Re: Article on passwords in Wired News
also sprach Peter Gutmann <[EMAIL PROTECTED]> [2004.06.03.1014 +0200]: > One-time passwords (TANs) was another thing I covered in the "Why > isn't the Internet secure yet, dammit!" talk I mentioned here > a few days ago. From talking to assorted (non-European) banks, > I haven't been able to find any that are planning to introduce > these in the foreseeable future. I've also been unable to get any > credible explanation as to why not, as far as I can tell it's > "We're not hurting enough yet". Maybe it's just a cultural thing, > certainly among European banks it seems to be a normal part of > allowing customers online access to banking facilities. While these are definitely nice, I am not particularly pleased. For one, they are only "what you have", and not anything else. I love the Swiss system, which is a token card and a reader, locked with a PIN. You go to the web, get a challenge, run it through the reader after inserting the card and entering the pin, then it spits out the response, which you enter, and you're in... Simple, efficient, secure. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "you raise the blade, you make the change you rearrange me till i'm sane. you lock the door, and throw away the key, there's someone in my head but it's not me." -- pink floyd, 1972 signature.asc Description: Digital signature
Re: Yahoo releases internet standard draft for using DNS as public key server
also sprach Russell Nelson <[EMAIL PROTECTED]> [2004.05.30.0515 +0200]: > > - The infrastructure is not there. Two standards compete for > > email cryptography, and both need an infrastructure to back > > them up. > > Two standards? DomainKeys and what else? I meant PGP and S/MIME But there's DomainKeys and CAs I guess... including those CAs inserted into web of trusts. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "... alle sätze der logik sagen aber dasselbe. nämlich nichts." -- wittgenstein signature.asc Description: Digital signature
Re: Yahoo releases internet standard draft for using DNS as public key server
also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]: > It's "industry support". We know what it means: multiple, > conflicting approaches, slow, fragmented adoption --> will not > work. It would be better if the solution does NOT need industry > support at all, only user support. It should use what is already > available. While I fundamentally agree, a user-side approach will not work for two reasons, at least: - The technology is too complex to be grasped. users may be able to select encryption in their GUI, but they fail to understand the consequences. This is especially problematic on the receiver side, because no standard user knows how to handle a BAD SIGNATURE alert. - The infrastructure is not there. Two standards compete for email cryptography, and both need an infrastructure to back them up. Unless the governments do not settle on one standard and provide the necessary infrastructure, such as signing keycards or pocket devices capable of stream en/decryption, encryption is not going to be standard. If everyone and their mother is supposed to use cryptography, then the two points need to be addressed. And unless everyone (and their mother) uses cryptography consistently, email is not going to be safe. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! the unix philosophy basically involves giving you enough rope to hang yourself. and then some more, just to be sure. signature.asc Description: Digital signature
A-B-a-b encryption
it came up lately in a discussion, and I couldn't put a name to it: a means to use symmetric crypto without exchanging keys: - Alice encrypts M with key A and sends it to Bob - Bob encrypts A(M) with key B and sends it to Alice - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob - Bob decrypts B(M) with key B leaving him with M. Are there algorithms for this already? What's the scheme called? I searched Schneier (non-extensively) but couldn't find a reference. Thanks, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! time wounds all heels. -- groucho marx pgp0.pgp Description: PGP signature
Fwd: New PGP Universal beta: PGP and S/MIME
