 |  |  |
 |
OpenFortress : Security weblogSecurity issues surrounding digital signing and related technical issues. Target audience includes journalists and technical news bulletins.
RSS 2.0 news feed for this weblog Sign of Leaving the EUPosted on Wed, 29 Mar 2006, 12:42. The VAT laws of the EU require a charge of a certain VAT percentage to certain customers in the EU, and a 0% rate to all customers outside the EU. To avoid abuse of this 0% rate, sending companies must provide evidence of export. Which is not always easy. Automatic Verification of VAT numbersPosted on Wed, 29 Mar 2006, 11:20. When one EU company exports to another EU company, the seller must verify that the recipient has a proper VAT number at the moment of export, and be able to proof such verification. But there are more demanding laws than practical means to implement them. Beyond email DisclaimersPosted on Tue, 29 Nov 2005, 20:53. Email has been around for many years, the first official standard dating back to 1973. Interestingly, there is a recent trend to add disclaimers to email. Let me explain why those disclaimers are unrealistic, both from a legal and technical viewpoint. And let me introduce you to the professional way to use email in a business context. TPM or USB Token: The right tool in the right placePosted on Sun, 10 Jul 2005, 09:03. TPM is gaining acceptance as an industry standard for cryptographic hardware connected to computers. But it is often quoted for the wrong applications. Important security cornerstone brokenPosted on Wed, 16 Feb 2005, 09:08. Although not formally confirmed yet, knowledgeable sources indicate that an important security cornerstone was broken, namely the secure hash SHA1. PGP can benefit from identification obligationPosted on Sun, 09 Jan 2005, 00:00. Several countries oblige their citizens to always carry a form of identification when they are in the streets. This is usually enforced with security in mind. Rather than diving into the ethics of this solution, I now want to address how such obligations can be exploited to the advantage of PGP. Be careful what you signPosted on Sat, 08 Jan 2005, 23:58. Your mother probably told you not to sign anything before you have fully read it. Are you still cherishing that habit? Do you think you can also keep it up if digital signing becomes commonplace? The answer is that it depends on the data format that you sign. Digital signing in a browser? No thanks!Posted on Sat, 08 Jan 2005, 22:22. Many online facilities are implemented in terms of a web service. Although that is certainly a convenient interface for interaction with desktop users, there are some applications that require a more solid approach. If anything, then at least digital signing should be done in a much more controllable environment. An environment such as a mailer. |
More news and weblogs |  |