On Jul 26, 2010, at 10:22 PM, Chris Palmer wrote:
Perry E. Metzger writes:
All major browsers already trust CAs that have virtually no security to
speak of,
...and trust any of those CAs on any (TCP) connection in the (web app)
session. Even if your first connection was authenticated by
Wow, I was just going to recommend Dan's book, Security Metrics.
It is actually Andy Jaquith's book, I only wrote the intro.
In the meantime, though, couple of years ago I did a tutorial
on security metrics which you may find useful
http://geer.tinho.net/measuringsecurity.tutorial.pdf
Paul Tiemann writes:
I like the idea of SSL pinning, but could it be improved if statistics
were kept long-term (how many times I've visited this site and how many
times it's had certificate X, but today it has certificate Y from a
different issuer and certificate X wasn't even near its
Ben Laurie b...@links.org writes:
On 24/07/2010 18:55, Peter Gutmann wrote:
- PKI dogma doesn't even consider availability issues but expects the
straightforward execution of the condition problem - revoke cert. For a
situation like this, particularly if the cert was used to sign 64-bit
On 28/07/2010 01:07, Paul Tiemann wrote:
There is a long list of flyblown metaphors which could similarly be
got rid of if enough people would interest themselves in the job; and
it should also be possible to laugh the not un- formation out of
existence*...
*One can cure oneself of the not
On 28/07/2010 00:14, Paul Tiemann wrote:
On Jul 27, 2010, at 3:34 PM, Ben Laurie wrote:
On 24/07/2010 18:55, Peter Gutmann wrote:
- PKI dogma doesn't even consider availability issues but expects the
straightforward execution of the condition problem - revoke cert. For a
situation like
On 28/07/2010 09:57, Peter Gutmann wrote:
Ben Laurie b...@links.org writes:
On 24/07/2010 18:55, Peter Gutmann wrote:
- PKI dogma doesn't even consider availability issues but expects the
straightforward execution of the condition problem - revoke cert. For
a
situation like this,
On Jul 27, 2010, at 5:34 PM, Ben Laurie wrote:
On 24/07/2010 18:55, Peter Gutmann wrote:
- PKI dogma doesn't even consider availability issues but expects the
straightforward execution of the condition problem - revoke cert. For a
situation like this, particularly if the cert was used to
Anyone out there with a coding.clue wanna poke inside this thing and see if
it's an actual bearer certificate -- and not yet another book-entry --
transaction system?
Thanks.
Cheers,
RAH
Who sees lucre down there in the mousetype and takes heart...
Begin forwarded message:
From: Fellow
Ben Laurie b...@links.org writes:
I find your response strange. You ask how we might fix the problems, then you
respond that since the world doesn't work that way right now, the fixes won't
work. Is this just an exercise in one-upmanship? You know more ways the world
is broken than I do?
It's
On 28/07/2010 13:18, Peter Gutmann wrote:
Ben Laurie b...@links.org writes:
I find your response strange. You ask how we might fix the problems, then
you
respond that since the world doesn't work that way right now, the fixes
won't
work. Is this just an exercise in one-upmanship? You
On Tue, Jul 27, 2010 at 10:10:54PM -0600, Paul Tiemann wrote:
I like the idea of SSL pinning, but could it be improved if statistics
were kept long-term (how many times I've visited this site and how
many times it's had certificate X, but today it has certificate Y from
a different issuer and
On Wed, Jul 28, 2010 at 01:21:33PM +0100, Ben Laurie wrote:
On 28/07/2010 13:18, Peter Gutmann wrote:
Ben Laurie b...@links.org writes:
I find your response strange. You ask how we might fix the problems, then
you
respond that since the world doesn't work that way right now, the
On Jul 28, 2010, at 8:21 33AM, Ben Laurie wrote:
On 28/07/2010 13:18, Peter Gutmann wrote:
Ben Laurie b...@links.org writes:
I find your response strange. You ask how we might fix the problems, then
you
respond that since the world doesn't work that way right now, the fixes
won't
On 07/28/2010 12:10 AM, Paul Tiemann wrote:
I like the idea of SSL pinning, but could it be improved if statistics were
kept long-term (how many times I've visited this site and how many times it's
had certificate X, but today it has certificate Y from a different issuer and
certificate X
On Wed, 28 Jul 2010 11:38:17 +0100 Ben Laurie b...@links.org wrote:
On 28/07/2010 09:57, Peter Gutmann wrote:
In any case though the whole thing is really a moot point given
the sucking void that is revocation-handling, the Realtek
certificate was revoked on the 16th but one of my spies has
Peter,
In any case though the whole thing is really a moot point given the sucking
void that is revocation-handling, the Realtek certificate was revoked on the
16th but one of my spies has informed me that as of yesterday it was still
regarded as valid by Windows.