fyi - Forwarded message from Lucky Green <[EMAIL PROTECTED]> - Cpunks, I spent the last few months working at PGP on a nifty new solution to an old problem: how to get email encryption deployed more widely without requiring user education. Since ideas for solving this problem have been discussed on this mailing list for over 10 years now, some of you might wish to take a peek at the solution that we came up with. The public beta of PGP Universal 1.1 is now yours to download for free from http://www.pgp.com/products/beta1.1.html One of the many interesting features of our approach is the ability to secure all users of a mail server, without the users needing to understand what encryption is or does, no need for MUA-specific plugins, interchangeable use of PGP keys or S/MIME, and much more. And yes, you can still keep your 4096-bit RSA key on your PC only. I am using PGP Universal myself. It is really cool. Note that the download of PGP Universal is 322MB in size and requires a dedicated x86 server to install. Have fun, --Lucky Green <[EMAIL PROTECTED]> - End forwarded message - -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "der beruf ist eine schutzwehr, hinter welche man sich erlaubterweise zurückziehen kann, wenn bedenken und sorgen allgemeiner art einen anfallen." - friedrich nietzsche pgp0.pgp Description: PGP signature
Re: Now Is the Time to Finally Kill Spam - A Call to Action
also sprach R. A. Hettinga <[EMAIL PROTECTED]> [2003.10.13.0639 +0200]: > The time to stop this nonsense is now, and there's a non-governmental, > low-cost, low-effort way it could happen. Here's my plan of action, it's > not original to me but I want to lay it out publicly as a battle plan: Of course the plan is good, and I am all for it. But it won't be carried in less than 10 years. I am much in favour of Graham's "fight back" approach, which is to simply "visit" webpage URLs in all emails automatically. This will drown spammer websites in requests and should make spam a lot less worthy. Who has been working with this system already? Are there reference implementations? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "oh what a tangled web we weave, when first we practice to deceive." -- shakespeare pgp0.pgp Description: PGP signature
Re: Reliance on Microsoft called risk to U.S. security
also sprach Ian Grigg <[EMAIL PROTECTED]> [2003.09.25.2253 +0200]: > > "I wouldn't put all of the blame on Microsoft," Schneier said, > > "the problem is the monoculture." > > On the face of it, this is being too kind and not striking at the > core of Microsoft's insecure OS. For example, viruses are almost > totally a Microsoft game, simply because most other systems aren't > that vulnerable. Yes and no. First, I think that viruses will surface were e.g. Linux to take top position, albeit they may have to employ totally new paradigms to subvert the more advanced security architecture of UNIX. But I believe Schneier is right for the following reason: Microsoft is a monopolist who, despite enjoying bad press for the past four years, is managing to keep its sales going up each quarter. If you are in business, what do you care for? The steep sales curve, or the quality of your product? As long as Microsoft has the monopoly on the desktop, as long as new computers come with Windows per default, and as long as people stop complaining and actually take action against the crap that Redmond ships by switching to other systems in bulk, Microsoft has no reason to invest any money in a code rework. > So, in the market for server platform OSs, is there any view as to > which are more secure, and whether that insecurity can be traced > to the OS? The defacement archive[1] has some statistics. But don't let yourself be fooled as one should not forget that while Windows usually comes with one web-, one mail-, one DNS server, there are like 27 and up in each category for UNIX. So theoretically, when comparing those categories, you need to include a factor of 27. 1. http://defaced.alldas.org/ -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "women love us for our defects. if we have enough of them, they will forgive us everything, even our gigantic intellects." -- oscar wilde pgp0.pgp Description: PGP signature
Re: quantum hype
