal employees and contractors
Post by Roland Perry
Post by Owen Lewis
The discussion was of the introduction of computers into the British
army for administrative purposes.
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
No. I was working on commissioning trials of Ferranti Poseidon computers
for air space management on the aircraft carriers HMS Eagle and HMS Ark
Royal in, I think, 1972 or even earlier (I will have to dig some old
diaries out to be certain of the dates).
Brian,
'Ow queek zey forget nie?
The TB2 system was fielded about 1965 (I joined 36 Hy AD Regt as a part of
its integrated Scalyback squadron in '66 just as it was equipped with its
second missile battery and soon after we'd retired TB1 in '65. Three
computers per missile battery, each using a ferrite ring memory store, the
rings being held in a matrix of crossing conductors. One talked to them
nicely and stroked their cores gently. I've still got some old photos of
that. Weapons system engineer was a lovely but haunted man called Tom Cadman
who resigned his commission in '67 to take BAE's silver dollar and go to
Libya as the weapons system engineer for TB1 when they sold that refurbished
system to King Idris (contract cancelled after Gadaffi's coup and Tom
disappeared down the plug-hole with it as development of a TB3 was
cancelled).
TB1 must have been commissioned about '59 or even earlier, along with the
MkI Ferranti Bloodhound system which had a generally similar level of
technology. I'm pretty certain, as you should be, that that there were other
operational computerised systems in the field too in the mid 60's..
I never worked on BloodHound but I did work on Sea Slug, the early Navy
Missile system. But I was on Radar from 1961 to 1971 so the computer
side was not my priority then. The first step I was personally involved
in was the move of computers into Command and Control tasks such as air
space management (RRE was doing Linesman and we were doing the Navy
carriers).

This was mid 60s to early 70s (I was in on the tail end of it). I
thought Roland's date was 1979, which is why I mentioned my early 70s stuff.

Brian Gladman
Clive D. W. Feather
2004-09-14 08:11:26 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Post by Owen Lewis
Three
computers per missile battery, each using a ferrite ring memory store, the
rings being held in a matrix of crossing conductors.
More complex than that. Selection wires formed a square grid, the
inhibit wire is woven up and down the columns, and the sense wire is
woven in a separate diagonal grid [*].
Post by Owen Lewis
One talked to them
nicely and stroked their cores gently. I've still got some old photos of
that.
I still own some of the core planes from the Elliott that I learned to
programme on.

[*] For those wondering what these are all about, the cores are rings
that have a preferred and non-preferred direction of magnetisation. The
core is diagonal on to the selection wires, and sending a current of
just the right amount down both the wires through a given core will push
it into the non-preferred direction, where it will then stay.

Sending the same current in the opposite direction down those wires will
flip it back to the preferred direction, inducing a pulse in the sense
wire (which is perpendicular to the plane of the ring).

When writing a 0 to the core, the usual practice was *not* to not write,
leaving the core unaltered, but rather to send a current down the
inhibit wire that was exactly opposite to that in the parallel select
wire. As a result, there isn't enough current to drive the state change.
I presume the reason it was done this way was that it let the select
logic be separate from the logic to decide what value to write to a
given core.

- --
Clive D.W. Feather | Home: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Tel: +44 20 8495 6138 (work) | Web: <http://www.davros.org>
Fax: +44 870 051 9937 | Work: <clive-***@public.gmane.org>
Please reply to the Reply-To address, which is: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Ian G Batten
2004-09-14 08:59:44 UTC
Permalink
Post by Clive D. W. Feather
I still own some of the core planes from the Elliott that I learned to
programme on.
Presumably one programmes a machine with core memory, but programs a
machine with semi-conductor...

ian
Roland Perry
2004-09-14 13:05:37 UTC
Permalink
Post by Ian G Batten
Presumably one programmes a machine with core memory, but programs a
machine with semi-conductor...
I think the changeover depends on who you bought the things from. I
recall great difficulties in persuading Amstrad to call floppy discs,
floppy disks; and a year or two later persuading them that "Color
Graphics Adapter" was what was printed on IBM's hardware, and was
probably more appropriate than Colour Graphics Adapter. Managed to get
the WPC "evenin' all, in a female voice" changed to PCW, though :-)
--
Roland Perry
Ian G Batten
2004-09-14 13:33:31 UTC
Permalink
Post by Roland Perry
Post by Ian G Batten
Presumably one programmes a machine with core memory, but programs a
machine with semi-conductor...
I think the changeover depends on who you bought the things from. I
recall great difficulties in persuading Amstrad to call floppy discs,
floppy disks; and a year or two later persuading them that "Color
More than a few people who were at Birmingham University in the
early/mid eighties got their first taste of the vehemence of arguments
amongst lexicographers from a bulletin board thread that was entitled
``Desert Island Disks'', which veered rapidly into abstruse linguistic
issues between (from memory) the Haliday-ites and, er, the
someone-else-ites.
Post by Roland Perry
Graphics Adapter" was what was printed on IBM's hardware, and was
probably more appropriate than Colour Graphics Adapter. Managed to get
the WPC "evenin' all, in a female voice" changed to PCW, though :-)
ian
Clive D. W. Feather
2004-09-15 07:11:37 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Post by Ian G Batten
Post by Clive D. W. Feather
I still own some of the core planes from the Elliott that I learned to
programme on.
Presumably one programmes a machine with core memory, but programs a
machine with semi-conductor...
No; it depends rather on how old the manual is and where it comes from.

The Elliott manuals were very clear on the spelling.

- --
Clive D.W. Feather | Home: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Tel: +44 20 8495 6138 (work) | Web: <http://www.davros.org>
Fax: +44 870 051 9937 | Work: <clive-***@public.gmane.org>
Please reply to the Reply-To address, which is: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Peter Tomlinson
2004-09-15 07:32:53 UTC
Permalink
I think the spelling 'program' came from America (I was in the computer
industry when this happened).

Peter
Post by Clive D. W. Feather
-----BEGIN PGP SIGNED MESSAGE-----
Post by Ian G Batten
Post by Clive D. W. Feather
I still own some of the core planes from the Elliott that I learned to
programme on.
Presumably one programmes a machine with core memory, but programs a
machine with semi-conductor...
No; it depends rather on how old the manual is and where it comes from.
Owen Lewis
2004-09-14 11:12:26 UTC
Permalink
-----Original Message-----
Feather
Sent: 14 September 2004 09:11
Subject: Re: USA ID card for federal employees and contractors
-----BEGIN PGP SIGNED MESSAGE-----
Post by Owen Lewis
Three
computers per missile battery, each using a ferrite ring memory
store, the
Post by Owen Lewis
rings being held in a matrix of crossing conductors.
More complex than that. Selection wires formed a square grid, the
inhibit wire is woven up and down the columns, and the sense wire is
woven in a separate diagonal grid [*].
Post by Owen Lewis
One talked to them
nicely and stroked their cores gently. I've still got some old photos of
that.
I still own some of the core planes from the Elliott that I learned to
programme on.
Well done you. There are so many things over the years which now I wish I'd
kept.
[*] For those wondering what these are all about, the cores are rings
that have a preferred and non-preferred direction of magnetisation. The
core is diagonal on to the selection wires, and sending a current of
just the right amount down both the wires through a given core will push
it into the non-preferred direction, where it will then stay.
Sending the same current in the opposite direction down those wires will
flip it back to the preferred direction, inducing a pulse in the sense
wire (which is perpendicular to the plane of the ring).
When writing a 0 to the core, the usual practice was *not* to not write,
leaving the core unaltered, but rather to send a current down the
inhibit wire that was exactly opposite to that in the parallel select
wire. As a result, there isn't enough current to drive the state change.
I presume the reason it was done this way was that it let the select
logic be separate from the logic to decide what value to write to a
given core.
Then one use to bundle them about on trucks, hide them in the German forest
and connect them up with kilometres of cable whilst the rain pelted and the
lighting flashed all around. Amazing thing was that they use to work
sometimes.

I remember one six week exercise in which the regiment 'fought' its way from
near the Inner German Border to the Ty Croes range in Anglesey, deploying
tactically maybe five times, the last being in appalling weather, before
arriving at Ty Croes to spend the final two weeks live firing the missiles.
From arrival at Ty Croes, it took the weapons system engineer(who was the
only man in about 500 who absolutely knew every last wrinkle on the system)
a week to bring the fire control systems into a condition where they were
reliable to use. We user to have to hide him, physically, from the CO, so he
could at least get six hours kip in every 48.

Even then we had one missile go rogue, throw a U-ey and come straight back
at the Firing Control Post. An interesting few seconds whilst the junior
Lieutenant in charge decided he had lost control of it and had better hit
the Destruct button before the thing wiped us out. We came out of the bunker
to find bits of the missile all around it.

The RAF had a better experience with Bloodhound, housing the control systems
in buildings on static sites. However, the Thunderbird series, like their TV
namesakes, were a triumph of imagination over the realities of the
technology of the day.

Owen
Owen Lewis
2004-09-13 19:58:14 UTC
Permalink
-----Original Message-----
Sent: 13 September 2004 19:20
Subject: Re: USA ID card for federal employees and contractors
Post by Owen Lewis
The discussion was of the introduction of computers into the British
army for administrative purposes.
Yes, so it was. So my aircraft-carrier punch-card systems win, then??
If you like. I feel like humouring you :-)

Owen
David Hansen
2004-09-14 17:45:42 UTC
Permalink
Post by Roland Perry
In fact, my memory has been jogged, and the computer room was initially
fitted out with IBM/Hollerith punch-card equipment. But used only for
things like payroll, and not for weapon guidance.
Almost back to cryptography:-) Such machines were made in the UK (I
imagine under licence from IBM) by the British Tabulating Machine
company, better known for building the Bombes. I gather Bletchley Park
(perhaps outstations rather than the Park itself) used such machines in
some quantity for various tasks, though on nothing like the scale they
were used in the USA.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
David Hansen
2004-09-14 18:25:36 UTC
Permalink
Post by Roland Perry
That's for sure, but it suggests deployment of computers before 1979.
Others have added more information than I could regarding early digital
systems.

