mailer certificate retrieval via LDAP?
Are there any common mailers -- open source preferred but not mandatory -- that can query LDAP directories to retrieve X.509 certificates for use in S/MIME messages? Evolution and Thunderbird are both able to send S/MIME, but don't seem to have any easy certificate retrieval mechanisms. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: UK Detects Chip-And-PIN Security Flaw
Anne amp; Lynn Wheeler wrote: for even more drift ... a news item from later yesterday UK Detects Chip-And-PIN Security Flaw http://www.cardtechnology.com/article.html?id=20060606I2K75YSX APACS says the security lapse came to light in a recent study of the authentication technology used in the UK's new chip-and-PIN card system. ... snip ... and some comment http://www.garlic.com/~lynn/aadsm23.htm#55 UK Detects Chip-And-PIN Security Flaw not too long after the exploit (from earlier deployments) being documented in 2002 ... it was explained to a group from the ATM industry ... leading somebody in the audience to quip do you mean that they managed to spend a couple billion dollars to prove that chips are less secure than magstripes. the above from discussion on the subject in a different context http://www.garlic.com/~lynn/2006l.html#33 the above reference goes into a little more detail of where the label yes card came for the counterfeit cards used in the SDA exploit. as mentioned in earlier posting in this thread: http://www.garlic.com/~lynn/aadsm23.htm#56 UK Detects Chip-And-PIN Security Flaw part of the aads chip strawman http://www.garlic.com/~lynn/x959.html#aads requirements in the 90s was to be able to do dynamic data authentication with higher security than the DDA chips (using the chippin terminology) with chip that cost less than the SDA chips (and also could meet the contactless transit power and timing profile requirements). the x9a10 working group had already examined replay attack threat models (based on static data authentication) especially in light of the common skimming attacks that being used to harvest magstripes and PINs that were starting to become common at the time. for little more drift, there are assumptions about multi-factor authentication being more secure ... i.e. magstripes and PINs represent different factors. However, skimming attacks appearing by at least the mid-90s where capturing magstripes and PINs as part of the same operation (invalidating a basic multi-factor security assumption). also previously mentioned, x9a10 was specifying transaction authentication as opposed to session-like authentication ... because transaction authentication reduced several kinds of vulnerabilities that were frequently related to session operation (end-point threats, mitm threats, insider threats). there were a number of chippin SDA deployments in the 90s ... a partial reference here: http://www.garlic.com/~lynn/2006l.html#33 ... which had provided opportunities for the yes card type attacks to evolve. by the time of the 2002 article about yes cards ... the article also mentioned that information about building counterfeit yes cards was widely available on the internet. however, the information about yes card kind of attacks (skimming SDA data for replay attacks against terminals) was relatively readily available by 2000. In late fall of 2000, there was a small conference in London with principles of the lloyd's of london syndicates involved in insuring (brick mortar) point-of-sale retail payment fraud discussing numerous threat models and countermeasures. however, a lot of chippin deployments have been by people that are extremely chip centric ... interpreting everything from the context of the produced chips. there were some chippin deployments in 2001 that interpreted the yes card vulnerability from the standpoint that valid cards could do offline transactions. their yes card countermeasure was to produce valid cards that always did online transactions. Some of the chippin aficionados, when various of the yes card details were explained in more details ... tended to have trouble coming to grips with it being an attack on terminals and the rest of the infrastructure ... not attacks on valid chips ... and also thought that the crooks were not playing fair in how they programmed the counterfeit chips. one of the references in the 2002 article was to yes cards never going away. this also was somewhat behind the cited comment from ATM industry in conference not too long after the 2002 article about proving chips are less secure than magstripe. a cornerstone countermeasure to attacks on valid chips (like lost/stolen vulnerabilities) was infrastructure feature that when a card did an online transaction (as opposed to offline), the online infrastructure could instruct the card to self-destruct. the infrastructure allowed valid cards to instruct chippin terminals that they were doing offline transactions ... but valid cards were programmed to sporadically do online transactions. if a valid chip was reported as compromised, the account could be flagged (as happens with all magstripe transactions) and the chip also be scheduled for self-destruct command, the next time it went online. since a counterfeit yes card could be programmed to never go online, flagging an account (as works with magstripe
UK Banks Expected To Move To DDA EMV Cards
UK Banks Expected To Move To DDA EMV Cards http://www.epaynews.com/index.cgi?survey=ref=browsef=viewid=11497625028614136145block= ... from above ... Of the 6.2 billion card transactions in the UK each year, one in five occurs offline, which increases the risk of cloned cards being used at a retailer’s POS terminal. In short, a cloned credit or debit card may go unidentified if a transaction is not sent to a bank for approval. ... snip ... re: http://www.garlic.com/~lynn/aadsm24.htm#1 UK Detects Chip-And-PIN Security Flaw note that the counterfeit yes card attack (from the late 90s) isn't on valid cards programmed to do offline (or online) transactions; the counterfeit yes card attack (built from skimmed SDA data) is on chippin terminals programmed to do what any authenticated card tells it to do (part of the chippin terminal standard): http://www.garlic.com/~lynn/2006l.html#33 the countermeasure to counterfeit yes card attacks on chippin terminals is to program the terminal to ignore what the card tells it to do, and always do an online transcation. this makes chippin deployments subject to the same account flagging countermeasure that has been long used for magstripe cards. The counterfeit yes card exploit always doing offline transactions (making it immune to account flagging countermeasures) was somewhat prompted somebody several years ago to make the comment about spending several billion dollars to prove that chips were less secure than magstripe. part of what had prompted the aads chip strawman effort http://www.garlic.com/~lynn/x959.html#aads in the 90s was the frequent comment about deployments being forced into doing SDA chip deployments because technology cost for DDA chip deployments was too uneconomical. Part of the aads chip strawman was to demonstrate technology doing dynamic data authentication (as countermeasure to skimming, harvesting and replay attacks) at the highest possible integrity ... for less cost than any SDA technology (as well as being able to meet transit contactless power and timing profile requirements). http://www.garlic.com/~lynn/aadsm23.htm#56 UK Detects Chip-And-PIN Security Flaw - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Status of attacks on AES?