Again, replying to all. also sprach John S. Denker <[EMAIL PROTECTED]> [2003.09.19.0038 +0200]: > Other key-exchange methods such as DH are comparably > incapable of solving the DoS problem. So why bring up > the issue? For one, I can un-DoS with QC at any point in time. This may be relevant for certain attacks. Second, if I have a strong key exchange protocol, you cannot DoS me because I can choose other media. If all I can use is QC because of its "features", you can DoS me easily. > If you can _prove_ DH is secure, please let us know immediately. I was drunk last night, but I swear I was able to prove it ;^> > If you have a consistent theory of physics that repeals the > uncertainty principle, please let us know immediately. Yeah, solved that in my dream last night. (also ;^>) also sprach Dave Howe <[EMAIL PROTECTED]> [2003.09.19.1416 +0200]: > QC is a hype-only technology - it relies on a unbroken line > impervious to MitM, and there ain't no such beast. I think this may well be the conclusion up to now... > > Has anyone *proven* that there is no way to read > > a quantum bit without altering it? > no. its the "underlieing hard problem" for QC. If there is > a solution to any of the Hard Problems, nobody knows about them. right, so it's no better than the arguable hard problem of factoring a 2048 bit number. > cryptography is 90% paranoia - you *have* enemies, and don't know > about them. wrong. i don't consider those that shouldn't know about some things to be my enemies. i know that crypto is useful when someone actively seeks information. but if i want my girlfriend not to see those mails i send to this other chick (i have no girlfriend btw), i encrypt them and guard against the risk that i leave the window open when she comes home and she accidentally hits enter to read that email. i also don't consider an ISP an enemy who does network-related maintenance and happens to read into my data stream. heck, maybe the guy is even interested and reads along for his pleasure. he's not an enemy. but using crypto will still prevent this. i guess it's a matter of definition, so let's just leave it there. > evesdropping *destroys* the data by removing 50% of the photons > almost at random. that is the quantum bit of the process - only > a single photon is sent, so it can only be processed (read) by one > host; reading the photon destroys its value, and the random > element ensures it is incorrectly read 50% of the time. Now this makes a lot more sense. Somehow I thought that QC simply flipped the bit. But then nature isn't binary, neither is physics, so I was just dumb. > I admit to not entirely following the logic behind Quantum > Cryptography You seem to have a lot more of a grasp than I. Anyhow, we are deviating here and there from the topic. So let me summarise: - QC, if correctly used, can serve as the basis for OTP encryption. - The provable security of QC thus actually comes from OTP. - QC needs an unbroken channel. The channel does not have to be private because an observer destroys photons, which can be detected. - This observer could DoS the communication, but that's akin to cutting the land-line. - Actually, no, because if I don't rely on QC but have other means, I can switch to another medium if someone cuts my landline. There were other points, but I concentrated on the technical ones and hope I left none out. Btw: is this list archived? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "if beethoven's seventh symphony is not by some means abridged, it will soon fall into disuse." -- philip hale, boston music critic, 1837 pgp0.pgp Description: PGP signature
Re: quantum hype
also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2003.09.19.1115 +0200]: > The sender sends RANDOM BITS to the receiver. Those that don't get > eavesdropped can then be concatenated at both ends to produce an > identical string of random bits. Since this is known to both > endpoint parties, and not to the eavesdropper, it can be used as > a session key for symmetric encryption. So it is not true that you > have "lost data" by being eavesdropped. You've only lost random > bits, not real data. Does reading a quantum bit destroy the bit or simply flip it? If the latter, how then can you find out when a bit got read? > No physical theory is _EVER_ "proven", only "corroborated by > observational evidence". Quantum theory is consistently > corroborated by observational evidence. For comparison, Newton's > theory of gravity was never "proven", but it matched (almost) all > observational evidence. But Newton gets more wrong the faster you go. So it's not F = m.a, that theory was only a good approximation, nothing more. > We _can_ make this statement about Heisenberg's uncertainty > principle. Sure we can. But I don't accept an argument that QC is bettern than asymmetric crypto because the second is based on assumption, when the first is just as well based on assumption. Fact is, MagiQ is wrong in claiming theoretical security. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "arguments are extremely vulgar, for everyone in good society holds exactly the same opinion." -- oscar wilde pgp0.pgp Description: PGP signature