There must have been electrical analogue computing on the STAAG
(http://navalhistory.flixco.info/G/148562/8330/a0.htm) which first
entered service in 1945. This incredibly complex gun mounting included
automatic target acquisition and automatic commencement of firing, when
it worked, and even had a standby diesel generator on the mounting. It
demonstrates that even in wartime over-complex systems can be bought
and this is not something new.

Indeed I suppose there was more limited electrical analogue computing
on its predecessor, which "only" had automatic target tracking
(http://navalhistory.flixco.info/G/0/1/search.htm?hazemeyer). Both were
way ahead of their time in concept, but also too far ahead of what the
engineering of the time could do to put the concept into practice.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Owen Lewis
2004-09-14 18:54:28 UTC
Permalink
-----Original Message-----
Sent: 14 September 2004 19:26
Subject: Re: USA ID card for federal employees and contractors
Post by Roland Perry
That's for sure, but it suggests deployment of computers before 1979.
Others have added more information than I could regarding early digital
systems.
There must have been electrical analogue computing on the STAAG
(http://navalhistory.flixco.info/G/148562/8330/a0.htm) which first
entered service in 1945. This incredibly complex gun mounting included
automatic target acquisition and automatic commencement of firing, when
it worked, and even had a standby diesel generator on the mounting. It
demonstrates that even in wartime over-complex systems can be bought
and this is not something new.
Indeed I suppose there was more limited electrical analogue computing
on its predecessor, which "only" had automatic target tracking
(http://navalhistory.flixco.info/G/0/1/search.htm?hazemeyer). Both were
way ahead of their time in concept, but also too far ahead of what the
engineering of the time could do to put the concept into practice.
I think the Germans were the first to have automated radar control of AA
guns c.1943. We had some too before the end of the war too I think. However
we *never* achieved what the German did in producing a fully integrated area
air defence system. Unlike the US GE, FR and WP, we never put our heart into
AD except for interceptor aircraft. We tinkered with HIMAD (high/medium
level air defence missile systems) for a few years and then gave up,
continuing only with a very limited amount of low level (LAD) stuff in
gun/missile mixes. Of all, the Sovs took the business most seriously and, in
the '67 war, the Egyptian SAM6 batteries kept the Israeli air force out of
the sky for some days - until Uncle Sam slipped them some smart new
electronic toys. Just a little earlier than this, the Vietnamese SAM 2 and 6
batteries had mauled the great USAF which was not able to fly with fair
immunity against them until almost the end of the conflict. But, by the time
of the F-111 strike on Tripoli in '86, Gadaffi could as usefully have hurled
ballista-launched telegraph poles as his Sov-made missiles. And so it has
been ever since - as the Iraqis have (twice) discovered.

Owen
Tom Thomson
2004-09-22 19:44:11 UTC
Permalink
Post by David Hansen
Post by Owen Lewis
And before the early '90's those sizable businesses using
computers at all themselves (remember bureau services?)
Very much.
Post by Owen Lewis
were using mainframes or midi systems.
Many of which were equipped with primitive forms of crypto in
the form
of essentially Enigma, but which was usually not turned on and
was not
that suitable for the bit to the terminal.
Post by Owen Lewis
And 1200 bps was still thought of as a good
speed for long distance data communication.
We had a 2400 bps modem in the late 1980s, on loan from the
manufacturer to test it. However, we only had one pair of them
and it
was a rush to get the terminal with that modem. It had no error
correction, which made displays interesting at times. Obviously we made
them dial by issuing commands at the terminal, which we
programmed into
function keys.
I'm somewhat amazed at those speeds. 2400bps transfer over long
distances began to be used some time between 1972 and 1974 (I had
a 2400 bps modem from the Post Office to play with when I worked
in Dalkeith) and 1200bps was aound in the early 60s (connections
between NPL , SERL, and SERLE used that speed). By the early 90s
an ordinary cheap modem (for home office use, say) was 9600bps
and 14400 bps was coming in. leased lines at 48kbps (Europe) and
40.8kbps (US) were around well before 1990, and 64kbps, 128kbps,
and 144kbps were used by some (but not by all) in the 90s.

And as for service bureaux, I think they were a rather earlier
phenomenon than suggested (when was BARIC, for example) and the
90s outsourcing route was more often facilities management than
service bureax (not that one is any better than the other of
course).

M.
Ian G Batten
2004-09-23 11:49:23 UTC
Permalink
Post by Tom Thomson
between NPL , SERL, and SERLE used that speed). By the early 90s
an ordinary cheap modem (for home office use, say) was 9600bps
and 14400 bps was coming in.
For some value of `early'. I signed off a couple of Trailblazers in
about 1990, which did 9600 baud with some pretty major caveats (long
latency which was why they had the awesomely complex spoofing of kermit,
x modem, y modem, g protocol and such like), and certainly weren't
`ordinary cheap modem' money. They were at least a grand.

ian
Peter Tomlinson
2004-09-23 12:51:54 UTC
Permalink
Post by Ian G Batten
Post by Tom Thomson
between NPL , SERL, and SERLE used that speed). By the early 90s
an ordinary cheap modem (for home office use, say) was 9600bps and
14400 bps was coming in.
For some value of `early'. I signed off a couple of Trailblazers in
about 1990, which did 9600 baud with some pretty major caveats (long
latency which was why they had the awesomely complex spoofing of
kermit, x modem, y modem, g protocol and such like), and certainly
weren't `ordinary cheap modem' money. They were at least a grand.
South West Universities Computer Network (SWUCN) 48Kbps mid 1970s.
Network of 5 x ICL System 4 and a Modular One in the middle. S/4 Modems
was a 6 ft cabinet each. I once threatened the local ICL service
supervisor that I would take apart and fix the Cardiff installation if
he didn't. They fixed it quick after that.

Peter
Owen Lewis
2004-10-01 08:51:48 UTC
Permalink
-----Original Message-----
Sent: 22 September 2004 20:44
Subject: RE: USA ID card for federal employees and contractors
Post by David Hansen
Post by Owen Lewis
And before the early '90's those sizable businesses using
computers at all themselves (remember bureau services?)
Very much.
Post by Owen Lewis
were using mainframes or midi systems.
Many of which were equipped with primitive forms of crypto in
the form
of essentially Enigma, but which was usually not turned on and
was not
that suitable for the bit to the terminal.
Post by Owen Lewis
And 1200 bps was still thought of as a good
speed for long distance data communication.
We had a 2400 bps modem in the late 1980s, on loan from the
manufacturer to test it. However, we only had one pair of them
and it
was a rush to get the terminal with that modem. It had no error
correction, which made displays interesting at times. Obviously we made
them dial by issuing commands at the terminal, which we
programmed into
function keys.
I'm somewhat amazed at those speeds. 2400bps transfer over long
distances began to be used some time between 1972 and 1974 (I had
a 2400 bps modem from the Post Office to play with when I worked
in Dalkeith) and 1200bps was around in the early 60s (connections
between NPL , SERL, and SERLE used that speed). By the early 90s
an ordinary cheap modem (for home office use, say) was 9600bps
and 14400 bps was coming in. leased lines at 48kbps (Europe) and
40.8kbps (US) were around well before 1990, and 64kbps, 128kbps,
and 144kbps were used by some (but not by all) in the 90s.
I took my Royal Signals Qualification Course in 1966. At that time, standard
data transfer speeds were either 50 or 75 Baud. In later years many of the
75 Baud circuits were reset to 50 Baud to extend the life of the
electro-mechanical teletypewriters. These were either fed the line signal
directly or else punched paper tape was used to buffer traffic in store or
to relay traffic from one point-to-point circuit to another. One could
network small numbers of teletypewriters but strict user discipline was
required and the idea was only applicable for very low transmit duty cycle
nets. In the 80's a fantastic leap forward occurred to an in-service
standard 1200 bps data transfer speed and the introduction of dot-matrix
printers. Still at 50/75 Baud transmit speeds, the first Winchester disks
for buffer storage had been introduced in Whitehall in the late '60's I
think. They were not deployed in the field - and then is very small
numbers - until the early 70's

I bought my first 2400 modem in about 1990 when 9600 was commonly available
but at still at premium price..

None of this gainsays, that you were 'playing' with a 2400 modem in the
'70's but that must have been exceptional. Experimental even, as the number
of other parties you could have communicated with must have been quite
small.
And as for service bureaux, I think they were a rather earlier
phenomenon than suggested (when was BARIC, for example) and the
90s outsourcing route was more often facilities management than
service bureax (not that one is any better than the other of
course).
It may amuse you to know that bureau services are still successfully
provides in some specialist niches. One wonders too whether the likes of
British Airways having the bulk of its travel data entry carried out at
centres in India is out-sourcing or taking a bureau service. Is there any
clean dividing line between the two?

Owen
David Hansen
2004-09-09 08:41:10 UTC
Permalink
Post by Roland Perry
By analogy the UK-ID cards could be issued (say) anywhere there is a
municipal library, including the travelling ones.
Libraries are being closed down too, though not at the same rate as
post offices (at least at the moment).
Post by Roland Perry
no politician is going to make a martyr of the sort of case you
describe.
These cases usually arise because officials are only obeying orders. If
they make it into the mass media party politicians complain that their
orders have been misinterpreted.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-09 09:02:59 UTC
Permalink
Post by David Hansen
Post by Roland Perry
By analogy the UK-ID cards could be issued (say) anywhere there is a
municipal library, including the travelling ones.
Libraries are being closed down too, though not at the same rate as
post offices (at least at the moment).
Yes I know :-( The one in my old village in south Cambs was closed
recently. It was only open two days a a week, though. But such
discussions about closure, however regrettable, are only made after
genuine consultation with a relatively local council, even if that's
ignored (well what consumer would vote *for* closing a resource?) And
alternatives have to be explored. Such as a weekly visit by a mobile
library, which is what I think happened there.

