Carl Ellison's home page
[7 May 2007]
Check out Judy's foundation.
Fellow tenor Nick took some pictures
during Desmond Tutu's visit to St. Mark's, mostly from the choir loft during the
Evensong service on May 11, 2006.
Ted Koppel
on NPR
quoting Lily Tomlin:
"No matter how cynical I get, I can never keep up."
My SPAM e-mail list has been moved to
a blog to save my friends
the e-mail traffic and let them respond directly to my postings. Enjoy.
``All suspects are guilty - period - otherwise they wouldn't be suspects would they?''
From
``Troops'', the old take-off on ``COPS!''. That was a funny line, once, back before
we had people at the very top of the US administration who act like they expect us to believe this.
"Does the Public Really Believe?" --
Arianna apparently doesn't
Al Gore's speech on the Patriot Act & the Bush administration.
Trinity Consort and St. Mark's music program.
An anecdote about life here in Seattle. I think I'm going to like this town.
My real claim to fame
:-) thanks to Timewarp
Films and Leanna
Chamish.
Security Pages
The Padlock Story
- The Cryptography Timeline,
that I prepared back in the days when the government was trying to
claim that crypto had historically been a government monopoly.
- The NPR
Series, Technopop, examining the history of technology and pop
music and leading me to wonder how long the record companies will fail
to embrace the new technology and help advance it. I understand their
fear. It means giving up the old way of doing business. But, it's
inevitable. Perhaps there are people near retirement who want to be
able to cash out before the inevitable change happens -- the old "not
on my watch, you don't" theory.
Randomness
- If you can get a machine using the Intel 800 series chipset
(810, 815, 820, ...), including the Intel
hardware random number generator, that's all you need. [Note:
I have discovered that not all Intel 800 series chipsets include
the Intel Firmware Hub with the hardware RNG. The part numbers
you need to have are: E82802Ax or N82802Ax. So, I guess
you have to look on the motherboard before you buy. If I learn
some different mechanism for buying a computer with the RNG, I will
update this message.]
- However, if you're stuck with having to try to create randomness on a
plain vanilla machine, you might check out the suggestions cited
below.
- Although it is not really about randomness, check out
this story
my buddy Tim sent me. Obviously, this was some designer's concept of ``random''.
-
My normal (home) PGP DSS key and
RSA
key. Other keys of mine are available from the PGP keyservers.
Of course, you have no idea if those are my keys. To really know
that they are, you need to:
- know me personally (otherwise the word my has no meaning
to you, personally, when you read it in
the phrase my keys); and
- receive confirmation of the key from me in the physcial world (e.g.,
- with my business card that has my key fingerprints printed on the back,
provided I hand it to you personally; or
- with a voice confirmation of the key fingerprint; etc.)
It is important to note that a certificate on those keys from the most
trustworthy CA in the world or PGP key signatures from a set of the
most careful and trustworthy web-of-trust key
signers in the world does you little good if all it does is bind a
globalized human name to the key. You would need to know which name
was being used for me and the process of securely delivering that name to
you requires the same steps enumerated above. That is, PKI
schemes (or directory systems like the D-H modified phone book) ``solve''
the key management problem by replacing it with a name management problem
that is precisely as difficult as the original key management problem.
[This was the main flaw in the phone book analogy used by Diffie
and Hellman: the assumption that names were not only globally unique
but also known and used accurately by anyone else in the world needing
to use that name. Names are not globally unique. Unique names can be
created and used to build a directory or set of certificates, but
there is no channel for communicating those constructed names to the
person needing to consult the directory.]
-
The ASN.1 Misuse paper that I presented at
RSA 1996.
-
MD5 hashes of the PGP distribution files at
http://web.mit.edu/network/pgp.html, and
my signature on that file.
-
My directory of freeware, brought over from my backup
of my previous home page. This includes my ranno filters, tran (as in des|tran|des|tran|des), etc.
-
Instructions for using SSH to send and receive mail (access SMTP and POP3)
prepared for use at theworld.com. This will probably work on any ISP where
SSHD is running.
- I wrote to Senator Wyden about the
CBDTPA asking him to do what he could to kill the bill.
- The Return of GAK?
After the attacks of 11 Sept,
there have been renewed calls for Government Access to Keys (GAK)
(also called "Key Escrow"). I could put back up my old pages
that show the incorrectness of that approach, but Lauren Weinstein has
written a very clear letter on this
subject giving the central point, that cryptography is not
controllable and that attempts to control it legally will penalize
those of us who use it to secure the domestic infrastructure while
having no impact on any terrorist. In particular, such controls
would not increase the FBI's ability to do its job of rounding up
terrorists. Fortunately, we have seen no such requests from the
FBI itself. They appear to be coming from news media, perhaps in
an attempt to play a Game of ``Let's You And Him Fight''.
Remember: The original proponents of Key Escrow admitted that it
would not work against a determined or sophisticated adversary.
The terrorists responsible for the attacks of 11 Sept were clearly
both determined and sophisticated.
Other Pages
Pictures
Here are some of the sights I enjoy from Portland:
not to mention the sunrises:
Here are one from Hinsdale, IL (in 1999) and one from Harvard Square, Cambridge, MA (2002)
and some pix of my new house
Carl Ellison cme@acm.org