Lynne or Anne,

At 10:30 AM 6/22/2007 -0600, Anne & Lynn Wheeler wrote:
A secure Internet requires a secure network protocol
http://www.infoworld.com/article/07/06/22/25OPsecadvise_1.html


Actually I think we need a shadow Internet that is used only for security purposes (and is fully encrypted). It is sort of like the old SS7 signaling infrastructure of the phone network. It doesn't need the same bandwidth, maybe 1/1000 or 1/10,000 as much. It would use strictly cryptographic protocols for identity & authentication and key management, etc..


one of the things seen in various of the SSL (authentication) vulnerabilities

SSL seems to be hanging by a thread, mainly the name to public key mapping
depends on how thorough the checking is done in to SSL vs application layers
inside of the web browser. If this is hosed then unrestricted MITM is in the cards
sometime in the near future.

- Alex

--

Alex Alten
[EMAIL PROTECTED]



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to