|Unicity, DES Unicity, Open-Keys,
Unknown-Keys - http://mcwg.org/mcg-mirror/unicity.htm
Revisits the concept of unicity and shows that key-length is not the most important parameter to evaluate the security of cryptographic systems, discussing possible weakness in current systems and alternatives. As an example, it presents a +70-bit exportable DES, directly based on 56-bit DES.
|Some Non-Random DES Characteristics
and an Identification Attack on DES - http://mcwg.org/mcg-mirror/nrdes.htm
Shows some non-random characteristics of DES, explained as a collateral effect of its 56-bit key-length versus 64-bit plaintext space. Also describes the "Identification Attack", used to explore this vulnerability to break DES with just three letters.
|Intrinsic examples - http://mcwg.org/mcg-mirror/mcid.txt
Discusses intrinsic identification, identity and certification -- with easy-to-follow examples for each. It is part of the "Intrinsic Certification" series of short communications.
|Identification and Privacy
are not Antinomies - http://mcwg.org/mcg-mirror/antinomy.txt
Even though motivated by the Internet, as a practical arena, the concepts reported here can be applied to improve any
identification method -- including the present proposal by the US Government for a national ID card..
|What is identification,
that we can identify it?, Part II - http://mcwg.org/mcg-mirror/coherence2.txt
A continuation, this work defines Identification-level I-3, with 64 identification types. Understanding is defined as a nexus -- a linked collective of elements. Reference, Sense and Entity are derived as predicates of understanding -- and not as "ad hoc" attributes of an "identity".
|What is identification,
that we can identify it? - http://mcwg.org/mcg-mirror/coherence.txt
Identification can be understood not only in the sense of an "identity" connection, but in the wider sense of "any" connection. Which one to use is just a matter of protocol expression, need, cost and (very importantly) privacy concerns.
|What is the Internet Paradigm?
The Internet provides raw power. Thus, it works as an amplifier which can reward results and self-discipline, or problems and inefficiency. The talk discusses the growth of the Internet and its working paradigms, as well as its evolution.
|MC-ware potential and objectives
There are varied ways to implement the precise functional features of MC. This message calls for a focus upon how MC obtains, retains, and treats data/objects in support of its unique functionalities.
|Towards Real-World Models
of Trust: Reliance on Received Information - http://mcwg.org/mcg-mirror/trustdef.htm
This work presents an abstract definition of trust which allows any number of compatible explicit trust definitions to be derived specifically for each application area such as communication systems, digital certificates, cryptography, law, linguistics and social uses, of which more than 30 examples are discussed.
|New slide material -
View the new slide topics on Certification, Security and Internet.
|Overview of Certification
Systems: X.509, CA, PGP and SKIP - http://mcwg.org/mcg-mirror/certover.pdf
New updated and summarized PDF version -- Reviews current certification methods and weakenesses, as well as possible solutions (also directly in Postscript, plain .ps or .zip format). The HTML version of this work was visited more than 50,000 times in one year -- see http://mcwg.org/mcg-mirror/cert.htm.
|The Unabridged X.509 Certificate
Contains the full explicit and implicit content of a generic X.509 certificate and thus may well represent what is meant by any X.509 Certificate that the reader may need to accept or buy, such as for https (SSL) access, for S/MIME e-mail, etc.
|Cerimony and non-repudiation
in e-commerce - http://mcwg.org/mcg-mirror/ecer.txt
Digital signature effects can be legally questioned (semantic repudiation), rather easily -- even though the signature itself may not (syntactic non-repudiation), e.g., as given by passive certificates. This work discusses how passive certificates can also allow legal cerimonies to be introduced in digital signatures, which affords a legal base for non-repudiable transactions.
|Must e-commerce deals expire
with certs? - http://mcwg.org/mcg-mirror/ecom.txt
To allow certificates to be useful for legal tasks -- e-commerce -- one needs to be able to verify signatures that were done when the certificate was valid, even 35 years afterwards. This work shows how that can be done with passive certificates.
at a glance, part I - http://mcwg.org/mcg-mirror/icert1.htm
This is the first essay, in a series of short communications that intend to be a "road-guide" for developers, security specialists and users, into the subject of Intrinsic Certification and their implementation by Meta-Certificates.
|Why is certification harder
than it looks? - http://mcwg.org/mcg-mirror/whycert.htm
The paradox is that while certification is harder than it looks, it must be made amenable to the average user.
Report: MCG 1997-1998 - http://mcwg.org/mcg-mirror/report98.htm
Certification is shown to depend at least on two concepts: "proper trust" and "proper keys". Which must first be adequately qualified in communication theory terms and then modeled in an useful way.