Interesting bit of a quote

On 7/15/06, John Kelsey <kelsey.jix.netcom.com> wrote:
> Another solution is to use cryptographic audit logs. 
Bruce Schneier
> and I did some work on this several years ago, using a
MAC to
> authenticate the current record as it's written, and a
one-way
> function to derive the next key.  (This idea was
apparently developed
> by at least two other people independently.)  Jason
Holt has extended
> this idea to use digital signatures, which makes them
far more
> practical.  One caveat is that cryptographic audit logs
only work if
> the logging machine is honest when the logs are
written.

Yeah, I love that idea, saw it at the 7th Usenix Security
Symposium.

For everyone else, there's an implementation here:
http://isr
l.cs.byu.edu/logcrypt/index.html
I have been looking for something like this for a while.

Note to Jason Holt: The subscribe links for the mailing
lists are broken.

I like the idea of encrypting the entries, but I thought
that having
to classify them into a finite number of classes, and
restricting
disclosure to be along class lines is restrictive, but I
don't know
offhand how to allow the logger to disclose arbitrary
subsets
efficiently.
-- 
Resolve is what distinguishes a person who has failed from a
failure.
Unix "guru" for sale or rent - http://www.li
ghtconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098
0C55 1484

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com