On 6/8/06, Steven M. Bellovin [EMAIL PROTECTED] wrote: You say you have a method to evaluate ciphers. Without full details, no one can form their own judgment if it's valid or not. (My proposal clearly isn't valid.) You say you've evaluated AES and other ciphers. Without full details, we don't know if your evaluation is correct. I think they can prove their evaluation without publishing all the details. What they need is just to provide an access to their distinguisher in the form of blackbox. To prove its meaningfulness, the distinguisher must show consistent results in distinguishing AES-encrypted data (say, for a fixed plaintext without repeating blocks on their choice) from random data. Max - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: U. Washington Crypto Course Available Online For Free
Oops, I forgot about Neal! :embarrassed: He's a top-notch mathematician, has a couple of books on crypto (or crypto-related topics) and even wrote a controversial article with Menezes recently that was discussed on this mailing list. But I don't think he teaches a crypto class at UW?! On Tue, Jun 06, 2006 at 09:28:41PM -0700, Andrew Tucker wrote: No cryptographers at UW? I think Neil Koblitz would disagree with that: http://www.math.washington.edu/~koblitz/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: U. Washington Crypto Course Available Online For Free
It is taught by good people, but I find it a bit strange they are all Microsoft employees. This is perhaps because U. Wash doesn't have any cryptographers. I hardly think that you can discount the skills of Josh Beneloh and Brian LaMacchia. Who is discounting? I said they are good people but that they work for Microsoft and not for the University of Washington. That changes in the fall: they hired an excellent young cryptographer named Yoshi Kohno. Damn, I was trying to hire Yoshi... So were we (here at the University of Colorado). So was everyone! :) john// - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: U. Washington Crypto Course Available Online For Free
At 16:29 -0600 2006/06/08, John R. Black wrote: It is taught by good people, but I find it a bit strange they are all Microsoft employees. This is perhaps because U. Wash doesn't have any cryptographers. I hardly think that you can discount the skills of Josh Beneloh and Brian LaMacchia. Who is discounting? I said they are good people but that they work for Microsoft and not for the University of Washington. Yes, my apologies, I misparsed your statement. Greg. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: mailer certificate retrieval via LDAP?
On Thu, Jun 08, 2006 at 02:32:01PM -0400, Steven M. Bellovin wrote: Are there any common mailers -- open source preferred but not mandatory -- that can query LDAP directories to retrieve X.509 certificates for use in S/MIME messages? Evolution and Thunderbird are both able to send S/MIME, but don't seem to have any easy certificate retrieval mechanisms. Thunderbird supports PKCS#11 plugins modules, so all you need is PKCS#11 plugin for LDAP. So question looks like a question about availability of plugins, rather than MUAs... -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: mailer certificate retrieval via LDAP?
You should consider also posting your query to ldap@umich.edu JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
whole load of new RFCs announced yesterday on LDAP and SASL
possibly fastest way of getting sense of all the new rfcs is to go to http://www.garlic.com/~lynn/rfcietff.htm and click on Date in the RFCs listed by section. Clicking on each individual RFC number (in the june section) will bring up that RFC summary in the lower frame. Clicking on the .txt= field will retrieve the actual RFC. another approach is to click on Term (term-RFC#) in the RFCs listed by section and then clikc on either LDAP (or SASL) in the Acronym fastpath. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: mailer certificate retrieval via LDAP?
On Thu, Jun 08, 2006 at 02:32:01PM -0400, Steven M. Bellovin wrote: Are there any common mailers -- open source preferred but not mandatory -- that can query LDAP directories to retrieve X.509 certificates for use in S/MIME messages? Evolution and Thunderbird are both able to send S/MIME, This works for me in a vanilla (well, debian) Thunderbird, using our university LDAP directory (at Dartmouth). The certificates are present under key userCertificate;binary in the LDAP, in base64. Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]