I can confirm that, at
Steven Bellovin s...@cs.columbia.edu writes:
For the last issue, I'd note that using pki instead of PKI (i.e., many
different per-realm roots, authorization certificates rather than identity
certificates, etc.) doesn't help: Realtek et al. still have no better way or
better incentive to revoke
Paul Tiemann paul.tiemann.use...@gmail.com writes:
I like the idea of SSL pinning, but could it be improved if statistics were
kept long-term (how many times I've visited this site and how many times it's
had certificate X, but today it has certificate Y from a different issuer and
certificate
On 28/07/2010 14:05, Perry E. Metzger wrote:
It is not always the case that a dead technology has failed because of
infeasibility or inapplicability. I'd say that a number of fine
technologies have failed for other reasons. However, at some point, it
becomes incumbent upon the proponents of a
On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie b...@links.org wrote:
On 28/07/2010 14:05, Perry E. Metzger wrote:
It is not always the case that a dead technology has failed
because of infeasibility or inapplicability. I'd say that a
number of fine technologies have failed for other reasons.
On 28 July 2010 15:05, Perry E. Metzger pe...@piermont.com wrote:
On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie b...@links.org wrote:
On 28/07/2010 14:05, Perry E. Metzger wrote:
It is not always the case that a dead technology has failed
because of infeasibility or inapplicability. I'd say
On Wed, Jul 28, 2010 at 10:05:22AM -0400, Perry E. Metzger wrote:
PKI was invented by Loren Kohnfelder for his bachelor's degree thesis
at MIT. It was certainly a fine undergraduate paper, but I think we
should forget about it, the way we forget about most undergraduate
papers.
PKI alone is
On 07/28/2010 10:05 AM, Perry E. Metzger wrote:
I will point out that many security systems, like Kerberos, DNSSEC and
SSH, appear to get along with no conventional notion of revocation at all.
long ago and far away ... one of the tasks we had was to periodically go by project athena to audit
Perry,
I think public key cryptography is a wonderful thing. I'm just not
sure I believe at all in PKI -- that is, persistent certification via
certificates, certificate revocation, etc.
I'm sure you remember Peter Honeyman's PK-no-I talk from
the '99 USENIX Security Symposium? :-)
Cheers,
On 28/07/2010 15:18, Peter Gutmann wrote:
Ben Laurie b...@links.org writes:
However, using private keys to prove that you are (probably) dealing with
the
same entity as yesterday seems like a useful thing to do. And still needs
revocation.
It depends on what you mean by revocation,
On Wed, Jul 28, 2010 at 08:48:14AM -0400, Steven Bellovin wrote:
There seem to be at least three different questions here: bad code
(i.e., that Windows doesn't check the revocation status properly),
the UI issue, and the conceptual question of what should replace the
current PKI+{CRL,OCSP}
On Wed, Jul 28, 2010 at 03:16:32PM +0100, Ben Laurie wrote:
Maybe it doesn't, but no revocation mechanism at all makes me nervous.
I don't know Kerberos well enough to comment.
DNSSEC doesn't have revocation but replaces it with very short
signature lifetimes (i.e. you don't revoke, you
On Wed, 28 Jul 2010 15:16:32 +0100 Ben Laurie b...@google.com wrote:
On 28 July 2010 15:05, Perry E. Metzger pe...@piermont.com wrote:
On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie b...@links.org wrote:
And still needs revocation.
Does it?
I will point out that many security
On Tue, 27 Jul 2010, Jack Lloyd suggested:
http://www.crashie.com/ - if you're feeling malicious, just include
the one line JavaScript that will make IE6 crash, maybe eventually the
user will figure it out. (Or maybe not).
Please stop and think about the consequences before using something
On Wed, Jul 28, 2010 at 10:42:43AM -0400, Anne Lynn Wheeler wrote:
On 07/28/2010 10:05 AM, Perry E. Metzger wrote:
I will point out that many security systems, like Kerberos, DNSSEC and
SSH, appear to get along with no conventional notion of revocation at all.
long ago and far away ... one
On 28/07/2010 16:01, Perry E. Metzger wrote:
On Wed, 28 Jul 2010 15:16:32 +0100 Ben Laurie b...@google.com wrote:
SSH does appear to have got away without revocation, though the
nature of the system is s.t. if I really wanted to revoke I could
almost always contact the users and tell them in
On Wed, 28 Jul 2010 09:30:22 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
On Wed, Jul 28, 2010 at 10:05:22AM -0400, Perry E. Metzger wrote:
PKI was invented by Loren Kohnfelder for his bachelor's degree
thesis at MIT. It was certainly a fine undergraduate paper, but I
think we
On Wed, Jul 28, 2010 at 11:04:30AM -0400, Jonathan Thornburg wrote:
On Tue, 27 Jul 2010, Jack Lloyd suggested:
http://www.crashie.com/ - if you're feeling malicious, just include
the one line JavaScript that will make IE6 crash, maybe eventually the
user will figure it out. (Or maybe not).