Post office closures, on the other hand, seem much more commercially
drive by a faceless London-based crowd. Although most that I've seen
have been due to the family operating the sub-post office retiring and
no-one else wanting the job (which involves buying the premises and
business, I presume). That's quite a different model from libraries.
--
Roland Perry
Ian Johnson
2004-09-10 20:56:38 UTC
Permalink
Post by Roland Perry
Post office closures, on the other hand, seem much more commercially
drive by a faceless London-based crowd. Although most that I've seen
have been due to the family operating the sub-post office
retiring and
no-one else wanting the job (which involves buying the premises and
business, I presume). That's quite a different model from libraries.
My local (at home) post office has closed. The next nearest involves
a descent of about 150m. Regardless of the distance which isn't too bad
I've regretted walking there when I'm pushing a pram. My 89 year old
neighbour now gets a lift from his son ever week.

There is a "consultation" currently ongoing about closing my
University's
post office. A cynic might think perfectly timed for the summer recess.
Bearing in mind the size of the campus and number of staff & students, I
can only guess it is driven by post office density rather than business.

Regards,

Ian
Roland Perry
2004-09-11 08:52:50 UTC
Permalink
Post by Ian Johnson
Post by Roland Perry
Post office closures, on the other hand, seem much more commercially
drive by a faceless London-based crowd. Although most that I've seen
have been due to the family operating the sub-post office
retiring and
no-one else wanting the job (which involves buying the premises and
business, I presume). That's quite a different model from libraries.
My local (at home) post office has closed.
Do you know why? Was it because the business was unviable (too few core
customers, or too few customers for whatever corner-shop business it was
co-habiting with) or something else?

The two that I've seen closed near where I've lived: One was because the
owners retired and converted the premises in a victorian mid-terrace
back to a [very valuable] family home; they only cohabited with a
business selling envelopes, string and greetings cards that wasn't
viable stand-alone. Eventually a nearby grocery store cleared a corner
and re-established the sub-office. Two was because the owners retired,
and couldn't find anyone to take over the village sub-office/grocery
store as a going concern; a victim of Tescos in the nearby town.
--
Roland Perry
David Hansen
2004-09-09 10:10:43 UTC
Permalink
Post by Roland Perry
Yes I know :-( The one in my old village in south Cambs was closed
recently. It was only open two days a a week, though.
Much the same with the one I am thinking of.
Post by Roland Perry
But such
discussions about closure, however regrettable, are only made after
genuine consultation with a relatively local council,
My "local" council is based in Glenrothes, not a place many locals want
to go to.
Post by Roland Perry
alternatives have to be explored. Such as a weekly visit by a mobile
library, which is what I think happened there.
That is what happened in the case I am thinking of, but it is not
really an alternative.
Post by Roland Perry
Post office closures, on the other hand, seem much more commercially
drive by a faceless London-based crowd.
One needs to distinguish between "main" post offices and "local" ones.
The former are certainly closed by a faceless London-based crowd, led
by the man who botched up professional football before continuing the
botching up of the post office.
Post by Roland Perry
Although most that I've seen
have been due to the family operating the sub-post office retiring and
no-one else wanting the job (which involves buying the premises and
business, I presume).
That tends to be the case with "local" offices.

What is interesting is that local outlets are being closed down in
favour of "call centres", firstly in the UK now in India and no doubt
soon China (which is undoubtedly where the Blunkettcard scheme will be
run from if the rogues are stupid enough to allow him to continue).
This relies on the fragile thing called telecommunications, yet those
in power have failed to think this through properly. RIP means that
these links cannot be protected properly. Even when proper protection
of such links is thought of the implementation is poor, as Ross has
demonstrated for a decade or so now. I doubt if all this is accidental,
it suits too many agendas.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-09 15:36:08 UTC
Permalink
Post by David Hansen
Post by Roland Perry
Post office closures, on the other hand, seem much more commercially
drive by a faceless London-based crowd.
One needs to distinguish between "main" post offices and "local" ones.
The former are certainly closed by a faceless London-based crowd, led
by the man who botched up professional football before continuing the
botching up of the post office.
It depends a little on the size of town, but many smaller towns have had
their "main" post offices closed, and replaced by a counter or two at
the back of a downmarket newsagent. I gather there are proposals to sell
of more of the remaining ones, such is the mismanagement at the Post
Office. Most organisations are desperate for prime High St Space, and
yet the PO doesn't know what to do with it.
Post by David Hansen
Post by Roland Perry
Although most that I've seen have been due to the family operating
the sub-post office retiring and no-one else wanting the job (which
involves buying the premises and business, I presume).
That tends to be the case with "local" offices.
What is interesting is that local outlets are being closed down in
favour of "call centres",
I don't think much that I used to do at a Post Office has been replaced
by a call centre, but banking and insurance have gone that way.
--
Roland Perry
Ian G Batten
2004-09-09 18:09:48 UTC
Permalink
Post by Roland Perry
Office. Most organisations are desperate for prime High St Space, and
Yeah, right. You mean ``if only they could outbid the charity shops,
they'd open more premises?'' I've not been on a High Street outside the
M25 that doesn't have a couple of charity shops for some years, and
unless I'm missing something a charity shop is an automatic indicator
that supply exceeds demand. Oxfam are a distress customer of land
lords.

ian
Roland Perry
2004-09-09 19:35:54 UTC
Permalink
Post by Ian G Batten
Post by Roland Perry
Office. Most organisations are desperate for prime High St Space, and
Yeah, right. You mean ``if only they could outbid the charity shops,
they'd open more premises?'' I've not been on a High Street outside the
M25 that doesn't have a couple of charity shops for some years, and
unless I'm missing something a charity shop is an automatic indicator
that supply exceeds demand. Oxfam are a distress customer of land
lords.
Charity shops in prime space? Things must be bad round your way. I do
see charity shops, but in secondary positions, which I agree do have an
oversupply in many areas.
--
Roland Perry
Brian Morrison
2004-09-09 21:26:57 UTC
Permalink
On Thu, 9 Sep 2004 20:35:54 +0100 in
Post by Roland Perry
Post by Ian G Batten
Post by Roland Perry
Office. Most organisations are desperate for prime High St Space,
and
Yeah, right. You mean ``if only they could outbid the charity shops,
they'd open more premises?'' I've not been on a High Street outside
the M25 that doesn't have a couple of charity shops for some years,
and unless I'm missing something a charity shop is an automatic
indicator that supply exceeds demand. Oxfam are a distress customer
of land lords.
Charity shops in prime space? Things must be bad round your way. I do
see charity shops, but in secondary positions, which I agree do have
an oversupply in many areas.
We're getting close to the charity shop event horizon round here, with
apologies to Douglas Adams....
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Roland Perry
2004-09-10 08:28:33 UTC
Permalink
Post by Brian Morrison
Post by Roland Perry
Charity shops in prime space? Things must be bad round your way. I do
see charity shops, but in secondary positions, which I agree do have
an oversupply in many areas.
We're getting close to the charity shop event horizon round here, with
apologies to Douglas Adams....
My local "High St" (not big enough for a Crown PO, the sub-postoffice
has recently moved from a small charity-sized shop to be incorporated in
a brand new Co-Op supermarket which has about six checkouts to give you
some idea of scale) has five I think, from a total of about 40. So, yes,
quite noticeable. However they are all spread around. M&S have been
through a succession of planning appeals because they are keen to have a
shop. They are proposing knocking down a pub at the end of the High St
that's got a lot of land.

One retailer can't do a lot with five fragmented shopsites, but can make
good use of a single larger site (such as a Crown Post Office in a
larger town). Although I think few would be big enough for an M&S!
--
Roland Perry
Clive D. W. Feather
2004-09-10 05:57:18 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Post by Roland Perry
Charity shops in prime space? Things must be bad round your way. I do
see charity shops, but in secondary positions, which I agree do have an
oversupply in many areas.
So to pick a location we both know, would great harm be done if the
Cambridge post office had to move from beside Robert Sayle to Bridge
Street, or to just outside the Grafton?

The post office in my bit of Finchley has just been closed down. There's
a charity shop 2 minutes walk away.

- --
Clive D.W. Feather | Home: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Tel: +44 20 8495 6138 (work) | Web: <http://www.davros.org>
Fax: +44 870 051 9937 | Work: <clive-***@public.gmane.org>
Please reply to the Reply-To address, which is: <clive-fMmbJOuZRAcdnm+***@public.gmane.org>
Roland Perry
2004-09-10 08:52:04 UTC
Permalink
Post by Clive D. W. Feather
So to pick a location we both know, would great harm be done if the
Cambridge post office had to move from beside Robert Sayle to Bridge
Street, or to just outside the Grafton?
Remember that what I said was: "Most organisations are desperate for
prime High St Space, and yet the PO doesn't know what to do with it."

Then consider the £millions that are being poured into redeveloping
Robert Sayle and the surrounding shops in Cambridge, because the
proposed tenants (Robert Sayle included) do indeed seem to be desperate
for the extra retail space.

I'm sure (apart from the minor detail that the main telephone exchange
is behind the PO) everyone would be delighted if the site of the Crown
Post Office was included in the redevelopment. Or as it isn't, you have
the Crown Post office in a prime situation, a carbuncle next to a new
development, with the PO wringing its hands and using the 2K sqft merely
to see how long a queue it can create of people buying postage stamps.

