Rich Salz wrote:
Perhaps a few best practices papers are in order. They might help
the secure (distributed) computing field a great deal.
/r$
--
The new book, Practical Cryptography, by Niels Ferguson and
Bruce Schneier is useful.
regards,
Frederick
I thought the 3G (UMTS) cellphones at least were going to use reasonably good
crypto; don't know about the overall security architecture though.
Jaap-Henk
On Fri, 06 Jun 2003 14:30:04 -0400 Ian Grigg [EMAIL PROTECTED] writes:
John Kelsey wrote:
So, what can I do about it, as an individual?
[EMAIL PROTECTED] (Peter Gutmann) writes:
Bodo Moeller [EMAIL PROTECTED] writes:
Using an explicit state machine helps to get code suitable for multiplexing
within a single thread various connections using non-blocking I/O.
Is there some specific advantage here, or is it an academic
At 10:09 PM 6/4/2003, James A. Donald wrote:
Eric Rescorla
Nonsense. One can simply cache the certificate, exactly as
one does with SSH. In fact, Mozilla at least does exactly
this if you tell it to. The reason that this is uncommon is
because the environments where HTTPS is used are generally
John Kelsey wrote:
So, what can I do about it, as an individual? Make the cellphone companies
build good crypto into their systems? Any ideas how to do that?
Nope. Cellphone companies are big slow moving
targets. They get their franchise from the
government. If the NSA wants weak crypto,
At 04:42 PM 6/4/2003 -0700, Eric Rescorla wrote:
Nonsense. One can simply cache the certificate, exactly as
one does with SSH. In fact, Mozilla at least does exactly
this if you tell it to. The reason that this is uncommon
is because the environments where HTTPS is used
are generally spontaneous
On Fri, Jun 06, 2003 at 06:08:34PM -0400, Ian Grigg wrote:
Derik asks the pertinant question:
The question is: how do we convince M$ and Netscape to include something
else in their software? If it's not supported in IE, then it wont be
available to the vast majority of users out there.
Derek Atkins [EMAIL PROTECTED] writes:
Actually, the ASN.1 part is a major factor in the X.509 interoperability
problems. Different cert vendors include different extensions, or different
encodings. They put different information into different parts of the
certificate (or indeed the same
James A. Donald wrote:
Could you point me somewhere that illustates server issued
certs, certification with zero administrator overhead and small
end user overhead?
Been a while since I played with it, but IIRC OpenCA (www.openca.org) is a
full implimentation of a CA, in perl cgi, with no admin
--
James A. Donald:
Certificate caching is not the problem that needs solving.
The problem is all this spam attempting to fool people into
logging in to fake BofA websites and fake e-gold websites,
to steal their passwords or credit card numbers
On 6 Jun 2003 at 15:04, Tim Dierks
Anonymous Sender wrote:
James A. Donald writes:
E-Gold could set things up to allow its customers to authenticate with
certs issued by Verisign, or with considerably more work it could even
issue certs itself that could be used for customer authentication.
Why doesn't it do so? Well, it's a
--
On 4 Jun 2003 at 20:58, Anne Lynn Wheeler wrote:
it is relatively trivial to demonstrate that public keys can
be registered in every business process that currently
registers shared- secrets (pins, passwords, radius, kerberos,
etc, etc)
I don't think so.
Suppose the e-gold, to
At 04:24 PM 6/6/2003 -0700, James A. Donald wrote:
I don't think so.
??? public key registered in place of shared-secret?
NACHA debit trials using digitally signed transactions did it with both
software keys as well as hardware tokens.
http://internetcouncil.nacha.org/News/news.html
in the
Eric Murray [EMAIL PROTECTED] writes:
Too often people see something like Peter's statement above and say
oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just
do it in XML instead and then it'll work fine which is simply not true.
The formatting of the certificates is such a
Derek Atkins [EMAIL PROTECTED] writes:
Eric Murray [EMAIL PROTECTED] writes:
Too often people see something like Peter's statement above and say
oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just
do it in XML instead and then it'll work fine which is simply not true.
