Re: Session Fixation Vulnerability in Web Based Apps

2003-06-13 Thread tom st denis

--- James A. Donald [EMAIL PROTECTED] wrote:
 --
 On 12 Jun 2003 at 16:25, Steve Schear wrote: 
 http://www.acros.si/papers/session_fixation.pdf
 
 Wow.
 
 This flaw is massive, and the biggest villain is the server
 side code created for Apache.

You really lack some fundamental understanding.

https uses a secure private link to create a private http session.  It
has NOTHING todo with authentication nor identity.

For example, when you first login to say yahoo [for email] you're on
https.  Even before yahoo knows who you are.  Think of a verbal
handshake in the get smart cone of silence..

The fact that people randomly give away *their* secrets doesn't mean
the system is flawed.  It means the people are ignorant.

Tom

__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Keyservers and Spam

2003-06-13 Thread Pat Farrell
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory.  In practice, as long as the PGP web of trust
The thing that strikes me is that the PGP web of trust idea is appropriate 
for very close-knit communities, where reputations matter and people 
mostly know one another.  A key signed by Carl Ellison or Jon Callas 
actually means something to me, because I know those people.  But 
transitive trust is just always a slippery and unsatisfactory sort of thing--
I may have missed it, but I thought that the web-o-trust model of PGP has
generally been dismissed by the crypto community
precisely because trust is not transitive.
Similarly, the tree structured, hierarchical trust model has failed,
we currently have a one level, not very trusted model with Verisign
or Thawte or yourself at the top.
I know from discussions with some of the SPKI folks that encouraging
self defined trust trees was one of the goals.
Of course, if the size of the tree is small enough, you can just
use shared secrets.
Pat

Pat Farrell [EMAIL PROTECTED]
http://www.pfarrell.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Keyservers and Spam

2003-06-13 Thread Bill Frantz
At 2:35 PM -0700 6/13/03, Pat Farrell wrote:
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory.  In practice, as long as the PGP web of trust

The thing that strikes me is that the PGP web of trust idea is appropriate
for very close-knit communities, where reputations matter and people
mostly know one another.  A key signed by Carl Ellison or Jon Callas
actually means something to me, because I know those people.  But
transitive trust is just always a slippery and unsatisfactory sort of thing--

I may have missed it, but I thought that the web-o-trust model of PGP has
generally been dismissed by the crypto community
precisely because trust is not transitive.

Similarly, the tree structured, hierarchical trust model has failed,
we currently have a one level, not very trusted model with Verisign
or Thawte or yourself at the top.

I know from discussions with some of the SPKI folks that encouraging
self defined trust trees was one of the goals.

Of course, if the size of the tree is small enough, you can just
use shared secrets.

The HighFire project at Cryptorights
http://www.cryptorights.org/research/highfire/ is planning on building a
web of trust rooted in the NGOs who will be using the system.  Each NGO
will have a signing key.  A NGO will sign the keys of the people working
for it.  In this manner, we have way of saying, The John Jones who works
for Amnesty International.  A NGO may decide to sign another NGO's signing
key.  Now we have a way to say to someone in Amnesty, Send a message to
Steve Smith in Médecins Sans Frontières.  The plan is to show the trust
relationship in the UI as a path of keys.

I would appreciate your comments.

Cheers - Bill


-
Bill Frantz   | A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave.
[EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Keyservers and Spam

2003-06-13 Thread Anne Lynn Wheeler
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
The thing that strikes me is that the PGP web of trust idea is appropriate 
for very close-knit communities, where reputations matter and people 
mostly know one another.  A key signed by Carl Ellison or Jon Callas 
actually means something to me, because I know those people.  But 
transitive trust is just always a slippery and unsatisfactory sort of 
thing--the fact that Jon Callas trusts Fred Smith trusts John Jones to 
sign a key doesn' t really tell me whether or not I should trust him--by 
the time we're about three hops away, you'd have to be God to know enough 
to have your signature mean anything.
PGP  or other similar account-based mechanisms provide trust between 
parties that have established relationship  on a purely pair-wise, 
bilaterial basis.  It does allow some direct trust operations to diffuse 
out to other parties. It isn't so much a close-knit community  it is 
how far every specific entities's trust operation diffuse out across other 
individuals.

If the entity is called a certification authority  and it provides an 
online service ... then the diffusing of specific trust operation might 
propogate out to a wide community. The issue of course is what trust 
attributes are propagating/diffusing and the diligence that the entity used 
in establishing the information to be trusted.

If the entity is called a certification authority, and it manufactures 
certificates (basically stale, static copies of some CA internal account 
record) then those certificates will presumably contains some information 
that is bound to the public key ... where there is some degree of 
confidence (aka trust) with regard to the binding between the information 
and the public key.