Now, for your question: No I don't think much harm would be done by the
moves you suggest. But why do you ask?
--
Roland Perry
Ian G Batten
2004-09-10 09:01:35 UTC
Permalink
Post by Roland Perry
Then consider the £millions that are being poured into redeveloping
Robert Sayle and the surrounding shops in Cambridge, because the
proposed tenants (Robert Sayle included) do indeed seem to be desperate
for the extra retail space.
If Cambridge has a High St (as opposed to a mall) into which millions
are being poured, it's very unusual. I rather suspect that Scunthorpe,
Taunton and Bangor have different experiences.

ian
Roland Perry
2004-09-10 09:12:56 UTC
Permalink
Post by Ian G Batten
Post by Roland Perry
Then consider the £millions that are being poured into redeveloping
Robert Sayle and the surrounding shops in Cambridge, because the
proposed tenants (Robert Sayle included) do indeed seem to be desperate
for the extra retail space.
If Cambridge has a High St (as opposed to a mall) into which millions
are being poured, it's very unusual. I rather suspect that Scunthorpe,
Taunton and Bangor have different experiences.
Cambridge is laid out as a matrix, rather than a strip, and therefore
doesn't have a "High St" as such. The new development creates what you
might call a Mall, but the shopfronts on the longer side of it are on
the street most likely to be the High St, should one need to be
nominated. In particular it has the largest surviving Department Store
(John Lewis) and the Crown Post Office in it, and across the street is
the bus station, and behind it the central car park.

How many of Scunthorpe, Taunton and Bangor still have Crown Post Offices
(he asked in a desperate attempt to keep the subthread drifting off
topic again).
--
Roland Perry
Brian Beesley
2004-09-10 07:45:54 UTC
Permalink
Post by Roland Perry
Post by Ian G Batten
Post by Roland Perry
Office. Most organisations are desperate for prime High St Space, and
Yeah, right. You mean ``if only they could outbid the charity shops,
they'd open more premises?'' I've not been on a High Street outside the
M25 that doesn't have a couple of charity shops for some years, and
unless I'm missing something a charity shop is an automatic indicator
that supply exceeds demand. Oxfam are a distress customer of land
lords.
Charity shops in prime space? Things must be bad round your way. I do
see charity shops, but in secondary positions, which I agree do have an
oversupply in many areas.
Same round here. The point being that high street shopping is more or less
dead. People prefer to go to out-of-town shopping centres, where there is
more choice, savings due to bulk buying power of large chains over small
independent shops, reasonable road access and adequate parking facilities.
Nobody uses public transport for shopping these days - too inconvenient, too
expensive. Even the "transport challenged" who can't or won't drive use taxis
to access shopping centres instead of bus to access high street shops.

As for post offices, well the two or three I use reasonably regularly always
seem to have queues, so I can't see that they're doing all that badly.
Whether they're making a profit or not I simply can't say, but I don't think
the Government helps small shopkeepers in general anything like enough, and
I'm pretty sure the Post Office is no exception.

The people I feel sorry for are those that don't have reasonable access to a
post office; unfortunately the number of people deprived of a local post
office with reasonable services seems to be increasing at an exponential rate.

Brian Beesley
Roland Perry
2004-09-10 08:56:47 UTC
Permalink
Post by Brian Beesley
The point being that high street shopping is more or less
dead. People prefer to go to out-of-town shopping centres, where there is
more choice, savings due to bulk buying power of large chains over small
independent shops, reasonable road access and adequate parking facilities.
Well, this is certainly not the place for a usenet-style debate about
High St versus out of town shopping and the various transport issues
raised. Suffice it to say that the very heart of Cambridge (and also
Nottingham) is being redeveloped for new High Street shops, so their
death has been a little exaggerated.
Post by Brian Beesley
As for post offices, well the two or three I use reasonably regularly always
seem to have queues, so I can't see that they're doing all that badly.
Rofl! The queues are because they are badly run. But also look at the
tiny average transaction values.
Post by Brian Beesley
Whether they're making a profit or not I simply can't say
It's been stated loudly and regularly that they making the most horrific
loss (that's why the PO wants to close them).
--
Roland Perry
Ian G Batten
2004-09-10 08:04:31 UTC
Permalink
Post by Roland Perry
Charity shops in prime space? Things must be bad round your way. I do
To take a case in point, Harborne in Birmingham, which is where the
south west Birmingham professional middle-classes have gone now that the
BVT is seen as too suburban and not exclusive enough (all those rented
houses, your see, bring in the wrong sort of people). The houses around
it are silly money, the High Street is impassable at times due to the
badly parked 4x4s of the high maintenance Harborne housewives who
constitute the local ladies who lunch, the local state secondary schools
are in free-fall because everyone (dahling!) sends their children to the
local private schools and the M&S food-only store does a roaring trade.

There's a charity shop in every block of the High Street. Because for
practical purposes no-one local shops in the local shops aside from the
M&S, because the demographics don't overlap.

ian
Roland Perry
2004-09-10 08:59:48 UTC
Permalink
Post by Ian G Batten
There's a charity shop in every block of the High Street. Because for
practical purposes no-one local shops in the local shops aside from the
M&S, because the demographics don't overlap.
I think there is some slight confusion in the definition of High St. I
recognise the situation you describe, but my remarks (and most remaining
Crown Post Offices) pertain to County Towns and other large places. Not
collections of suburban shopping that did once have a critical mass.
--
Roland Perry
David Hansen
2004-09-09 17:30:54 UTC
Permalink
Post by Roland Perry
I don't think much that I used to do at a Post Office has been replaced
by a call centre, but banking and insurance have gone that way.
That depends on what one did. Banking, bills and forms are things that
are moving or have moved in that direction. Even buying stamps and
envelopes can be done that way.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-09 19:28:26 UTC
Permalink
Post by David Hansen
Post by Roland Perry
I don't think much that I used to do at a Post Office has been replaced
by a call centre, but banking and insurance have gone that way.
That depends on what one did. Banking, bills and forms are things that
are moving or have moved in that direction. Even buying stamps and
envelopes can be done that way.
I suppose that I might do a TV licence via a call centre instead of a
Post Office, but that data is easier to get by asking the TV licensing
people than tapping a phone to India. I'm struggling to think of any
non-governmental thing that I used to do at a Post office at all, never
mind do now at a call centre. But if the Post Office are doing telesales
of stationery, that could be one - although I don't think I've every
bought any from a Post Office, Staples is rather cheaper!
--
Roland Perry
David Hansen
2004-09-09 10:37:52 UTC
Permalink
Post by Roland Perry
Post by Ian Johnson
It's very rare I need either. I tend to only need my passport in
August, and I can't remember the last time I needed my driving licence.
What I forgot to add was that this would mop up perhaps 80% of the
population.
What this demonstrates is thet the Home Office are not the bungling
fools they and their advocates sometimes claim. Making "identity" cards
compulsory for those who want a passport or driving licence is an
extrememly sneaky trick and shows just how devious they are.

Had they instead said to plebs, "if you would like your passport or
driving licence to be endorsed as an "identity" card then please tick
this box and add £40 to your cheque" then that would be a different
matter.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
Roland Perry
2004-09-09 15:37:42 UTC
Permalink
Post by David Hansen
Had they instead said to plebs, "if you would like your passport or
driving licence to be endorsed as an "identity" card then please tick
this box and add £40 to your cheque" then that would be a different
matter.
The plebs can see these proposals on the Passport Agency website. It's
nice to have been part of the IT revolution that makes this possible -
previously they'd have had to get on their horse and go to Swansea (or
wherever) to examine such documents.
--
Roland Perry
David Hansen
2004-09-09 17:28:58 UTC
Permalink
Post by Roland Perry
The plebs can see these proposals on the Passport Agency website. It's
nice to have been part of the IT revolution that makes this possible -
previously they'd have had to get on their horse and go to Swansea (or
wherever) to examine such documents.
That part of that revolution is indeed good. Other parts are not.
However, that revolution does not change the fact that it is intended
to make getting a Blunkettcard compulsory if someone wants a passport
or driving licence (or renews one). This reduction in choice doesn't
seem to concern Messers Blunkett and Liar, yet they constantly preach
choice.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me using the RIP Act 2000.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-13 16:20:20 UTC
Permalink
-----Original Message-----
Sent: Friday, September 10, 2004 11:36 AM
Subject: Re: USA ID card for federal employees and contractors
We seem to be converging on the view that there is no-one capable of
issuing anything. So we have driving examiners who give a "pass" to
avoid being beaten up and Post Offices routinely giving out
tax disks to
people with no insurance because they've been slipped a
tenner. What a
state we are in.
As has been demonstrated, we certainly live in a world where police officers
pass information on dissidents to foreign governments and corporate
interests; I find it surprising that you think lesser offences of the kind
you describe are so wholly unlikely.

We are indeed in something of a state - the main question at hand is whether
current government policies are indeed an answer to such problems, or an
exacerbation of them.

However, while the government seems intent on creating penalties on the
public for not being willing to follow its slightest whim, but perpetuating
the opportunities for those inside the tent to escape significant penalty
when caught abusing their powers, I remain cynical.

I await the sentence on PC Kassim, and announcement of the penalties on the
officers who revealed details of the McLibel pair, in the faint and dismal
hope that one day penalties for abusing establishment power may one day
actually start to reflect the damage that such people do to society. I
will not, however, hold my breath.


Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-13 17:44:52 UTC
Permalink
-----Original Message-----
Sent: Monday, September 13, 2004 12:55 PM
Subject: Re: USA ID card for federal employees and contractors
I remember showing some of the multiuser CP/M systems I was
working on
at the time to the folks from Army stores in Bicester. They
wanted them
for stock control, in the field, which was a bit scary at the time.
79-80 timeframe.
I'm becoming increasingly convinced we may have met back then. I was
somewhat active in those same areas at that time with Comart and Bytesoft.


