Fourth Announcement for ECC 2003

2003-06-15 Thread R. A. Hettinga

--- begin forwarded text


Status:  U
Date: Fri, 13 Jun 2003 18:05:10 -0400 (EDT)
From: ECC 2003 [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Fourth Announcement for ECC 2003

-
THE 7TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2003)

University of Waterloo, Waterloo, Ontario, Canada

August 11, 12  13 2003

FOURTH ANNOUNCEMENT   June 13, 2003

*
*
NOTES:

1) Please make your hotel bookings as soon as possible. The cutoff 
   date for room bookings at the Waterloo Inn is June 29, and the 
   cutoff date for room bookings at the Comfort Inn is July 7. 
   The Waterloo Inn is sold out for the night of August 9.

2) The last lecture at ECC 2003 will end at 3:00 pm on Wednesday
   (Aug 13). This will give participants sufficient time to catch
   flights scheduled to leave Toronto after 7:00 pm. There are hourly
   flights from Toronto to Ottawa for those who wish to attend   
   SAC 2003.

3) If you would like to be removed from this mailing list please
   reply with a brief note. You will promptly be removed from the list.
*
*


ECC 2003 is the seventh in a series of annual workshops dedicated 
to the study of elliptic curve cryptography and related areas. 
The main themes of ECC 2003 will be:
- The discrete logarithm problem.
- Efficient parameter generation and point counting.  
- Provably secure cryptographic protocols. 
- Efficient software and hardware implementation. 
- Side-channel attacks.
- Deployment of elliptic curve cryptography.

It is hoped that the meeting will continue to encourage and 
stimulate further research on the security and implementation 
of elliptic curve cryptosystems and related areas, and encourage 
collaboration between mathematicians, computer scientists and 
engineers in the academic, industry and government sectors.

Attendees of ECC 2003 might also wish to attend SAC 2003 
(Ottawa, Aug 14-15) and CRYPTO 2003 (Santa Barbara, Aug 17-21).
The last lecture at ECC 2003 will end at 3:00 pm on Wednesday 
(Aug 13). This will give participants sufficient time to catch 
flights scheduled to leave Toronto after 7:00 pm. There are hourly 
flights from Toronto to Ottawa.


SPONSORS: 
  Certicom Corp. 
  MITACS 
  Motorola
  University of Essen  
  University of Waterloo


ORGANIZERS: 
  Gerhard Frey(University of Essen)
  Darrel Hankerson(Auburn University)  
  Alfred Menezes  (University of Waterloo)
  Christof Paar   (Ruhr-Universitat Bochum)
  Edlyn Teske (University of Waterloo) 
  Scott Vanstone  (University of Waterloo)


SPEAKERS:
  Hans Dobbertin  (Ruhr-Universitat Bochum, Germany)
  Florian Hess(University of Bristol, UK)
  Hugo Krawczyk   (Technion, Israel, and IBM Research, USA)
  Tanja Lange (Ruhr-Universitat Bochum, Germany)
  Reynald Lercier (Centre d'Electronique de L'Armement, France)
  Ben Lynn(Stanford University, USA)
  William Martin  (National Security Agency, USA)
  Christof Paar   (Ruhr-Universitat Bochum, Germany)
  John Proos  (University of Waterloo, Canada)
  Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium)
  Pankaj Rohatgi  (IBM Research, USA)
  Victor Shoup(New York University, USA)
  Jerome A. Solinas   (National Security Agency, USA)
  Edlyn Teske (University of Waterloo, Canada)
  Nicolas Theriault   (University of Toronto, Canada) 
  Eran Tromer (Weizmann Institute of Science, Israel) 


CONFERENCE PROGRAMME:

There will be 15-16 invited lectures (and no contributed talks), 
with the remaining time used for informal discussions. There will 
be both survey lectures as well as lectures on latest research 
developments. All lectures will be held on the campus of the 
University of Waterloo. Here is a tentative list of lecture titles:

Hans Dobbertin  
To be announced
Florian Hess
The GHS attack revisited
Hugo Krawczyk   
Design and analysis of authenticated Diffie-Hellman protocols
Tanja Lange 
Efficient arithmetic on (hyper-)elliptic curves over finite fields
Reynald Lercier 
Algorithmic aspects of Mestre's p-adic point counting ideas
Ben Lynn
Applications of bilinear maps
William Martin  
To be announced
Christof Paar   
Hyperelliptic curve cryptosystems for embedded applications
John Proos  
Security in the presents of decryption failures
Jean-Jacques Quisquater 
2 or 3 side-channels for ECC
Pankaj Rohatgi  

Re: An attack on paypal

2003-06-15 Thread Matthew Byng-Maddick
On Fri, Jun 13, 2003 at 04:32:12PM -0700, Bill Stewart wrote:
 An e-gold-specific or paypal-specific client can tell,
 because it can remember that it's trying to see the real thing,
 but the browser can't tell, except by bugging you about
 Hi, this is a new site that's giving us a new cert placebo box.