One issue is what meaning is there between having absolute certainty 
between something like an email address and a public key. Let's say it is 
an email address. Typically, email addresses at random are meaningless to 
me unless they are part of some specific context  like somebody I have 
an established relationship with. However, if I have an established 
relationship with the entity, then it is back to the PGP scenario.  In a 
broad context, businesses run on established relationships; aka financial 
institutions.  The whole existing payment infrastructure effectively has 
the PGP scenario without needing certificates, and not exactly being 
considered a very close-knit community.

The primary difference between a financial institution actiing as an entity 
in a PGP web-of-trust paradigm (say payment cards, credit, debit, etc) and 
individual  is the typical scope of the reputation of the financial 
institution is larger than an individual, and therefor the 
propagation/diffusing of trust is likely to have a much further reach. To a 
larger degree ... the trust radius of an entity is somewhat independent of 
whether it is operating in the PGP manner w/o certificates or in 
certificate paradigm.

The primary difference in the certificate paradigm is not the scope of the 
entity's trust  it is the design point of delivering the trust. The 
certificate paradigm of trust delivery was targeted at an offline 
environment for relying parties that had no previous relationship (and had 
no online and/or direct recourse to the trust entity.

The payment card industry established a certificateless nearly world-wide 
scope of trust, in part by providing an extensive online network.

The certificate-based design point was to be able to provide an 
infrastructure for propogating trust between relying parties that had no 
previous relationship, were unlikely to need future relationship, and had 
no online or direct recourse to the trust enttity.
--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: SDSI/SPKI background

2003-06-13 Thread Carl Ellison
At 12:00 PM 6/13/2003 +0200, Stefan Mink wrote:

Hi Carl,

On Wed, Jun 11, 2003 at 09:56:12PM -0700, Carl Ellison wrote:
 There's one draft that should have gone on to RFC, but people were
 using it from the draft instead.  It's my fault that we left it at
 that stage and didn't publish the RFC.  That's still on my list of
 things to do :-)  It seems that other work kept getting in the
 way. 

I guess its the draft about the certificate structure?

There were two: the certificate structure draft and the examples
draft.  But, you're right, it's the certificate structure that we
used from the draft without waiting for the RFC.


 stand-alone product like PGP.  It's a tool to be used within other
 products.  It's also almost exclusively for a closed authorization
 infrastructure, rather than an open naming infrastructure.  In
 fact, 

Is there a special reason why the authorisation system can't or
shouldn't be open here? Most systems and services are distributed
and are developed independently, so an open standard would be
reasonable here too, wouldn't it?

Of course, you're correct.  If we knew we were using all the same
language rather than local dialects, we might have some common tools
that people would be encouraged to write: e.g., a certificate viewer,
a certificate path discovery service, ...


 under SPKI/SDSI thinking, a global naming instructure is not a
 proper use of one's time and energy.  This is doubtless why the
 PKI Vendors react with hostility toward SPKI/SDSI.

agreed :)

 Yes.  Check out KeyNote and PolicyMaker.  There are links to those
 from my web page.

I couldn't access the latter one but found a copy on citeseer

You can't access my SPKI web page?

http://theworld.com/~cme/html/spki.html

It works for me.

 Of course, you don't have to use certificates for authorization. 
 You can bind an authorization to a key in a protected database (a
 key-based ACL, in SPKI/SDSI terminology).  Samples of that are SSH
 and X9.59.

sure, but I like the idea of storing the privileges independent of
the service instance; of course there are drawbacks (revocation)...

I owe a paper on this.  I've been looking into this heavily for a
couple of years.  See my section on the CAP Theorem on the SPKI web
page.  Since everything we do with certificates can be done equally
with local protected memory (ACLs, Directories) or with services out
on the net (holding their own protected memory), you have to have a
reason to choose one over the other at design time.  Network
partition tolerance is one of those reasons, but you have to
sacrifice either consistency or availability when you do that.  There
is also an advantage in revocation with the two ACL models (local
ACL; networked service) since there are no freely copied certificates
in use.  However, you're not home free.

We're not designing systems that have only computers connected by
communications channels.  Our systems perforce include human beings
(e.g., as policy administrators).  It is a human being who decides to
do a revocation.  That human doesn't live in the local machine
granting access.  Even if she did live right next door, she would
soon quit if every access request required her personal interaction. 
So, when you draw the network to include all those humans, you
still have network partition problems and still have the possibility
of a revocation problem.



 We went on to use it in products and research.

 We were and are a group of developers and researchers, not
 standards writers.  Standards writing is fundamentally boring.

:)

Thanks 
   tschuess
 Stefan Mink
--
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974  DC3F 7A1B CF62
F0D4 D2BA  

BTW, Stefan, my mailer throws up on Mutt messages.  I need to get a
new mailer for this machine - but can Mutt send signed messages in
the old fashioned in-line style?

 - Carl



++
|Carl Ellison  Intel R  D   E: [EMAIL PROTECTED] |
|2111 NE 25th AveT: +1-503-264-2900  |
|Hillsboro OR 97124  F: +1-503-264-3375  |
|PGP Key ID: 0xFE5AF240  |
|  1FDB 2770 08D7 8540 E157  AAB4 CC6A 0466 FE5A F240|
++

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]