Dave.
Roland Perry
2004-09-13 17:57:23 UTC
Permalink
In article
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
I'm becoming increasingly convinced we may have met back then. I was
somewhat active in those same areas at that time with Comart and Bytesoft.
Names that ring a bell. I was running the Sintrom MicroShop and was
quite chummy with Newbear. I didn't sell much Cromemco (probably the
best brand then) as iirc it was Comart that had the agency sewn up.
--
Roland Perry
Brian Gladman
2004-09-13 18:24:11 UTC
Permalink
Post by Roland Perry
In article
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
I'm becoming increasingly convinced we may have met back then. I was
somewhat active in those same areas at that time with Comart and Bytesoft.
Names that ring a bell. I was running the Sintrom MicroShop and was
quite chummy with Newbear.
Tim Moore maybe?

Brian Gladman
Roland Perry
2004-09-13 18:53:58 UTC
Permalink
Post by Brian Gladman
I was running the Sintrom MicroShop and was quite chummy with
Newbear.
Tim Moore maybe?
Yep.
--
Roland Perry
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-13 19:19:59 UTC
Permalink
-----Original Message-----
Sent: Monday, September 13, 2004 6:57 PM
Subject: Re: USA ID card for federal employees and contractors
In article
.brhm.cable
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
I'm becoming increasingly convinced we may have met back
then. I was
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
somewhat active in those same areas at that time with Comart
and Bytesoft.
Names that ring a bell. I was running the Sintrom MicroShop and was
quite chummy with Newbear. I didn't sell much Cromemco (probably the
best brand then) as iirc it was Comart that had the agency sewn up.
Ah yes - there's not so many of us left who still remember those names -
especially Bytesoft.

And yes, we did have the Cromemco agency, as well as NorthStar (and via the
Byte Shops later the first IBM dealerships). I did have some contact with
Sintrom, but for the life of me I can't remember what.

Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-13 19:31:12 UTC
Permalink
-----Original Message-----
Sent: Monday, September 13, 2004 7:54 PM
Subject: Re: USA ID card for federal employees and contractors
Post by Brian Gladman
I was running the Sintrom MicroShop and was quite chummy with
Newbear.
Tim Moore maybe?
Yep.
And there was a name I'd forgotten.

Dave.
Pemble, Matthew
2004-09-14 02:11:08 UTC
Permalink
Folks,

My first ships were HMS Glamorgan and HMS Fife (County Class Destroyers aka
"Mountbattens Cruisers"), dating back to the early 60s.
Post by David Hansen
Their interest in analogue computing dates back around 100
years. Fire
control for warships (initially just the large ones) was based on
mechanical analogue computers (called fire control tables). These are
most interesting devices to look at, were very expensive to build and
the methods of doing things like differentiation fascinating.
We had small (3' x 2' x 2') mechanical analogue computers for anti-aircraft
fire calculations for the main guns (2 x Vickers twin turret). By the time
I was responsible for them, some of the precision gears had broken and they
were no longer as accurate as they once (or ever) were, but I had great fun
lobbing 4.5" bricks at the RAF with these (with an added lag for "safety",
boo, hiss).
Post by David Hansen
Analogue computing using electrical components would be a
step forward.
Indeed in the 1920s they introduced a very simple analogue
transmission
system to take information from the fire control table to guns. This
had the benefit of varying the speed of the gun depending on how far
away it was from where it should be aimed, obviously within limits.
We also had ADAWS1 for the SeaSlug fire control. By the time I got there,
it had been transistorised, so there was 1 large box, in the middle of a
fairly enormous and empty computer room, which had once housed > 100
equivalent boxes with the valve gear.

__________________________________

Matthew Pemble
Manager, Investigation & Threat Management
Group Information Security
Royal Bank of Scotland Group

Tel (Edin): 0131 523 9054 ITS: (777) 229054
Tel (Lond): 020 7615 2275 ITS: (777) 332275
Mob: 07789 397361
Fax: 0131 523 9493
E-mail: matthew.pemble-8gHNRtzdcB1aa/***@public.gmane.org
__________________________________



The Royal Bank of Scotland plc, Registered in Scotland No. 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB

The Royal Bank of Scotland plc is authorised and regulated by the Financial Services Authority and represents The Royal Bank of Scotland Marketing Group. The Bank sells life policies, collective investment schemes and pension products and advises only on the Marketing Group's range of these products and on a With-Profit Bond produced by Norwich Union Life (RBS) Limited.

This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.

Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-14 09:35:20 UTC
Permalink
-----Original Message-----
Sent: Tuesday, September 14, 2004 9:11 AM
Subject: Re: USA ID card for federal employees and contractors
I still own some of the core planes from the Elliott that I
learned to
programme on.
Assuming that's an 803/803B (which I also learned to program on), there's
one been rebuilt in the computer conservation society at the science museum
in London - it's relatively easy to arrange a visit and a look-see.

Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-23 12:58:04 UTC
Permalink
-----Original Message-----
Sent: Thursday, September 23, 2004 12:47 PM
Subject: Re: USA ID card for federal employees and contractors
Post by Adrian Midgley
So while the natural tendency in many areas seems to be to
reassure rather
Post by Adrian Midgley
than demonstrate "yes, it is safe, our hand-picked
carefully trained and (by
Post by Adrian Midgley
us) certified experts have checked it carefully but you
don't need to see it
Post by Adrian Midgley
yourself" the knowledge that the innards _will_ be seen by
people who
Post by Adrian Midgley
potentially some time in the career of the reassurer may be
competent to spot
Post by Adrian Midgley
carelessness or deception makes it cheaper to do it right.
Presumably you'd argue that it is the scrutiny of doctors who sign
cremation certificates that prevents doctors from embarking upon
long-running campaigns of offing their patients? The scrutiny of
auditors who sign accounts that prevents the boards of companies from
engaging in financial malpractice? The scrutiny of MPs who vote on
legislation that prevents governments from implementing bad law?
No*, Yes **, and Yes** respectively.

* Shipman notwithstanding,

** By intention only, and with varying degrees of lack of success.

Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-29 08:14:32 UTC
Permalink
-----Original Message-----
Sent: Tuesday, September 28, 2004 3:00 PM
Subject: Re: USA ID card for federal employees and contractors
Are there any others? Anyway, my point is that you don't need
to examine
the _whole_ of the source code to find such Trojans (you
won't find them
in the actual encoding, or in all the fancy GUI stuff).
Actually, I think you might indeed have to examine nearly the _whole_ of the
source code.

In particular, I think you have to examine everything that handles incoming
material - encrypted or plaintext.

Otherwise, the risk is of a deliberately crafted opportunity for a buffer
overflow somewhere physically remote from the code you identify as critical,
that can still be used to gain control of the application, attack the
critical code.

Such an attack could then force activity such as connecting to the net and
leaking keys, or plaintexts, using code that is not present to be found in
the main "security critical" source, at all.


Dave.
Brian Gladman
2004-09-29 09:38:00 UTC
Permalink
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
-----Original Message-----
Sent: Tuesday, September 28, 2004 3:00 PM
Subject: Re: USA ID card for federal employees and contractors
Are there any others? Anyway, my point is that you don't need
to examine
the _whole_ of the source code to find such Trojans (you
won't find them
in the actual encoding, or in all the fancy GUI stuff).
Actually, I think you might indeed have to examine
.. the _whole_ of the design and implementation of the application
and all those hardware and software components on which it depends for
services or which could interact with it during its lifetime.

Which, of course, is impossible to achieve in most real applications.

Brian Gladman
Owen Lewis
2004-10-03 21:35:43 UTC
Permalink
-----Original Message-----
Sent: 29 September 2004 10:38
Subject: Re: USA ID card for federal employees and contractors
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
-----Original Message-----
Sent: Tuesday, September 28, 2004 3:00 PM
Subject: Re: USA ID card for federal employees and contractors
Are there any others? Anyway, my point is that you don't need
to examine
the _whole_ of the source code to find such Trojans (you
won't find them
in the actual encoding, or in all the fancy GUI stuff).
Actually, I think you might indeed have to examine
.. the _whole_ of the design and implementation of the application
and all those hardware and software components on which it depends for
services or which could interact with it during its lifetime.
Which, of course, is impossible to achieve in most real applications.
If I understand you correctly, I'd add that the train of thought that leads
you to this conclusion leads me also to the conclusion that 'strong
cryptography for the masses (tm)' is a snare and delusion - at least
insofaras as a tool for the masses against oppressive govt is concerned :-)

The masses have and will continue to heave many cryptosystems put at their
disposal, most of which they will have no control over though they will
benefit from their existence (or at the least will use them).

Sad though it may be, the best security does require customisation - and is
expensive to obtain.



Owen
Brian Morrison
2004-10-04 06:42:56 UTC
Permalink
On Sun, 3 Oct 2004 22:35:43 +0100 in
Post by Owen Lewis
If I understand you correctly, I'd add that the train of thought that
leads you to this conclusion leads me also to the conclusion that
'strong cryptography for the masses (tm)' is a snare and delusion -
at least insofaras as a tool for the masses against oppressive govt
is concerned :-)
The safety provided to the users of crypto in this sense is improved by
the numbers using it; more to do with dilution of manpower on the part
of the state than with a guarantee of security for a given single
communication.
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Owen Lewis
2004-10-04 09:28:28 UTC
Permalink
-----Original Message-----
Morrison
Sent: 04 October 2004 07:43
Subject: Re: USA ID card for federal employees and contractors
On Sun, 3 Oct 2004 22:35:43 +0100 in
Post by Owen Lewis
If I understand you correctly, I'd add that the train of thought that
leads you to this conclusion leads me also to the conclusion that
'strong cryptography for the masses (tm)' is a snare and delusion -
at least insofaras as a tool for the masses against oppressive govt
is concerned :-)
The safety provided to the users of crypto in this sense is improved by
the numbers using it; more to do with dilution of manpower on the part
of the state than with a guarantee of security for a given single
communication.
Interesting thought, but are you sure?