On Wed, Jun 04, 2003 at 07:15:13PM -0400, John Kelsey wrote:
| At 03:50 PM 6/3/03 -0700, Eric Blossom wrote:
| ...
| GSM and CDMA phones come with the crypto enabled. The crypto's good
| enough to keep out your neighbor (unless he's one of us) but if you're
| that paranoid, you should opt for the
In attempting to solve the hard problem, it fails to make
provision for solving the easy problem.
That's a deployment issue, not a technical issue. D-H key exchange, for
example, would be just fine. It just so happens that the SSL creators had
a particular business goal in mind: e-commerce,
At 12:02 PM 6/4/2003 +0100, Dave Howe wrote:
For that matter, our system here discards the CC after use (the pre-auth
step with the merchant bank agent gives us back a fulfillment handle that
can only be used to fulfill or cancel that individual transaction - but of
course Amazon *want* to keep
Eric Murray [EMAIL PROTECTED] writes:
Too often people see something like Peter's statement above and say oh, it's
that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML
instead and then it'll work fine which is simply not true. The formatting of
the certificates is such a
James A. Donald [EMAIL PROTECTED] writes:
--
James A. Donald
Or to say the same thing in different words -- why can't
HTTPS be more like SSH?Why are we seeing a snow storm
of scam mails trying to get us to login to e-g0ld.com?
Eric Rescorla
Because HTTPS is designed to let
--
Everyone in America has several shared secrets identifying them
-- the number of the beast to identify them to the state, and
their credit card numbers identifying them to various financial
institutions, plus a hundred passwords to login to their
email, their bank, their network
The problems that this creates are demonstrated by what happens when
technically skilled users are required to work with certificates.
If you haven't already seen it, I highly recommend Don Davis's
compliance defects paper (and slides!) available at
http://world.std.com/~dtd. Abstract
On Thu, Jun 05, 2003 at 10:11:45PM +1200, Peter Gutmann wrote:
Bodo Moeller [EMAIL PROTECTED] writes:
Using an explicit state machine helps to get code suitable for multiplexing
within a single thread various connections using non-blocking I/O.
Is there some specific advantage here, or is it
[EMAIL PROTECTED] (Peter Gutmann):
[0] Note that my SSL implementation follows the standard SSL ladder diagram
rather than the state-machine that SSL implementations are usually
described as, which made it trivial to switch over for SSHv2 use. I've
never understood why every
On Wed, Jun 04, 2003 at 04:32:23PM +1200, Peter Gutmann wrote:
James A. Donald [EMAIL PROTECTED] writes:
I never figured out how to use a certificate to authenticate a client to a
web server, how to make a web form available to one client and not another.
Where do I start?
There's a
Bodo Moeller [EMAIL PROTECTED] writes:
Using an explicit state machine helps to get code suitable for multiplexing
within a single thread various connections using non-blocking I/O.
Is there some specific advantage here, or is it an academic exercise? Some
quirk of supporting certain types of
--
James A. Donald
Or to say the same thing in different words -- why can't
HTTPS be more like SSH?Why are we seeing a snow storm
of scam mails trying to get us to login to e-g0ld.com?
Eric Rescorla
Because HTTPS is designed to let you talk to people you've
never talked before,
James A. Donald [EMAIL PROTECTED] writes:
--
On 3 Jun 2003 at 15:04, James A. Donald wrote:
I never figured out how to use a certificate to authenticate
a client to a web server, how to make a web form available to
one client and not another. Where do I start?
What I and
Depends on how it gets passed from the web servers to that computer. If
it's encrypted with a public key on the web server that only the database
has the private half, you're safe from someone sniffing that proprietary
one-way interface.
However, if somone's already broken into the web server,
James A. Donald [EMAIL PROTECTED] writes:
Eric Rescorla
Nonsense. One can simply cache the certificate, exactly as
one does with SSH. In fact, Mozilla at least does exactly
this if you tell it to. The reason that this is uncommon is
because the environments where HTTPS is used are
[EMAIL PROTECTED],
Bill
Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: Maybe It's Snake Oil All the Way Down
In-Reply-To: [EMAIL PROTECTED]
User-Agent: Mutt/1.4i
On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote:
At 10:09 AM 6/2/03 -0400
The White House Communications Agency is also working
hard to secure presidential communications, with legacy
systems needing ever-increasing maintenance and upgrades,
the market continuing to outpace the big-ticket legacy
clunker equipment, too expensive to chuck outright, yet having
flaws
PROTECTED]
CC: EKR [EMAIL PROTECTED], Eric Murray [EMAIL PROTECTED],
Scott Guthery
[EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED],
Bill
Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: Maybe It's Snake Oil All the Way Down
In-Reply-To: [EMAIL PROTECTED
Ian Grigg [EMAIL PROTECTED] writes:
It's also very much oriented to x.509 and similar certificate/PKI models,
which means it is difficult to use in web of trust (I know this because we
started on the path of adding web of trust and text signing features to x.509
before going back to OpenPGP),
Ian Grigg [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
True, although, that begs the question as
to how they learn. Only by doing, I'd say.
