[plug] [Fwd: Re: David Conran's talk]

[Peter Wright]

On Mon, Jun 12, 2000 at 10:10:23AM +0800, Christian wrote:
> On Sun, Jun 11, 2000 at 07:26:55PM +0800, Jeremy Malcolm wrote:
> > I guess it is true that logs aren't that useful for determining
> > whether a compromise has actually occurred.  For one thing, if you
> > have a root compromise then you can't trust your log files anyway. 
[ ... ]
> There is a very interesting paper by Bruce Schneier and John Kelsey on a
> technique for cryptographically guaranteeing protection of all log
> entries made prior to a compromise.  I'm not sure if the technique has
> been implemented and, besides, it is patented.

*blinks* Sorry if my head's been stuck in the sand for too long - it's
possible to patent something without actually _implementing_ it???
Even just a proof-of-concept implementation?

> Still, Schneier has a good reputation when it comes to patents (none
> of his ciphers are patented) so it's hard to know how useful this
> will be.

Interesting. I'll have to see if I can track down this patent and have
a look at it.

> Then again, Counterpane is now involved in doing 3rd party intrusion
> detection work so protecting this sort of patent may be useful to
> them.  For those who are interested the paper is "Cryptographic
> support for secure logs on untrusted machines", in Proceedings 7th
> USENIX Security Symposium, 53--62.

Danke,

> Regards,
> 
> Christian.

Pete.
-- 
http://cygnus.uwa.edu.au/~pete/

--
hundred-and-one symptoms of being an internet addict:
92. It takes you two hours to check all 14 of your mailboxes.