Don't knock this warning, it might be enough of an indication to the user
that something is not quite right. But I've logged into e-gold before,
and it never said this It certainly should be. In most browsers,
though, there isn't even that, by default, at least, IMLE.

MBM

-- 
Matthew Byng-Maddick [EMAIL PROTECTED]   http://colondot.net/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Keyservers and Spam

2003-06-15 Thread David Honig
At 03:41 PM 6/13/03 -0700, Bill Frantz wrote:

The HighFire project at Cryptorights
http://www.cryptorights.org/research/highfire/ is planning on building a
web of trust rooted in the NGOs who will be using the system.  Each NGO
will have a signing key.  A NGO will sign the keys of the people working
for it.  In this manner, we have way of saying, The John Jones who works
for Amnesty International.  A NGO may decide to sign another NGO's signing
key.  Now we have a way to say to someone in Amnesty, Send a message to
Steve Smith in Médecins Sans Frontières.  The plan is to show the trust
relationship in the UI as a path of keys.

I would appreciate your comments.

Threat model: NGO_Alice is compromised and signs GESTAPO key, leading
to NGO_Bob's demise.

Possible counters: 

NGO_Alice's NGO key is a split key, so 1 person needs
be rubber hosed.  I don't know if PGP supports this, I don't think so.

Short key expirations, in the limit trusted for just 1 day.  Already
possible, just document this.



Also, how do you counter the GESTAPO from seeing queries to the 
key servers?   It might be enough to jail anyone making such an
inquiry.  Possible solutions would include having the keyserver
perform some innocuous function, and use SSL for all connections
to it.  Also SSL proxying and stego of course.









-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Session Fixation Vulnerability in Web Based Apps

2003-06-15 Thread James A. Donald
--
On 14 Jun 2003 at 19:07, Rich Salz wrote:
 When I've done login and state management, it's all 
 maintained on the server side.  It's completely independant 
 of SSL sessions -- that's transport, has no place in 
 application -- just like it's completely independant of 
 HTTP/1.1 session management.  A logout page isn't the same as 
 Connection: close :)

 The only thing in the cookie is an opaque identifer.  It's 
 purely random bytes (for which OPenSSL's RANDbytes() is 
 useful),

Which is fine provided your code, rather than the framework
code provided the cookie, and provided you generated the cookie
in response to a valid login, as Ben Laurie does..   The 
framework, however, generally provides insecure cookies. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 hOTy2gXIGpC8U37+/qzVoX8ytaUtHZWZGueU4kX5
 4GiXuHCpc1B85Pv2WN8p5d7FESFJMHlg5qC2hqlGr


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Session Fixation Vulnerability in Web Based Apps

2003-06-15 Thread Rich Salz
 The framework, however, generally provides insecure cookies.

No I'm confused.  First you said it doesn't make things like the
session-ID available, and I posted a URL to show otherwise.  Now you're
saying it's available but insecure?
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Session Fixation Vulnerability in Web Based Apps

2003-06-15 Thread Ng Pheng Siong
On Sun, Jun 15, 2003 at 11:34:55AM -0700, James A. Donald wrote:
 Which is fine provided your code, rather than the framework
 code provided the cookie, and provided you generated the cookie
 in response to a valid login, as Ben Laurie does..   The 
 framework, however, generally provides insecure cookies. 

Dynamic programming environments like Lisp, Smalltalk and Python allow
the application programmer to replace parts of a framework with other code
easily.

Lisp does it better than Python. Dunno about Java, PHP, whatnot.

Build your applications with a superior programming system.


-- 
Ng Pheng Siong [EMAIL PROTECTED] 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Session Fixation Vulnerability in Web Based Apps

2003-06-15 Thread Adam Back
I think he means higher level frameworks, web programming libraries,
toolkits, and web page builder stuff; not hooks into SSL sessions.
Not to say that a hook into an SSL session is not a good place to get
an application sessions identifier from -- it would be, presuming that
you can't trick a browser into adopting someone else's SSL session.

I wouldn't know one way or the other if these higher level frameworks
fall victim to the session adoption problem as I haven't used them;
but it seems plausible that there might exist some that do.  If this
were the case it would be quite bad as there would presumably be many
users of them who had relied on the security of the high-level
framework.  But I would be suprised if most or many of them did for
similar reasons to the reason people are expressing doubt that many
hand coded login pages would be affected: it seems like generally a
mistake natural login and session managing web programming idioms
would not lend themselves to.

Adam

On Sun, Jun 15, 2003 at 05:52:17PM -0400, Rich Salz wrote:
  The framework, however, generally provides insecure cookies.
 
 No I'm confused.  First you said it doesn't make things like the
 session-ID available, and I posted a URL to show otherwise.  Now you're
 saying it's available but insecure?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]