It seems that after most people have put some preventive security on their network (actually on several places), it starts to be the time to use the data that are being produced by all these security gadgetry.

I have come over this aspect for the first time, when I was administering security in a small company. Even though we had just a few servers inside the firewall, it was pretty obvious that if you could get together the audit logs from Interent access router, firewall, Lotus Notes and NT security log you could get a good picture what is an attack, what is just regular network traffic and what indicates technical issues. However, I have never had time to get to code this.

Now, even big boys in IDS industry think that event corellation is the way to go, so it may be interesting to have a look at data aggregation and mining for security that can do what I didn't found time to do myself.

8:16:18 PM    

Jon Udell was experimenting with certificate revocation in Outlook and Mozilla mail clients:

"Last night, as an experiment, I revoked one of my Thawte Freemail certificates. Today I sent myself a message signed with that now-bogus cert. Few people have ever used an S/MIME cert. Still fewer, I am sure, have explored how email software deals with a CRL (certificate revocation list)."

I, for one, have tried to use signing certificate in Outlook, and have found one serious drawback. If the email recipient does not have root certificate installed, he cannot get to read the email, even though the email itslef is not encrypted. After couple of responses from annoyed pals I decided not to use it.

Reading this post, I have noticed several intersting links in Jon's Googlebox. One was a nice backgrounder on certificate revocation, CRLs and OCSP from Network Computing. Another one was about cert revocation in apache&mod_ssl. This attracted my attention, because some time ago I needed to do some research into the use of personal certificates with the webserver and then I was told by a person supposedly in the know that there were some issues with CRLs. So now I know that it does work.

7:18:48 PM    

Although the critics claim otherwise, from all the published material it seems that the Palladium strategy is still in flux and that Microsoft don't have a clear picture of where they are exactly going. (See Interview with Mario Juarez). Even if they did have it, the future presented by that the doomsayers can be considered as a worst case scenario that is not that certain to happen. Why? The public opinion and and IT markets still didn't have their say .

As Passport case has shown, public backlash can achieve postponing the development of a new technology and cause its substantial revisions. My suspicion is that MS expected this to happen again and therefore they revealed Palladium details that long before releasing the product itself to spare themselves a Passport-like debacle of pulling off the product from the market. To test the public opinion in the conceptual phase is cheaper than when the product is in production/sales.

Another important thing that may have an impact on them is a response of European smartcard industry and banks that have invested heavily in smart cards. Smart cards can do the strong realworld-cyberworld identity tie-in, and perhaps some non-realtime DRM. Which is about 70% of what TCPA would be used for. You understand that by worldwide adoption of TCPA hardware their revenues would go to hell. As past government sponsorship illustrates, they have some ties to regulation-friendly European Commisson and you could expect them to lobby their government friends and cause Palladium to be delayed/postponed on anti-competitive or privacy basis.

Do you think MS to be so silly not to take all these into account. I don't think so.

6:57:45 PM    

Joshua Allen's rebuttal to the recent wave of anti-Palladium articles.

In his essay, he esentially argues that DRM is a good thing because it makes people behave in a honest way. What he however fails to notice is that the property laws have subtle nuances (such as first sale doctrine, but this is not the only one) that are easy to execute with physical copies of published material, but that are non-trivial to implement and easy to suppress in software form. This could give the publishers unjust advantage over consumers and in the world with DRM deployed on mass scale could give great tools for censoring information.

Now the question is what would be the best option?

1. Not to design the technology that could support this, even if it could bring other advantages
2. Trying to design the tech to support nuances of IPR from upfront
3. To legislate publishers to observe IPR nuances outside the software
4. Wait for the MS and publishers to do their part and if it contravenes the civil liberties/IPR sue them.

Besides that, Joshua is a good writer and his opinions are amongst the most thoughtful on the subject (together with Cypherpunk mailing list members). His observation on the Palldium critique saying, "Palladium seems to have spawned one thousand theories, all of the garden variety conspiracy strain.  Nobody knows what the heck Palladium is, so they speculate.  An epidemic of polemic, and nobody is quite sure what it's about.  'We don't know what Microsoft is planning, and we don't know whether they can pull it off, and we don't know for sure if it is a conspiracy.  But at least we know that it is called Palladium, and it is probably bad for the fish.' made me laugh.

6:29:04 PM    

Paul Harrison through Robert Hettinga: "The Trusted Computing Platform includes the TPM, the motherboard and the CPU, all wired together with some amount of tamper resistance.  It is meaningless to speak of different "owners" of different parts.  The owner of a TCP might be a corporate IT department (for employee machines), a cable company (for set-top boxen), or an individual.  The important question is not whether trusted platforms are a good idea, butwho will own them.

I would think a TCP _with_ ownership of the TPM would be every paranoid cypherpunk's wet dream.  A box which would tell you if it had been tampered with either in hardware or software?  Great.  Someone else's TCP is more like a rental car:  you want the rental company to be completely responsible for the safety of the vehicle." [Cypherpunks]

5:26:37 PM