Re: quantum hype
It took me a while. I would herewith like to reply to all posts on this I received so far: also sprach John S. Denker <[EMAIL PROTECTED]> [2003.09.13.2343 +0200]: > *) In each block, Mallory has a 50/50 chance of being able to > copy a bit without being detected. This is what I don't buy. If Mallory sees the data, it must be detected, because otherwise the approach is flawed. But in any case does Mallory have the means to completely DoS any attempt of communication between the parties, simply by reading along, unless there is a dedicated channel between Alice and Bob. In which case, why is there a need for quantum cryptography in the first place? > There is only one chance in 2^-C that Mallory knows this bit. One chance in 2^C, otherwise it would be deadly, no? But in any case, Reasonable keysized DH exchanges give me the same security with a lot more flexibility, and a lot less chance for DoS. I still don't buy it. > The foregoing assumed an error-free channel. Things get much > worse if the good guys need to do error correction. ... which is almost always required. > Not true. The signal is continually checked for tampering; no > assumption need be made. How can you check for tampering without reading the data off the channel? Checksums? > > if we want end-to-end security, one can't stick classical > > routers or other such equipment in the middle of the connection > > between you and I. > > That's true. A classical router is indistinguishable from a tap. The same argument holds as above, why do I need QC then if I have a dedicated channel anyhow? Sending asymmetrically encrypted data over something like the plain old telephone system strikes me as being more secure than sending these data over the Internet, and that should hold for any encryption used. Unless QC is applicable to the Internet (which it won't be, as far as I can tell), I don't see any use beyond marketing hype. Sure, DH and similar approaches are based on mathematical assumptions and are not secure, just incredibly hard to crack. But just as I can choose a larger C for QC to diminish Mallory's chance of decoding enough data to be able to make sense of the message without being detected, I can choose a keysize of 16k if the application calls for it. DH has been scrutinised and is, to current knowledge, a theoretically secure algorithm. Or am I mistaken? also sprach David Wagner <[EMAIL PROTECTED]> [2003.09.13.2343 +0200]: > I believe the following is an accurate characterization: > Quantum provides confidentiality (protection against eavesdropping), > but only if you've already established authenticity (protection > against man-in-the-middle attacks) some other way. > Tell me if I got anything wrong. I don't think this is wrong, but I still don't see how QC guards against eavesdropping. No, wrong, I see how a key exchange with QC can make it very difficult to eavesdrop the key (more difficult than DH?), but I do render the communication susceptible to complete DoS, and I don't really gain security, IMHO. also sprach John S. Denker <[EMAIL PROTECTED]> [2003.09.14.0102 +0200]: > That means you can establish a confidential but > anonymous tunnel, and then send authentication > messages through the tunnel. But the tunnel is only confidential as long as it isn't being eavesdropped. As soon as someone eavesdrops it, I may be able to find out, but I have already lost data to unwanted eyes. And if I thus choose to end communication due to the risk of disclosing more, the DoS worked. I hope I am not annoying anyone while continually banging on this. I just have not been convinced of the other side of this argument. also sprach David Wagner <[EMAIL PROTECTED]> [2003.09.14.0018 +0200]: > One could reasonably ask how often it is in practice that we have > a physical channel whose authenticity we trust, but where > eavesdropping is a threat. I don't know. How much of a threat really exists in a channel encrypted with e.g. Blowfish, 256bit keys, perfect forward secrecy, and a session key lifetime of 30 minutes??? also sprach Arnold G. Reinhold <[EMAIL PROTECTED]> [2003.09.14.0536 +0200]: > The 160 GB hard drive has a couple of advantages over quantum key > exchange: And a disadvantage: disk corruption, which may render your channel temporarily inaccessible. Also, once someone gets hold of the data on the disk, everyone can read along. It's the same problem of all symmetric algorithms, enhanced by the fact that the key data is stored on a medium other than a human neural network (which to date is only readable by one person) also sprach David Wagner <[EMAIL PROTECTED]> [2003.09.14.1954 +0200]: > Well, I agree. If we get to use complexity-based crypto that is > not proven secure, like AES, RSA, or the like, then we can do much > better than quantum crypto. The only real attraction of quantum > crypto that I can see is that its security does not rely on > unproven complexity-theoretic conjectures. Has anyone
Re: quantum hype
also sprach David Wagner <[EMAIL PROTECTED]> [2003.09.13.2306 +0200]: > You're absolutely right. Quantum cryptography *assumes* that you > have an authentic, untamperable channel between sender and > receiver. The standard quantum key-exchange protocols are only > applicable when there is some other mechanism guaranteeing that > the guy at the other end of the fibre optic cable is the guy you > wanted to talk to, and that noone else can splice into the middle > of the cable and mount a MITM attack. Uh, so if I have a channel of that sort, why don't I send cleartext? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! "the public is wonderfully tolerant. it forgives everything except genius." -- oscar wilde pgp0.pgp Description: PGP signature
quantum hype
Dear Cryptoexperts, With http://www.magiqtech.com/press/navajounveiled.pdf and the general hype about quantum cryptography, I am bugged by a question that I can't really solve. I understand the quantum theory and how it makes it impossible for two parties to read the same stream. However, what I don't understand is how that adds to security. The main problem I have with understanding the technology is in the fact that any observation of the quantum stream is immediately detectable -- but at the recipient's side, and only if checksums are being employed, which are not disturbed by continual or sporadic photon flips. So MagiQ and others claim that the technology is theoretically unbreakable. How so? If I have 20 bytes of data to send, and someone reads the photon stream before the recipient, that someone will have access to the 20 bytes before the recipient can look at the 20 bytes, decide they have been "tampered" with, and alert the sender. So I use symmetric encryption and quantum cryptography for the key exchange... the same situation here. Maybe the recipient will be able to tell the sender about the junk it receives, but Mallory already has read some of the text being ciphered. In addition to that, the MITM attack seems to be pertinent, unless I use public-key encryption and authentication. But then I am back to cryptography whose strength is based on intractability and not on a proof. And now I fail to see why quantum crypto is hyped so much. Maybe I am completely misguided, but I would really appreciate some explanation or even pointers. Or someone wants to spend a couple of minutes to explain the process of theoretically unbreakable quantum cryptography step-by-step. Note: I am reading MagiQ's press release with the subtract-marketing-b/s grain of salt. Of course, their technology is superior to everything. However, most of my information and the food for my questions stem from the more scientific side, having read about it in articles in renowned magazines and mailing list posts. Thanks, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! joan of arc heard voices too. pgp0.pgp Description: PGP signature
Re: Voltage - Identity Based Encryption.
also sprach C. Wegrzyn <[EMAIL PROTECTED]> [2003.07.08.2324 +0200]: > This is the same approach used in the Authentica system but it is > deployed in an enterprise environment. Sure, but this doesn't make it any more secure. I only know very little about Authentica, but it also doesn't strike my fancy. Private keys are private, period. There got to be other ways to make PK cryptography easier. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! "die menschen drängen sich zum lichte, nicht um besser zu sehen, sondern um besser zu glänzen." - friedrich nietzsche pgp0.pgp Description: PGP signature
Re: Voltage - Identity Based Encryption.
