Alex Alten
Sat, 23 Jun 2007 10:17:11 -0700
Lynne or Anne, At 10:30 AM 6/22/2007 -0600, Anne & Lynn Wheeler wrote:
A secure Internet requires a secure network protocol http://www.infoworld.com/article/07/06/22/25OPsecadvise_1.html
Actually I think we need a shadow Internet that is used only for security purposes (and is fully encrypted). It is sort of like the old SS7 signaling infrastructure of the phone network. It doesn't need the same bandwidth, maybe 1/1000 or 1/10,000 as much. It would use strictly cryptographic protocols for identity & authentication and key management, etc..
one of the things seen in various of the SSL (authentication) vulnerabilities
SSL seems to be hanging by a thread, mainly the name to public key mapping depends on how thorough the checking is done in to SSL vs application layersinside of the web browser. If this is hosed then unrestricted MITM is in the cards
sometime in the near future. - Alex -- Alex Alten [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]