Lynne or Anne,
At 10:30 AM 6/22/2007 -0600, Anne & Lynn Wheeler wrote:
A secure Internet requires a secure network protocol
http://www.infoworld.com/article/07/06/22/25OPsecadvise_1.html
Actually I think we need a shadow Internet that is used only for security
purposes (and is
fully encrypted). It is sort of like the old SS7 signaling infrastructure
of the phone network.
It doesn't need the same bandwidth, maybe 1/1000 or 1/10,000 as much. It
would use
strictly cryptographic protocols for identity & authentication and key
management, etc..
one of the things seen in various of the SSL (authentication) vulnerabilities
SSL seems to be hanging by a thread, mainly the name to public key mapping
depends on how thorough the checking is done in to SSL vs application layers
inside of the web browser. If this is hosed then unrestricted MITM is in
the cards
sometime in the near future.
- Alex
--
Alex Alten
[EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