On Wed, Jul 28, 2010 at 11:13:36AM -0400, Perry E. Metzger wrote:
On Wed, 28 Jul 2010 09:30:22 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
I have no objections to infrastructure -- bridges, the Internet,
and electrical transmission lines all seem like good ideas. However,
lets
On 07/28/2010 11:05 AM, Nicolas Williams wrote:
Are you arguing for Kerberos for Internet-scale deployment? Or simply
for PKI with rp-only certs and OCSP? Or other federated
authentication mechanism? Or all of the above? :)
as i've mentioned ... the relying-party-only certificates are
On Jul 28, 2010, at 8:56 AM, Patrick Chkoreff wrote:
Yeah, it does blinding.
Cool.
Thanks.
Cheers,
RAH
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Nicolas Williams nicolas.willi...@oracle.com writes:
Exactly. OCSP can work in that manner. CRLs cannot.
OCSP only appears to work in that manner. Since OCSP was designed to be 100%
bug-compatible with CRLs, it's really an OCQP (online CRL query protocol) and
not an OCSP. Specifically, if
On Wed, 28 Jul 2010 10:50:52 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
On Wed, Jul 28, 2010 at 11:38:28AM -0400, Perry E. Metzger wrote:
On Wed, 28 Jul 2010 09:57:21 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
OCSP Responses are much like a PKI equivalent of
Nicolas Williams nicolas.willi...@oracle.com writes:
Sorry, but this is wrong. The OCSP protocol itself really is an online
certificate status protocol.
It's not an online certificate status protocol because it can provide neither
a yes or a no response to a query about the validity of a
On Jul 27, 2010, at 10:58 PM, d...@geer.org wrote:
Wow, I was just going to recommend Dan's book, Security Metrics.
It is actually Andy Jaquith's book, I only wrote the intro.
Ouch, I'm sorry for the mistake! (I knew I remembered your name in connection
with the book, but it's on my
On Wed, 28 Jul 2010 11:23:16 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
On Wed, Jul 28, 2010 at 11:20:51AM -0500, Nicolas Williams wrote:
On Wed, Jul 28, 2010 at 12:18:56PM -0400, Perry E. Metzger wrote:
Again, I understand that in a technological sense, in an ideal
world,
On 07/28/2010 12:02 PM, Nicolas Williams wrote:
Sorry, but this is wrong. The OCSP protocol itself really is an online
certificate status protocol. Responder implementations may well be
based on checking CRLs, but they aren't required to be.
Don't be confused by the fact that OCSP borrows
On Thu, Jul 29, 2010 at 04:23:52AM +1200, Peter Gutmann wrote:
Nicolas Williams nicolas.willi...@oracle.com writes:
Sorry, but this is wrong. The OCSP protocol itself really is an online
certificate status protocol.
It's not an online certificate status protocol because it can provide
On Wed, Jul 28, 2010 at 12:18:56PM -0400, Perry E. Metzger wrote:
Again, I understand that in a technological sense, in an ideal world,
they would be equivalent. However, the big difference, again, is that
you can't run Kerberos with no KDC, but you can run a PKI without an
OCSP server. The
On Wed, 28 Jul 2010 11:20:52 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
On Wed, Jul 28, 2010 at 12:18:56PM -0400, Perry E. Metzger wrote:
Again, I understand that in a technological sense, in an ideal
world, they would be equivalent. However, the big difference,
again, is
On Wed, Jul 28, 2010 at 01:25:21PM -0400, Perry E. Metzger wrote:
My mother relies on many certificates. Can she make a decision on
whether or not her browser uses OCSP for all its transactions?
I mention this only because your language here is quite sticky.
Saying it is up to the relying
On Wed, 28 Jul 2010 12:38:10 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
Again, if everything is too hard, why do we bother even talking
about any of this? ETOOHARD cannot usefully be a retort to every
suggestion.
Well, not everything is too hard. In fact, one of the important
On Wed, Jul 28, 2010 at 02:41:35PM -0400, Perry E. Metzger wrote:
On the other edge of the spectrum, many people now use quite secure
protocols (though I won't claim the full systems are secure --
implementation bugs are ubiquitous) for handling things like remote
login and file transfer,
On Wed, Jul 28, 2010 at 5:51 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Nicolas Williams nicolas.willi...@oracle.com writes:
Exactly. OCSP can work in that manner. CRLs cannot.
OCSP only appears to work in that manner. Since OCSP was designed to be 100%
bug-compatible with CRLs,
On Jul 28, 2010, at 9:51 AM, Peter Gutmann wrote:
Nicolas Williams nicolas.willi...@oracle.com writes:
Exactly. OCSP can work in that manner. CRLs cannot.
OCSP only appears to work in that manner. Since OCSP was designed to be 100%
bug-compatible with CRLs, it's really an OCQP (online
On Wed, 28 Jul 2010 14:40:14 -0600 Paul Tiemann
paul.tiemann.use...@gmail.com wrote:
On Jul 28, 2010, at 11:25 AM, Perry E. Metzger wrote:
On Wed, 28 Jul 2010 11:20:52 -0500 Nicolas Williams
nicolas.willi...@oracle.com wrote:
On Wed, Jul 28, 2010 at 12:18:56PM -0400, Perry E. Metzger
52 matches
Mail list logo