Prima facie, I would expect the greater the variety of (fairly decent)
crypto, the sooner the resources might be unduly taxed. If the world uses
PGP then it becomes worthwhile putting some decent money up front to subvert
it by one or, more likely, a range of means. OTOH if the world were to use
O&B's 'Saturday Night Special*10^8 varieties, there would surely be a
skilled manpower shortage to which money offers no suitable get-over.

Owen
Brian Morrison
2004-10-04 10:20:09 UTC
Permalink
On Mon, 4 Oct 2004 10:28:28 +0100 in
Post by Owen Lewis
Post by Brian Morrison
Post by Owen Lewis
If I understand you correctly, I'd add that the train of thought
that leads you to this conclusion leads me also to the conclusion
that'strong cryptography for the masses (tm)' is a snare and
delusion - at least insofaras as a tool for the masses against
oppressive govt is concerned :-)
The safety provided to the users of crypto in this sense is improved
by the numbers using it; more to do with dilution of manpower on the
part of the state than with a guarantee of security for a given
single communication.
Interesting thought, but are you sure?
Not sure no, but I have seen in the past the suggestion that if *all*
communication were routinely encrypted with even relatively weak crypto
then the effort required to break it in all cases would make mail
scanning difficult en masse. That suggestion makes obvious sense I
think.
Post by Owen Lewis
Prima facie, I would expect the greater the variety of (fairly decent)
crypto, the sooner the resources might be unduly taxed. If the world
uses PGP then it becomes worthwhile putting some decent money up front
to subvert it by one or, more likely, a range of means. OTOH if the
world were to use O&B's 'Saturday Night Special*10^8 varieties, there
would surely be a skilled manpower shortage to which money offers no
suitable get-over.
It seems to me that it then becomes a matter of identifying the targets
for interception and cypher breaking using more traditional intelligence
rather than trawling the communications links. I have no problem with
that first process; my objection has always been to the ability of TPTB
to read everything all the time (whether this is actually done of course
is moot, I see this weekend that it is reported that a huge amount of US
9/11 related intercepts are still sitting awaiting translation,
evaluation and dissemination) rather than the ability to identify
interesting communications by other means and then to selectively break
those of justifiable interest.
--
Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
Owen Lewis
2004-10-04 11:39:27 UTC
Permalink
-----Original Message-----
Morrison
Sent: 04 October 2004 11:20
Subject: Re: USA ID card for federal employees and contractors
On Mon, 4 Oct 2004 10:28:28 +0100 in
Post by Owen Lewis
Post by Brian Morrison
Post by Owen Lewis
If I understand you correctly, I'd add that the train of thought
that leads you to this conclusion leads me also to the conclusion
that'strong cryptography for the masses (tm)' is a snare and
delusion - at least insofaras as a tool for the masses against
oppressive govt is concerned :-)
The safety provided to the users of crypto in this sense is improved
by the numbers using it; more to do with dilution of manpower on the
part of the state than with a guarantee of security for a given
single communication.
Interesting thought, but are you sure?
Not sure no, but I have seen in the past the suggestion that if *all*
communication were routinely encrypted with even relatively weak crypto
then the effort required to break it in all cases would make mail
scanning difficult en masse. That suggestion makes obvious sense I
think.
As was suggested below?
Post by Owen Lewis
Prima facie, I would expect the greater the variety of (fairly decent)
crypto, the sooner the resources might be unduly taxed. If the world
uses PGP then it becomes worthwhile putting some decent money up front
to subvert it by one or, more likely, a range of means. OTOH if the
world were to use O&B's 'Saturday Night Special*10^8 varieties, there
would surely be a skilled manpower shortage to which money offers no
suitable get-over.
It seems to me that it then becomes a matter of identifying the targets
for interception and cypher breaking using more traditional intelligence
rather than trawling the communications links. I have no problem with
that first process; my objection has always been to the ability of TPTB
to read everything all the time (whether this is actually done of course
is moot, I see this weekend that it is reported that a huge amount of US
9/11 related intercepts are still sitting awaiting translation,
evaluation and dissemination) rather than the ability to identify
interesting communications by other means and then to selectively break
those of justifiable interest.
There are two thoughts here.

1. Whether TPTB seek to intercept everything. I an satisfied that there some
nations have tried to do this for all their international communications and
there is a (numerically small and per-capita rich) group of nations that try
(used to try?) this for all their electronic communications. IMO either is a
silly game and targeting and statistical checking will permit a more
attractive cost/benefit analysis :-)


2. That one should believe anything, whether reported by the National
Enquirer or in a Senate debate, published about intercepts pertaining to
9/11.


Owen
David Hansen
2004-10-04 13:28:21 UTC
Permalink
Post by Owen Lewis
There are two thoughts here.
1. Whether TPTB seek to intercept everything. I an satisfied that there some
nations have tried to do this for all their international communications and
there is a (numerically small and per-capita rich) group of nations that try
(used to try?) this for all their electronic communications. IMO either is a
silly game and targeting and statistical checking will permit a more
attractive cost/benefit analysis :-)
I agree with all three sentences.

However, the question is whether cost/benefit analysis, as detailed in
the last sentence, is ever carried out (properly). I think it is not.
The cynical view is that it is not carried out because all that
officials are interested in is expanding their empires and party
politicians are too smug/incompetent/stupid (perhaps all three) to
control them. The less cynical view is that the officials are sincere
but incompetent. To support that view consider the "business case"
produced by officals for data retention. If anyone had brought me such
a stupidcase it would have been P45 time for them.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Owen Lewis
2004-10-04 16:58:00 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 14:28
Subject: RE: USA ID card for federal employees and contractors
Post by Owen Lewis
There are two thoughts here.
1. Whether TPTB seek to intercept everything. I an satisfied
that there some
Post by Owen Lewis
nations have tried to do this for all their international
communications and
Post by Owen Lewis
there is a (numerically small and per-capita rich) group of
nations that try
Post by Owen Lewis
(used to try?) this for all their electronic communications.
IMO either is a
Post by Owen Lewis
silly game and targeting and statistical checking will permit a more
attractive cost/benefit analysis :-)
I agree with all three sentences.
However, the question is whether cost/benefit analysis, as detailed in
the last sentence, is ever carried out (properly). I think it is not.
Perhaps it's not necessary. The value of SIGINT is sine qua non, as is now
the cost benefit advantage of it over other types of intelligence gathering
concerning the transfer of information in the majority of circumstances.
That cost benefit case was made and won over the heaps of the corpses and
P45's of those opposed, a very long time ago.

In this specific the cost of recording the entire information flow of (say)
200 M people is punishing enough. The cost of doing anything/everything with
all that information is mind boggling - and *very* bad VFM.


Owen
David Hansen
2004-10-04 10:28:33 UTC
Permalink
Post by Brian Morrison
Not sure no, but I have seen in the past the suggestion that if *all*
communication were routinely encrypted with even relatively weak crypto
then the effort required to break it in all cases would make mail
scanning difficult en masse. That suggestion makes obvious sense I
think.
It makes sense because of the envelope analogy. Envelopes are not
strong protection, but they do prevent mass reading of letters by the
Egg Marketing Inspectorate and other fighters of the "good fight".
Post by Brian Morrison
I see this weekend that it is reported that a huge amount of US
9/11 related intercepts are still sitting awaiting translation,
evaluation and dissemination)
Does that include the data that the UK computer industry was stupid
enough to copy on the say so of some very minor police bod?
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Roland Perry
2004-10-04 11:07:20 UTC
Permalink
Post by David Hansen
Post by Brian Morrison
I see this weekend that it is reported that a huge amount of US
9/11 related intercepts are still sitting awaiting translation,
evaluation and dissemination)
Does that include the data that the UK computer industry was stupid
enough to copy on the say so of some very minor police bod?
No, because [if this is the incident I think you are referring to]

(1) the request (on behalf of the Head of the Hitech Crime Unit) was
only for comms data (not intercepts) and

(2) The request was officially "stood down" several years ago and the
data no longer held by the companies, never having been sent en masse to
the authorities.
--
Roland Perry
David Hansen
2004-10-04 11:33:37 UTC
Permalink
Post by Roland Perry
Post by David Hansen
Does that include the data that the UK computer industry was stupid
enough to copy on the say so of some very minor police bod?
No, because [if this is the incident I think you are referring to]
(1) the request (on behalf of the Head of the Hitech Crime Unit) was
only for comms data (not intercepts) and
I had forgotten that.

However, the request should have come from the Home Secretary or Prime
Minister, not some bod in the police. Party politicians can in some
(imperfect) ways be held accountable for their actions. The fact that
the industry responded to this bod is a clear illustration of the
contempt with which the industry holds its customers. They should have
given the bod a two word answer, the second word being off.
Post by Roland Perry
(2) The request was officially "stood down" several years ago and the
data no longer held by the companies, never having been sent en masse to
the authorities.
No comment.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Roland Perry
2004-10-04 14:02:46 UTC
Permalink
Post by David Hansen
However, the request should have come from the Home Secretary or Prime
Minister, not some bod in the police. Party politicians can in some
(imperfect) ways be held accountable for their actions. The fact that
the industry responded to this bod is a clear illustration of the
contempt with which the industry holds its customers.
They also have some responsibility that their customers aren't blown up.
Post by David Hansen
They should have given the bod a two word answer, the second word being
off.
It's not an excuse, but on September the 12th, the mood was such that a
request like that was taken seriously. It's also clear that anyone with
the power to countermand it (including the Data Protection Commissioner)
would have been aware of its existence. In any event, it was voluntary,
and one or two probably did decide it was either impractical or not
their problem.

