This week, I registered for the next Document Interop Initiative (DII) workshop being held at Microsoft. (Details here) The meet-up is centered around the new XML Advanced Electronic Signatures (XAdES) support in Office 2010. In my opinion, this is a great step forward for Office’s digital signature support, as XAdES provides the appropriate XML schemata to embed timestamps, revocation information and countersignatures within a digital signature on a document. Timestamp and embedded revocation support are two of the chief advantages that Acrobat digital signatures have held over Office for the past several years. Finally enabling this functionality will allow Office to compete with Acrobat on a more even playing field in terms of allowing robust, more auditable signature workflows. I’m[…]
Category: standards
Dan Kaminsky posted on twitter the following: http://eprint.iacr.org/2010/006.pdf Is it time to deprecate 1024bit RSA for, say, 1276bit? (2048 has perf issues.) The link Dan provided is a research paper which reports the successful factorization of the 768-bit number from the original 2001 RSA challenge. I responded to him that NIST had already deprecated the use of 1024-bit RSA in the government, and it was time for industry to follow suit. Since I posted that, I’ve been surprised that a number of people don’t understand the upcoming changes in key lengths and algorithm strengths that have been mandated by NIST. So, this post offers some information about why I can confidently say the U.S. government has deprecated certain algorithms and[…]
Les Jordan from Microsoft recently wrote a blog post entitled Identity Management: a key to seamless CTMS and EDC. In it, he presents some of the solutions Microsoft is introducing in the identity management space, currently under the name of Microsoft Geneva including the Geneva Framework, and the Microsoft Identity Federation Gateway. The idea is fairly simple. Many (most?) large enterprises already manage their users and systems using Active Directory. Geneva allows publishing the components of your Active Directory required for doing identity federation on the Internet. The publishing is performed in a standards-compliant way (using WS-* and SAML 2.0) and allows it to be used for claims between enterprises. …the issue of Identity Management, Username and Password proliferation, and[…]
According to the IRS: The IRS has developed six new security and privacy standards to better protect taxpayer information collected, processed, and stored by Authorized IRS e-file Providers participating in Online Filing of individual income tax returns. These new standards are based on industry best practices and are intended to supplement the Gramm-Leach-Bliley Act and the implementing rules and regulations promulgated by the Federal Trade Commission. So, what does this mean for the average online tax-filer? It means that the company that you e-file through (TurboTax, efile, TaxACT, etc) will have to adhere to stricter policies and standards regarding the handling of customer information. Most of these policies seem to be standard precautions from a security perspective. However, I can[…]
In 2007 a handful of companies (including Google, Microsoft, and Yahoo) decided to draft a set of guidelines influencing the behavior of online businesses when it comes to the subject of policies and regulations dealing with human rights. It was to be a kind of unofficial voluntary code of conduct initiative thing. According to this letter(pdf) from Yahoo to Senators Durbin and Coburn: Principles on Freedom of Expression and Privacy […] provide direction and guidance to the ICT industry and its stakeholders in protecting and advancing the enjoyment of freedom of expression and privacy globally. The Principles describe key commitments in the following areas: Freedom of Expression; Privacy; Responsible Company Decision Making; Multi-Stakeholder Collaboration; Governance, Accountability & Transparency Along with[…]
One of our clients unintentionally DoSed themselves this weekend by switching registrars. In what turns out to be an honest mistake on someone’s part, the new registrar set the company’s DNS servers to the registrar’s (pretty standard action), but they didn’t copy the old DNS information from the previous registrar. Effectively denying service to the organization’s mail server (no DNS entry and no MX record), and some websites that generate revenue. I would suspect that this is a common situation for smaller companies. They decide that they’re not happy with their current registrar for whatever reason, and switch. Unfortunately, not understanding how computers find each other and buying into the “complete hosting solution” packages offered by many registrars. In an[…]