also sprach Hack Hawk <[EMAIL PROTECTED]> [2003.07.08.0154 +0200]: > So what they're saying is that your PRIVATE key is stored on > a server somewhere on the Internet?!?! I believe it says it is generated upon initial request, but this is about as bad. I fully agree with you, this sounds fishy. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! "i never travel without my diary. one should always have something sensational to read on the train." -- oscar wilde pgp0.pgp Description: PGP signature
Re: pubkeys for p and g
also sprach Arnold G. Reinhold <[EMAIL PROTECTED]> [2003.06.29.0424 +0200]: > >I am not sure I understand. How does this relate to my question? > > > >Where does the other factor come from? > > I got the impression, and maybe I misunderstood, that you were > viewing a product of two primes aA, where a was the private part= and > A was the public part. That is not how RSA works. The produce aA is > the public key. Either factor can be the private part. Oh, I get it. No, that was my bad. aA and bB are simply the private/Public keypairs for A and B. Yeah, yeah, I know. Algebra is always haunting me... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! "our destiny exercises its influence over us even when, as yet, we have not learned its nature; it is our future that lays down the law of our today." - friedrich nietzsche pgp0.pgp Description: PGP signature
Re: pubkeys for p and g
also sprach Nomen Nescio <[EMAIL PROTECTED]> [2003.06.27.2230 +0200]: > Do you have a reference to what exactly Check Point says about this? > Maybe you are misunderstanding or misinterpreting them. If you could > quote it here verbatim (or provide a link if it is online) we might be > able to understand their claim better. It would be wise to make sure > it is not a simple misunderstanding before you put something critical > about them in your book. Of course, that's why I am here. Problem is that my co-author has seen it and I haven't found it. He's on vacation at the moment, so we won't know until next week. I did check the FP3 Mgmt II Student and Instructor Notes, but no reference there. He says it's in the slides, but I don't have Powerpoint here and OpenOffice is a little bitchy about them. Let's suspend this until I know more. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! i need not suffer in silence while i can still moan, whimper and complain. pgp0.pgp Description: PGP signature
Re: pubkeys for p and g
> I'm not certain I understand your questions, but here are some > answers (I think). To clear this up: I am well aware how DH works, and what the mathematical properties of p and g are and have to be. My point was that some commercial vendors (Check Point and others) claim, that if two partners want to perform a DH key exchange, they may use their two public keys for g and p. This, in effect, would mean that g and p were not globally known, but that the public keys are used in their place. I am well aware that p and g are globally known as defined in the chosen DH Group. However, I am wondering how Check Point (and others) can claim that public keys may well be used in place, thereby invalidating the need for a globally constant p and g pair. These public keys are independent of the public keys exchanged as part of DH, which are simply calculated by the g^x mod p formula of DH, from the private keys. Thus every communication party would have a key pair, aA and bB, where the capital letter is the public key. Then, the following happens: let g = A and p = B let A' = g^a mod p and B' = g^b mod p = A^a mod B= A^b mod B and off you go, doing DH with g = A, p = B, and the keypairs aA' and bB' on either side. This would, in my opinion, only be possible if: - there would be a rule to decide which public key is p and which is g. - all public keys (RSA in this case) are primes. - all public keys are good generators mod p. We are writing a book and simply want to have some backup. I am almost sure that Check Point is bullshitting (wouldn't be the first time), so unless anyone has actually heard of this possibility, I am going to write this down and influence a thousand people, basically claiming that Check Point is wrong. Does it make sense now? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! experience is what causes a person to make new mistakes instead of old ones. pgp0.pgp Description: PGP signature
DH: pubkeys for p and g
The Check Point Firewall-1 Docs insist, that the public keys be used for p and g for the Oakley key exchange. I ask you: is this possible? - which of the two pubkeys will be p, which g? - are they both always primes? - are they both always suitable generators mod p? It just seems to me that Check Point isn't entirely sure themselves here. I'd appreciate a short cleanup... To my knowledge, g and p are globally defined, either in DH Groups (which are nothing but pre-defined g's and p's, right?), or otherwise set constant. Am I wrong about this? Thanks. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! "one should never do anything that one cannot talk about after dinner." -- oscar wilde pgp0.pgp Description: PGP signature
authentication and ESP
