If you are insisting that there is always
a way and that, therefore, the situation is
permanently hopeless such that the smart
ones are getting the hell out of the
Internet, I can go with that, but then
we (you and I) would both be guilty of
letting the best be the enemy of the good.
A
On 06/27/05 00:28, Dan Kaminsky wrote:
... there exists an acceptable solution that
keeps PC's with persistent stores secure. A bootable CD from a bank is
an unexpectedly compelling option
Even more compelling is:
-- obtain laptop hardware from a trusted source
-- obtain software from a
On 6/26/05, Dan Kaminsky [EMAIL PROTECTED] wrote:
It is not necessary though that there exists an acceptable solution that
keeps PC's with persistent stores secure. A bootable CD from a bank is
an unexpectedly compelling option, as are the sort of services we're
going to see coming out of all
What do you tell people to do?
commercial_message
Defense in depth, as always. As an officer at
Verdasys, data-offload is something we block
by simply installing rules like Only these
two trusted applications can initiate outbound
HTTP where the word trusted means checksummed
and the choice of
Dan--
I had something much more complicated, but it comes down to.
You trust Internet Explorer.
Spyware considers Internet Explorer crunchy, and good with ketchup.
Any questions?
A little less snarkily, Spyware can trivially use what MS refers to
as a Browser Helper Object
Dan Kaminsky writes:
| Dan--
|
| I had something much more complicated, but it comes down to.
|
| You trust Internet Explorer.
| Spyware considers Internet Explorer crunchy, and good with ketchup.
| Any questions?
|
| A little less snarkily, Spyware can trivially use
A highly aspirated but otherwise normal watcher of black helicopters asked:
Any idea if this is true?
(WockerWocker, Wed Jun 22 12:07:31 2005)
http://c0x2.de/lol/lol.html
Beats me. But what it if it was true. What's your advice to
clients?
iang
--
Advances in Financial Cryptography,
Allan Liska wrote:
3. Use an on-screen keyboard.
For extra points, try Dasher.
http://www.inference.phy.cam.ac.uk/dasher/
--
ApacheCon Europe http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can
Tom Weinstein wrote:
The economic view might be a reasonable view for an end-user to take,
but it's not a good one for a protocol designer. The protocol designer
doesn't have an economic model for how end-users will end up using the
protocol, and it's dangerous to assume one. This is
Perry E. Metzger [EMAIL PROTECTED] writes:
TLS is just a pretty straightforward well analyzed protocol for protecting a
channel -- full stop. It can be used in a wide variety of ways, for a wide
variety of apps. It happens to allow you to use X.509 certs, but if you
really hate X.509, define an
- Original Message -
From: Tom Otvos [EMAIL PROTECTED]
As far as I can glean, the general consensus in WYTM is that MITM attacks
are very low (read:
inconsequential) probability.
I'm not certain this was the consensus.
We should look at the scenarios in which this is possible
Internet groups starts anit-hacker initiative
http://www.computerweekly.com/articles/article.asp?liArticleID=125823liArti
cleTypeID=1liCategoryID=2liChannelID=22liFlavourID=1sSearch=nPage=1
one of the threats discussed in the above is the domain name ip-address
take-over mentioned previously
At 07:11 PM 10/22/03 -0400, Perry E. Metzger wrote:
Indeed. Imagine if we waited until airplanes exploded regularly to
design them so they would not explode, or if we had designed our first
suspension bridges by putting up some randomly selected amount of
cabling and seeing if the bridge
I'm not sure how you come to that conclusion. Simply
use TLS with self-signed certs. Save the cost of the
cert, and save the cost of the re-evaluation.
If we could do that on a widespread basis, then it
would be worth going to the next step, which is caching
the self-signed certs, and
Thor Lancelot Simon wrote:
Can you please posit an *exact* situation in which a man-in-the-middle
could steal the client's credit card number even in the presence of a
valid server certificate?
Sure. If I can assume you're talking about SSL/https as it is
typically used in ecommerce today,
I read the WYTM thread with great interest because it dovetailed nicely with some
research I am
currently involved in. But I would like to branch this topic onto something specific,
to see what
everyone here thinks.
As far as I can glean, the general consensus in WYTM is that MITM attacks
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM attacks are very
low (read:
inconsequential) probability. Is this *really* true?
The frequency of MITM attacks is very low, in the sense
that there are few or no reported occurrences. This
makes
So what purpose would client certificates address? Almost all of the use
of SSL domain name certs is to hide a credit card number when a consumer
is buying something. There is no requirement for the merchant to
identify and/or authenticate the client the payment infrastructure
On 10/22/2003 04:33 PM, Ian Grigg wrote:
The frequency of MITM attacks is very low, in the sense that there
are few or no reported occurrences.
We have a disagreement about the facts on this point.
See below for details.
This makes it a challenge to
respond to in any measured way.
We have a
At 05:08 PM 10/22/2003 -0400, Tom Otvos wrote:
The CC number is clearly not hidden if there is a MITM. I think the I
got my money so who cares
where it came from argument is not entirely a fair
representation. Someone ends up paying for
abuses, even if it is us in CC fees, otherwise why
Nobody doubts that it can occur, and that it *can*
occur in practice. It is whether it *does* occur
that is where the problem lies.
Or, whether it gets reported if it does occur.
The question is one of costs and benefits - how much
should we spend to defend against this attack? How
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM
attacks are very low (read:
inconsequential) probability. Is this *really* true?
I'm not aware of any such consensus.
