[plug] [Fwd: Re: David Conran's talk]

Christian christian at amnet.net.au
Mon Jun 12 10:37:26 WST 2000 

On Mon, Jun 12, 2000 at 10:46:17AM +0800, Peter Wright wrote:
> On Mon, Jun 12, 2000 at 10:10:23AM +0800, Christian wrote:
> > On Sun, Jun 11, 2000 at 07:26:55PM +0800, Jeremy Malcolm wrote:
> > > I guess it is true that logs aren't that useful for determining
> > > whether a compromise has actually occurred.  For one thing, if you
> > > have a root compromise then you can't trust your log files anyway. 
> [ ... ]
> > There is a very interesting paper by Bruce Schneier and John Kelsey on a
> > technique for cryptographically guaranteeing protection of all log
> > entries made prior to a compromise.  I'm not sure if the technique has
> > been implemented and, besides, it is patented.
> 
> *blinks* Sorry if my head's been stuck in the sand for too long - it's
> possible to patent something without actually _implementing_ it???
> Even just a proof-of-concept implementation?

Well, I'm not a lawyer so I could be wrong about this but I understand
that it is possible to do that.  Patenting is just the process of
basically copyrighting an idea.  If someone comes up with a new cipher
or cryptosystem and publishes a paper on it then, as I understand it,
they can patent the new idea.  As soon as they publish the idea they've
established that they invented it and, if no one can demonstrate prior
art then it's theirs to patent.  Either way what I meant was that I
wasn't aware of any available implementation that would be of use to the
previous poster.

Actually, after I wrote the last email I recalled seeing a "secure
syslog" program on freshmeat once so I did a quick search for it and
found http://www.core-sdi.com/english/slogging/ssyslog.html which links
to paper on a protocol sounding very similar to Schneier and Kelsey's
(at least in terms of general features).  These pages claim the original
protocol to have been invented in 1995 which puts it well prior of
Counterpane's 1998 publication and probably puts doubt on the validity
of any patent.  The only possible problem might be that the original
paper written in 1995 wasn't published.  Either way, there is a public
domain implementation of ssyslog available on those pages.

Regards,

Christian.

More information about the plug mailing list