As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in: RFC 2406: 2.7 Authentication Data The Authentication Data is a variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication Data. The length of the field is specified by the authentication function selected. The Authentication Data field is optional, and is included only if the authentication service has been selected for the SA in question. The authentication algorithm specification MUST specify the length of the ICV and the comparison rules and processing steps for validation. To my knowledge, IPsec implementations use AH for "signing" though. Why do we need AH, or why is it preferred? Thanks for your clarification! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! XP is NT with eXtra Problems. pgp0.pgp Description: PGP signature
Re: The meat with multiple PGP subkeys
also sprach David Shaw <[EMAIL PROTECTED]> [2003.06.18.0240 +0200]: > The problem is that the PKS keyserver was not written to handle keys > with multiple subkeys. [snip] Thanks for the explanation. I didn't know about subkeys.pgp.net yet. Moreover, I second the belief that the keyservers must be fixed as they are really harming the PGP infrastructure. I support Jason's work: http://keyserver.kjsl.com/~jharris/keyserver.html and am already talking the wwwkeys.ch.pgp.net people into upgrading. Maybe everybody can pick a keyserver of their choice and sit on the admin's face until s/he gets it... ? Let's riot! Can someone tell me why the heck SKS is written in Ocaml? What an annoyance is that? No offence to the Ocaml people here... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey "there is more stupidity than hydrogen in the universe, and it has a longer shelf life." -- frank zappa pgp0.pgp Description: PGP signature
The meat with multiple PGP subkeys
My key, 220BC883330C4A75, has multiple encryption subkeys, and it's about to get another one on Friday, as my current encryption key expires. A lot of people are reporting that they cannot encrypt to me, due to an unusable public key. It only seems to work if they use modern software and obtain my key from keyserver.kjsl.com:11371 or the various URLs where it sits. I am already working with keyserver maintainers to get their keyservers up to par, but before this can be completed, I feel that I need to get an exact understanding of what's going on. Could someone help me clean up this understanding? - What is the problem with multiple subkeys? - Are they in accordance with the RFC (2440)? - Are others experiencing these problems, and how do you deal with them? - Is there a solution in the works? - If not, has anyone already thought about how to solve this mess? Thanks, and I hope this is appropriate for this list. Take care, -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey "wickedness is a myth invented by good people to account for the curious attraction of others." -- oscar wilde pgp0.pgp Description: PGP signature
Re: Wildcard Certs
also sprach Stefan Kelm <[EMAIL PROTECTED]> [2003.06.16.1652 +0200]: > Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm > the owner of that domain). I could then set up an SSL server with a > hostname of something like > > www.security-products.microsoft.com.order.registration.checkout.user- > support.i-am-bad.com > > hoping that the browser will only display the more familiar looking parts > of the URL to the user who in turn will happily accept the certificate. I could also just buy a certificate with that name. While it is an interesting point, I do not see how wildcard certificates make this possible, or enhance it. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey before he died, rabbi zusya said: "in the world to come they will not ask me, 'why were you not moses?' they will ask me, 'why were you not zusya?'" pgp0.pgp Description: PGP signature
Wildcard Certs
I just ran across http://certs.centurywebdesign.co.uk/premiumssl-wildcard.html but there are many more sites like that: Secure multiple websites with a single PremiumSSL Certificate. For organisations hosting a single domain name but with different subdomains (e.g. secure.centurywebdesign.co.uk, www.centurywebdesign.co.uk, signup.centurywebdesign.co.uk), the wildcard Certificate is a cost effective and efficient means of securing all subdomains without the need to manage multiple certificates. All the features, compatibility and warranty of PremiumSSL included. This strikes me as notoriously bad, although it is in accordance with the RFC. I still don't want to accept the usefulness and inherent security, so I'd like to get some expert opinions on this. Are wildcard certficates good? secure? useful? Would you employ them? If not, how would you solve the problem they are trying to address (if you don't have your own CA)? Thanks! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey "a scientist once wrote that all truth passes through three stages: first it is ridiculed, then violently opposed and eventually, accepted as self-evident." -- schopenhauer pgp0.pgp Description: PGP signature
Re: The real problem that https has conspicuously failed to fix
also sprach James A. Donald <[EMAIL PROTECTED]> [2003.06.08.2243 +0200]: > (When you hit the submit button, guess what happens) How many people actually read dialog boxes before hitting Yes or OK? I know you do, and most of us, but who's the majority? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey "my experience is that as soon as people are old enough to know better, they don't know anything at all." -- oscar wilde pgp0.pgp Description: PGP signature