I think one learns a lot more from making
mistakes and building ones own attempt than
following the words of wise.
One learns by *practicing*.
That
At 09:11 AM 6/3/2003, Peter Gutmann wrote:
Lucky Green [EMAIL PROTECTED] writes:
Given that SSL use is orders of magnitude higher than that of SSH, with no
change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
your assertion that ssh, not SSL, is the only really successful net
At 10:09 AM 6/2/03 -0400, Ian Grigg wrote:
(One doesn't hear much about
crypto phones these days. Was this really a need?)
As a minor aside - most laptops can manage pgpfone using only onboard
hardware these days, either using an integrated modem or (via infrared) a
mobile phone.
Tim Dierks wrote:
At 09:11 AM 6/3/2003, Peter Gutmann wrote:
Lucky Green [EMAIL PROTECTED] writes:
Given that SSL use is orders of magnitude higher than that of SSH, with no
change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
your assertion that ssh, not SSL, is
Eric Murray wrote:
On Mon, Jun 02, 2003 at 10:09:06AM -0400, Ian Grigg wrote:
A lot of the tools and blocks are too hard to
understand. Inaccessible might be the proper
term. This might apply to, for example, SSL,
and more so to IPSec. These have a lower survival
rate, simply
On Monday, June 2, 2003, at 07:09 AM, Ian Grigg wrote:
PGP was also mildly successful, and was done by
one guy, PRZ. The vision was very clear. All others
had to do was to fix the bugs... Sadly, free versions
never quite made the jump into GUI mail clients, so
widespread success was denied
Ian Grigg wrote:
Also, a lot of cryptosystems are put together
by committees. SSH was originally put together
by one guy. He did the lot. Allegedly, a fairly
grotty protocol with a number of weakneses, but
it was there and up and running. And SSH-2 is
apparantly nice, elegant and easy to
A lot of the tools and blocks are too hard to
understand. Inaccessible might be the proper
term. This might apply to, for example, SSL,
and more so to IPSec. These have a lower survival
rate, simply because as developers look at them,
their eyes glaze over and they move on. I heard
one guy say
On Mon, Jun 02, 2003 at 10:09:06AM -0400, Ian Grigg wrote:
A lot of the tools and blocks are too hard to
understand. Inaccessible might be the proper
term. This might apply to, for example, SSL,
and more so to IPSec. These have a lower survival
rate, simply because as developers look at
Ian Grigg [EMAIL PROTECTED] writes:
Also, a lot of cryptosystems are put together by committees. SSH was
originally put together by one guy. He did the lot. Allegedly, a fairly
grotty protocol with a number of weakneses, but it was there and up and
running. And SSH-2 is apparantly nice,
]
| Subject: Re: Maybe It's Snake Oil All the Way Down
|
|
|
|There are a number of standard building blocks (3DES, AES, RSA, HMAC,
|SSL, S/MIME, etc.). While none of these building blocks are known
|to be secure ..
|
| So for the well-meaning naif
Scott Guthery [EMAIL PROTECTED] writes:
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom. Maybe
the reason that folks roll their own is because as far as they can see
that's what everyone does. Roll your own then whip
Scott Guthery [EMAIL PROTECTED] writes:
Suppose. Just suppose. That you figured out a factoring
algorithm that was polynomial. What would you do? Would
you post it immediately to cypherpunks?Well, OK, maybe
you would but not everyone would. In fact some might
even imagine they could
At 08:32 PM 5/31/03 -0400, Scott Guthery wrote:
Hello, Rich ...
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom. Maybe
the reason that folks roll their own is because as far as they can see
that's what everyone does.
48 matches
Mail list logo