Re: Kaminsky finds DNS exploit
Udhay Shankar N wrote, On 9/7/08 5:52 PM: I think Dan Kaminsky is on this list. Any other tidbits you can add prior to Black Hat? He's posted a quite long article on his blog http://www.doxpara.com/?p=1162 that looks like all the details he is likely to provide for the next 30 days. It does seem to address the speculation on this list about how the patch relates to stuff that has been known for years, Dan Bernstein's code, who knew what when, etc. -- sidney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Explaining DNSSEC
I was asked off-list for a pointer to an explanation of DNSSEC. I guess there may be other readers who'd like that, so here's a pointer to Matasano Chargen's rather beautiful exposition: http://www.matasano.com/log/case-against-dnssec/ Unfinished, but good enough. In particular, part 2 explains DNSSEC http://www.matasano.com/log/772/a-case-against-dnssec-count-2-too-complicated-to-deploy/ Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Dutch chipmaker sues to silence security researchers
Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world. More at: http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1 saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kaminsky finds DNS exploit
* Paul Hoffman: The take-away here is not that Dan didn't discover the problem, but Dan got it fixed. I haven't seen credible claims that the underlying issue can actually be fixed in the classic DNS protocol. There are workarounds on top of workarounds. A real fix requires more or less incompatible protocol changes, and at that point, it might be easier to deploy DNSSEC instead. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how bad is IPETEE?
At Thu, 10 Jul 2008 18:10:27 +0200, Eugen Leitl wrote: In case somebody missed it, http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE) I'm not sure what the status of http://postel.org/anonsec/ is, the mailing list traffic dried up a while back. This is the first I have heard of this. That said, some initial observations: - It's worth asking why, if you're doing per-connection keying, it makes sense to do this at the IP layer rather than the TCP/UDP layer. - Why not simply use TLS or DTLS? - The uh, novel nature of the cryptographic mechanisms is pretty scary. Salsa-20? AES-CBC with implicit IV? A completely new cryptographic handshake? Why not use IPsec? - A related idea was proposed a while back (by Lars Eggert, I believe). See S 6.2.3.1 of: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tcp-auth-arch.txt -Ekr - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Dutch chipmaker sues to silence security researchers
Ali, Saqib wrote: Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world. Ah, more 3 monkeys syndrome? If a flaw exists but nobody knows about the details, it no longer exists? If we don't publish the evidence about the Earth being round, then it will stay flat, right? Perhaps NXP merely wants to secure the job continuity of sys admins, compliance, and security people, do you think? Given that those in charge rarely listen in any case, perhaps they are trying to promote stress related health problems in a secret conspiracy with doctors. ;- Best, Allen - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how bad is IPETEE?
On Thu, Jul 10, 2008 at 06:10:27PM +0200, Eugen Leitl wrote: In case somebody missed it, http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE) I did miss it. Thanks for the link. I don't think in-band key exchange is desirable here, but, you never know what will triumph in the marketplace. I'm not sure what the status of http://postel.org/anonsec/ is, the mailing list traffic dried up a while back. Connection latching, which is the BTNS WG equivalent of 'IPETEE', but much simpler, is in the IESG's hands now. Nico -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how bad is IPETEE?
Eugen == Eugen Leitl [EMAIL PROTECTED] writes: Eugen I'm not sure what the status of http://postel.org/anonsec/ The IETF just created a new list and subscribed all anonsec subscribers: https://www.ietf.org/mailman/listinfo/btns -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP: 1024D/ED7DAEA6 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Permanent Privacy - Are Snake Oil Patents a threat?
On Wed, 2008-07-09 at 13:02 +1200, David G. Koontz wrote: I did a quick check to look for patent applications or patents by them and didn't find any. This isn't definitive if a patent application isn't published. The newest published patent application I found on encryption had an application date of 11 Dec 2007. Some recently published patent applications are 6 or 7 years old, too. This is the patent you're searching for: Secure encryption system, device and method - Patent 20060193472 -- Brecht Wyseur Katholieke Universiteit Leuven tel. +32 16 32 17 21 Dept. Electrical Engineering-ESAT / COSIC fax. +32 16 32 19 69 Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, BELGIUM office 01.53 [EMAIL PROTECTED] http://homes.esat.kuleuven.be/~bwyseur P=NP if (P=0 or N=1) GPG Pub key: https://homes.esat.kuleuven.be/~bwyseur/pubkey GPG Fingerprint: 890C 7C0B F1D9 597E F205 87C8 B716 D7D3 20F8 353F Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]