Remembering also that retention is one thing[1] disclosure another[2].

[1] And, frankly, in the current atmosphere I can't see much mileage in
arguing for <6 months for almost anything.

[2] Being pre-RIPA the telcos get to vet every each individual request;
something you recently said was an entirely adequate safeguard.
--
Roland Perry
David Hansen
2004-10-04 14:56:15 UTC
Permalink
Post by Roland Perry
Post by David Hansen
However, the request should have come from the Home Secretary or Prime
Minister, not some bod in the police. Party politicians can in some
(imperfect) ways be held accountable for their actions. The fact that
the industry responded to this bod is a clear illustration of the
contempt with which the industry holds its customers.
They also have some responsibility that their customers aren't blown up.
Something grabbing data from everyone does nothing to help with.

I note that you have not answered the point about a suitable position
to make such a request. Certainly were I some insiginficant police
officer I would not be so arrogant as to make such a request. I would
refer it to my superiors with a recommendation that it went to those I
mentioned. The fact that this idiot (a word I use deliberately) sent
out this request tells us all we need to know about how good the police
are at judging proportionality and necessity, as well as much else
about them.

Then there are the idiots who acted on this idiotic "request".
Post by Roland Perry
It's not an excuse, but on September the 12th, the mood was such that a
request like that was taken seriously.
It may have been taken seriously by some in big business who hold their
customers in contempt. Don't expand that tho everyone.
Post by Roland Perry
It's also clear that anyone with
the power to countermand it (including the Data Protection Commissioner)
would have been aware of its existence.
I'm interested in the claim that they can countermand anything. That is
not the way they are set up.
Post by Roland Perry
In any event, it was voluntary,
and one or two probably did decide it was either impractical or not
their problem.
Those are only some of the options.
Post by Roland Perry
[2] Being pre-RIPA the telcos get to vet every each individual request;
Even if that request was for all data. Fascinating.

So, did these big companies decide that holding David Hansen's data was
inappropriate because he is not a terrorist? I think not.
Post by Roland Perry
something you recently said was an entirely adequate safeguard.
Incorrect.

I did say it was a useful part of a safeguarding process, which is
entriely different.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Roland Perry
2004-10-04 15:27:37 UTC
Permalink
Post by David Hansen
Post by Roland Perry
Post by David Hansen
However, the request should have come from the Home Secretary or Prime
Minister, not some bod in the police. Party politicians can in some
(imperfect) ways be held accountable for their actions. The fact that
the industry responded to this bod is a clear illustration of the
contempt with which the industry holds its customers.
They also have some responsibility that their customers aren't blown up.
Something grabbing data from everyone does nothing to help with.
It's a tad extreme to say that legitimate attempts at law enforcement
are futile.
Post by David Hansen
I note that you have not answered the point about a suitable position
to make such a request.
If you can get off your name-calling high horse for a moment, you'll
notice I said it was "on behalf" of a suitably senior officer. And also
that the entire community "inside the tent" as you might have it, was
aware. This is not some junior officer on a power trip.
Post by David Hansen
Post by Roland Perry
It's also clear that anyone with
the power to countermand it (including the Data Protection Commissioner)
would have been aware of its existence.
If the DPC had said it wasn't justified (they were specifically asked)
then it would not have gone ahead. And to that extent their judgement
was correct - it was a "one off". No remotely similar exercise has been
done since.
Post by David Hansen
Post by Roland Perry
[2] Being pre-RIPA the telcos get to vet every each individual request;
Even if that request was for all data. Fascinating.
Ha! Even though you've said recently that this is the state of affairs
that was useful. In any event a request for "all data" is ludicrously
over-ambitious and would fail.
Post by David Hansen
So, did these big companies decide that holding David Hansen's data was
inappropriate because he is not a terrorist? I think not.
Everyone treated equally, that's for sure. Is everyone asked to keep
their company finance records for 7 years because the Inland Revenue
think you [and just you] are on the fiddle?
--
Roland Perry
Brian Gladman
2004-10-04 09:08:34 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Brian Gladman
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
Actually, I think you might indeed have to examine
.. the _whole_ of the design and implementation of the application
and all those hardware and software components on which it depends for
services or which could interact with it during its lifetime.
Which, of course, is impossible to achieve in most real applications.
If I understand you correctly, I'd add that the train of thought that leads
you to this conclusion leads me also to the conclusion that 'strong
cryptography for the masses (tm)' is a snare and delusion - at least
insofaras as a tool for the masses against oppressive govt is concerned :-)
I would go further and say that, for the forseeable future, "strong
cryptographic _information_ security for _any_ large community that is
based mainly on the use of the security examination and accreditation
model is a snare and a delusion"

But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.

Moreover it can eliminate the threats to information posed by those who
seek to intercept it while in transit.

Brian Gladman
Owen Lewis
2004-10-04 11:29:24 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 10:09
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
Post by Brian Gladman
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
Actually, I think you might indeed have to examine
.. the _whole_ of the design and implementation of the application
and all those hardware and software components on which it depends for
services or which could interact with it during its lifetime.
Which, of course, is impossible to achieve in most real applications.
If I understand you correctly, I'd add that the train of
thought that leads
Post by Owen Lewis
you to this conclusion leads me also to the conclusion that 'strong
cryptography for the masses (tm)' is a snare and delusion - at least
insofaras as a tool for the masses against oppressive govt is
concerned :-)
I would go further and say that, for the forseeable future, "strong
cryptographic _information_ security for _any_ large community that is
based mainly on the use of the security examination and accreditation
model is a snare and a delusion"
Too sweeping for me. One would need first to agree pretty exactly what your
model comprises of and whether it is applicable to 'any large community'.
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.
Moreover it can eliminate the threats to information posed by those who
seek to intercept it while in transit.
It cannot always do that(viz. my example of a voice cipher unit broadcasting
in clear). Moreover, it's security can be subverted openly by measures such
as the provisions of RIPA or covertly in other ways.

The number of persons equipped and able to make all the requisite
precautions themselves is really quite small and employing someone to make
requisite checks is an expensive business that the man-in-the-street will
never contemplate.

Owen
Brian Gladman
2004-10-04 13:48:47 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Brian Gladman
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.
Moreover it can eliminate the threats to information posed by those who
seek to intercept it while in transit.
It cannot always do that(viz. my example of a voice cipher unit broadcasting
in clear). Moreover, it's security can be subverted openly by measures such
as the provisions of RIPA or covertly in other ways.
The number of persons equipped and able to make all the requisite
precautions themselves is really quite small and employing someone to make
requisite checks is an expensive business that the man-in-the-street will
never contemplate.
Anyone who takes the time to develop the knowledge that this requires
(which is well within the grasp of any reasonably competent technical
person) can have high performance 'end to end' communications security
that is more than good enough to keep even the big boys out.

This is not a 'zero effort' exercise. But, provided the mechanisms are
kept at the 'end to end' communications layers, this can now be done
without a big investment in time, effort or cost once the requisite
knowldege has been gained.

And now that:

(a) broadband is very widely available;
(c) broadband routers can run encrypted 'peer to peer' sessions [1];
(b) these are available with IP telephony support,

those groups who want good communications security can easily obtain it
for both voice and data.

And, last but not least, the software in routers (in which I have some
involvement) is small enough in both volume and complexity terms to be
verifiable with good confidence.

This is not 'security for all of the masses' but rather 'security for
those of the masses who choose to put the effort in to obtain it'.

Brian Gladman

[1] All those nice boxes in ISPs going to waste - how sad :-)
Owen Lewis
2004-10-04 17:08:02 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 14:49
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
Post by Brian Gladman
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.
Moreover it can eliminate the threats to information posed by those who
seek to intercept it while in transit.
It cannot always do that(viz. my example of a voice cipher unit
broadcasting
Post by Owen Lewis
in clear). Moreover, it's security can be subverted openly by
measures such
Post by Owen Lewis
as the provisions of RIPA or covertly in other ways.
The number of persons equipped and able to make all the requisite
precautions themselves is really quite small and employing
someone to make
Post by Owen Lewis
requisite checks is an expensive business that the
man-in-the-street will
Post by Owen Lewis
never contemplate.
Anyone who takes the time to develop the knowledge that this requires
(which is well within the grasp of any reasonably competent technical
person) can have high performance 'end to end' communications security
that is more than good enough to keep even the big boys out.
This is not a 'zero effort' exercise. But, provided the mechanisms are
kept at the 'end to end' communications layers, this can now be done
without a big investment in time, effort or cost once the requisite
knowledge has been gained.
(a) broadband is very widely available;
(c) broadband routers can run encrypted 'peer to peer' sessions [1];
(b) these are available with IP telephony support,
those groups who want good communications security can easily obtain it
for both voice and data.
And, last but not least, the software in routers (in which I have some
involvement) is small enough in both volume and complexity terms to be
verifiable with good confidence.
This is not 'security for all of the masses' but rather 'security for
those of the masses who choose to put the effort in to obtain it'.
Now there I find nothing to gainsay. But, by common observation, not only is
the man-in-the-street (other than by remote exception) prepared to put in
the effort but neither are many/most larger, better-heeled and more
attractive targets. The former
Brian Gladman
[1] All those nice boxes in ISPs going to waste - how sad :-)
Your eyes are focussed in the right direction alright - but so may be the
eyes of others. Now are you sure you want to put you money on playing 'Find
the Lady' in this way ;-) Fear and trembling. Fear and trembling.