I suspect you'd get plenty of debate on this point.
But in any case, widespread exploitation
Ian Grigg [EMAIL PROTECTED] writes:
Nobody doubts that it can occur, and that it *can*
occur in practice. It is whether it *does* occur
that is where the problem lies.
The question is one of costs and benefits - how much
should we spend to defend against this attack? How
much do we save
On Wed, Oct 22, 2003 at 05:08:32PM -0400, Tom Otvos wrote:
So what purpose would client certificates address? Almost all of the use
of SSL domain name certs is to hide a credit card number when a consumer
is buying something. There is no requirement for the merchant to
identify and/or
[EMAIL PROTECTED] (David Wagner) writes:
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM
attacks are very low (read:
inconsequential) probability. Is this *really* true?
I'm not aware of any such consensus.
I will state that MITM attacks are hardly
Tom Weinstein wrote:
Ian Grigg wrote:
Nobody doubts that it can occur, and that it *can* occur in practice.
It is whether it *does* occur that is where the problem lies.
This sort of statement bothers me.
In threat analysis, you have to base your assessment on capabilities,
not
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the benefits.
The cost of MITM
At 05:42 PM 10/22/2003 -0400, Tom Otvos wrote:
Absolutely true. If the only effect of a MITM is loss of privacy, then
that is certainly a
lower-priority item to fix than some quick cash scheme. So the threat
model needs to clearly
define who the bad guys are, and what their motivations are.
Ian Grigg wrote:
Tom Weinstein wrote:
In threat analysis, you have to base your assessment on capabilities,
not intentions. If an attack is possible, then you must guard against
it. It doesn't matter if you think potential attackers don't intend to
attack you that way, because you really don't
Perry E. Metzger wrote:
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
The cost of MITM protection is, in practice, zero.
Not true! The cost is from 10 million dollars to
100 million dollars per annum. Those certs cost
money, Perry!
They cost nothing at all. I use certs every day that I've
On Tue, 21 Oct 2003 15:02:14 +1300, Peter Gutmann said:
Are there any known servers online that offer X.509 (or PGP) mechanisms in
their handshake? Both ssh.com and VanDyke are commercial offerings so it's
not possible to look at the source code to see what they do, and I'm not sure
Joel N.
Thor Lancelot Simon [EMAIL PROTECTED] writes:
I believe the VanDyke implementation also supports X.509, and interoperates
with the ssh.com code. It was also my perception that, at the time, the
VanDyke guy was basically shouted down when trying to discuss the utility of
X.509 for this purpose
On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote:
What was the motive for adding lip service into the document?
So that it's possible to claim PGP and X.509 support if anyone's interested in
it. It's (I guess) something driven mostly by marketing so you can answer
Yes to any question of Do
Damien Miller [EMAIL PROTECTED] writes:
The SSH protocol supports certificates (X.509 and OpenPGP), though most
implementations don't.
One of the reason why many implementations may not support it is that the spec
is completely ambiguous as to the data formats being used. For example it
On 10/16/2003 07:19 PM, David Honig wrote:
it would make sense for the original vendor website (eg Palm)
to have signed the MITM site's cert (palmorder.modusmedia.com),
not for Verisign to do so. Even better, for Mastercard to have signed
both Palm and palmorder.modusmedia.com as well. And
On Fri, 2003-10-17 at 00:58, John S. Denker wrote:
Tangentially-related point about credentials:
In a previous thread the point was made that
anonymous or pseudonymous credentials can only
say positive things. That is, I cannot discredit
you by giving you a discredential. You'll just
Jon Snader wrote:
On Mon, Oct 13, 2003 at 06:49:30PM -0400, Ian Grigg wrote:
Yet others say to be sure we are talking
to the merchant. Sorry, that's not a good
answer either because in my email box today
there are about 10 different attacks on the
secure sites that I care about. And
Hopefully everyone realizes this, but just for the record, I didn't write the
lines apparently attributed to me below -- I was quoting Bruce Schneier.
By the way, I strongly agree with David Honig's point that the wrong entities
are doing the signing.
Regards,
Bryce O'Whielacronx
David
Eric Rescorla wrote:
Ian Grigg [EMAIL PROTECTED] writes:
I'm sorry, but, yes, I do find great difficulty
in not dismissing it. Indeed being other than
dismissive about it!
Cryptography is a special product, it may
appear to be working, but that isn't really
good enough.
As many have decried in recent threads, it all
comes down the WYTM - What's Your Threat Model.
It's hard to come up with anything more important
in crypto. It's the starting point for ... every-
thing. This seems increasingly evident because we
haven't successfully reverse-engineered the threat
Minor errata:
Eric Rescorla wrote:
I totally agree that the systems are
insecure (obligatory pitch for my Internet is Too
Secure Already) http://www.rtfm.com/TooSecure.pdf,
I found this link had moved to here;
http://www.rtfm.com/TooSecure-usenix.pdf
which makes some of the same
At 12:28 AM 10/13/2003, Ian Grigg wrote:
Problem is, it's also wrong. The end systems
are not secure, and the comms in the middle is
actually remarkably safe.
I think this is an interesting, insightful analysis, but I also think it's
drawing a stronger contrast between the real world and the
Eric,
thanks for your reply!
My point is strictly limited to something
approximating there was no threat model
for SSL / secure browsing. And, as you
say, you don't really disagree with that
100% :-)
With that in mind, I think we agree on this:
[9] I'd love to hear the inside scoop, but
44 matches
Mail list logo