Owen
Brian Gladman
2004-10-04 18:25:13 UTC
Permalink
Owen Lewis wrote:

[snip]
Post by Owen Lewis
Post by Brian Gladman
This is not 'security for all of the masses' but rather 'security for
those of the masses who choose to put the effort in to obtain it'.
Now there I find nothing to gainsay. But, by common observation, not only is
the man-in-the-street (other than by remote exception) prepared to put in
the effort but neither are many/most larger, better-heeled and more
attractive targets.
You are certainly right on the former and may also be right on the
latter - for the moment at least.

But IP telephony seems likely to change this in a number of interesting
ways over the next couple of years. In particular I rather doubt that
this technology is welcome in several government 'organisations' since
it will increasingly put voice interception capabilities at serious risk.

In cryptography terms this decade may prove to be as interesting as the
last one - but in an entirely different way.

Brian Gladman
Owen Lewis
2004-10-04 21:04:30 UTC
Permalink
-----Original Message-----
Sent: 04 October 2004 19:25
Subject: Re: USA ID card for federal employees and contractors
[snip]
Post by Owen Lewis
Post by Brian Gladman
This is not 'security for all of the masses' but rather 'security for
those of the masses who choose to put the effort in to obtain it'.
Now there I find nothing to gainsay. But, by common
observation, not only is
Post by Owen Lewis
the man-in-the-street (other than by remote exception) prepared
to put in
Post by Owen Lewis
the effort but neither are many/most larger, better-heeled and more
attractive targets.
You are certainly right on the former and may also be right on the
latter - for the moment at least.
But IP telephony seems likely to change this in a number of interesting
ways over the next couple of years. In particular I rather doubt that
this technology is welcome in several government 'organisations' since
it will increasingly put voice interception capabilities at serious risk.
In cryptography terms this decade may prove to be as interesting as the
last one - but in an entirely different way.
I think that is right.

Owen

David Hansen
2004-10-04 15:06:28 UTC
Permalink
Post by Brian Gladman
This is not a 'zero effort' exercise. But, provided the mechanisms are
kept at the 'end to end' communications layers, this can now be done
without a big investment in time, effort or cost once the requisite
knowldege has been gained.
There is the need for an incentive for the person(s) to learn about the
subject and turn on what is available in the router. The latter could
be made easier in some of the ones I have encountered, though one
always runs up against the problem of ease of use against ability to
set things up precisely.
Post by Brian Gladman
And, last but not least, the software in routers (in which I have some
involvement) is small enough in both volume and complexity terms to be
verifiable with good confidence.
That is good to know. However, there is the question of whether the
router is leaking key material. One of the manuals for one I dealt with
some time ago didn't mention that it contacts home base regularly to
get the time. I have no objection to this, provided I know about it and
can control it. The firmware manufacturers took a different view. What
else does it do without telling me? This comes back to the question of
open source.
Post by Brian Gladman
[1] All those nice boxes in ISPs going to waste - how sad :-)
My heart bleeds.

Unfortunately my wallet also bleeds as I am paying for the activites of
the Home Office and those who hide behind their skirts to spy on me.
The man responsible for this went on to the greatest foreign policy
disaster since Suez (and I don't mean shaking Robert Mugabe's hand:-)
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
David Hansen
2004-10-04 10:20:40 UTC
Permalink
Post by Brian Gladman
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.
Agreed. I recently discovered that one can now buy an ADSL router with
built in tunnel termination for the sum of £110. Install one of these
in each office and home, set them up and choose appropriate settings
and key material for a VPN that is reasonably secure.

There are questions about IPSec and the like, plus those with
particular concerns would need to look at the implementation of these
protocols in the routers. However, this is the sort of price that other
than large organisations can afford.

The thing that is missing is knowledge amongst the 'masses' about the
issues. Many "system administrators" appear ignorant of the subject.

Such systems will not put out of business those whose business is to
provide secure communications. Rather it will grow the market. Those
whose business is to provide secure communications will need to explain
the problems of such things to their customers.

Of course the Home Office are waiting in the wings to prevent this
securing of business communications, with Part III of RIP.
--
David Hansen, Edinburgh | PGP email preferred-key number F566DA0E
I will *always* explain why I revoke a key, unless the UK
government prevents me by using the RIP Act 2000.
Brian Gladman
2004-10-04 14:04:49 UTC
Permalink
Post by David Hansen
Post by Brian Gladman
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared to develop
the knowledge necessary for its effective use.
Agreed. I recently discovered that one can now buy an ADSL router with
built in tunnel termination for the sum of £110. Install one of these
in each office and home, set them up and choose appropriate settings
and key material for a VPN that is reasonably secure.
There are questions about IPSec and the like, plus those with
particular concerns would need to look at the implementation of these
protocols in the routers. However, this is the sort of price that other
than large organisations can afford.
The thing that is missing is knowledge amongst the 'masses' about the
issues. Many "system administrators" appear ignorant of the subject.
I agree. The constraints on this in the past have been:

(a) government control of cryptography;
(b) the capability and cost of the technology;
(c) lack of high bandwidth 'peer to peer' connectivity;
(d) lack of knowledge on the part of potential users.

Only (d) now remains. But sadly its probably the hardest to solve :-(

Brian Gladman
Charles Lindsey
2004-09-29 12:47:24 UTC
Permalink
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
In particular, I think you have to examine everything that handles incoming
material - encrypted or plaintext.
Otherwise, the risk is of a deliberately crafted opportunity for a buffer
overflow somewhere physically remote from the code you identify as critical,
that can still be used to gain control of the application, attack the
critical code.
No, I don't see that. If the buffer overflow is only caused by certain
inputs, and you (Mallet) are trying to hear what Alice is saying to Bob,
then you have to persuade Alice to send messages that trigger the overflow.

More to the point would be to examine places where the program generates
_output_, especially anything that looks like it is output sent to an
"unusual" destination.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl-***@public.gmane.org      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
Brian Beesley
2004-09-30 08:34:45 UTC
Permalink
Post by Charles Lindsey
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
In particular, I think you have to examine everything that handles incoming
material - encrypted or plaintext.
Otherwise, the risk is of a deliberately crafted opportunity for a buffer
overflow somewhere physically remote from the code you identify as critical,
that can still be used to gain control of the application, attack the
critical code.
No, I don't see that. If the buffer overflow is only caused by certain
inputs, and you (Mallet) are trying to hear what Alice is saying to Bob,
then you have to persuade Alice to send messages that trigger the overflow.
More to the point would be to examine places where the program generates
_output_, especially anything that looks like it is output sent to an
"unusual" destination.
Suppose a buffer overflow is used in the following way:

(a) Executable code is planted and linked to

(b) When I send outbound crypttext, the linked executable code is used to
"bomb" TCP/IP output buffers in such a way that unused bits in the TCP/IP
headers are manipulated in a way which allows someone with a wiretap to
recover my private key.

In other words, every message I send contains a "hidden" copy of my private
key.

Doesn't help the intruder to read what I'm sending (if it's coded using the
recipient's public key) but it does effectively strip the protection of
encryption from everything I'm receiving, as well as possibly allowing
someone else to forge my digital signature.

Brian Beesley
Peter Tomlinson
2004-10-02 05:52:19 UTC
Permalink
Post by Brian Beesley
(a) Executable code is planted and linked to
(b) When I send outbound crypttext, the linked executable code is ...
This discussion is good evidence in the case for using secure hardware
(or using an OS that makes full use of the x86 hardware protection
features) so that code cannot be planted and executed, and then
generating the key pairs in situ and storing them in a manner that
ensures that the private key cannot be exported.

Peter
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-09-29 16:36:16 UTC
Permalink
-----Original Message-----
Sent: Wednesday, September 29, 2004 1:47 PM
Subject: Re: USA ID card for federal employees and contractors
On Wed, 29 Sep 2004 09:14:32 +0100,
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
In particular, I think you have to examine everything that handles
incoming
material - encrypted or plaintext.
Otherwise, the risk is of a deliberately crafted
opportunity for a buffer
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
overflow somewhere physically remote from the code you identify as
critical,
that can still be used to gain control of the application,
attack the
Post by David_Biggins-XjoIEpZFQiJWk0Htik3J/
critical code.
No, I don't see that. If the buffer overflow is only caused
by certain
inputs, and you (Mallet) are trying to hear what Alice is
saying to Bob,
then you have to persuade Alice to send messages that trigger
the overflow.
Sorry, but no, you don't.

MALLET sends BOB a plaintext that triggers the overflow, and thereby
inserts code into BOBs machine. This code subsequently sends back to
MALLET copies of all plaintext either before encryption or after decryption.
More to the point would be to examine places where the
program generates
_output_, especially anything that looks like it is output
sent to an
"unusual" destination.
If the code to do this is inserted later by a buffer overflow, you won't
find it in the source, because it won't be there.

Sure you could catch it on a traffic monitor, but that is a separate issue
from the identification of possible vulnerabilities in a product's source.

Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-10-04 10:50:37 UTC
Permalink
-----Original Message-----
Sent: Sunday, October 03, 2004 10:36 PM
Subject: RE: USA ID card for federal employees and contractors
If I understand you correctly, I'd add that the train of
thought that leads
you to this conclusion leads me also to the conclusion that 'strong
cryptography for the masses (tm)' is a snare and delusion - at least
insofaras as a tool for the masses against oppressive govt is
concerned :-)
Largely agreed.

Dave.
David_Biggins-XjoIEpZFQiJWk0Htik3J/
2004-10-04 10:53:58 UTC
Permalink
-----Original Message-----
Sent: Monday, October 04, 2004 10:09 AM
Subject: Re: USA ID card for federal employees and contractors
But strong 'end to end' cryptographic _communications_ security is
available for all those within the 'masses' who are prepared
to develop
the knowledge necessary for its effective use.
Debatable, at least if those against whom protection is sought have
sufficient power and resources.

Dave/.
Continue reading on narkive:
Loading...