Re: anonymous DH MITM

2003-10-02 Thread Ian Grigg
Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Ian Grigg writes: M Taylor wrote: MITM is a real and valid threat, and should be considered. By this motive, ADH is not a recommended mode in TLS, and is also deprecated. Ergo, your threat model must include MITM, and you will

Re: anonymous DH MITM

2003-10-02 Thread bear
On Wed, 1 Oct 2003, Ian Grigg wrote: M Taylor wrote: Stupid question I'm sure, but does TLS's anonymous DH protect against man-in-the-middle attacks? If so, how? I cannot figure out how it would, Ah, there's the rub. ADH does not protect against MITM, as far as I am aware. DH is an open

Re: Reliance on Microsoft called risk to U.S. security

2003-10-02 Thread Barney Wolff
On Wed, Oct 01, 2003 at 07:02:00PM -0700, bear wrote: Heh. You looked at my mail headers, didn't you? Yes, I use pine - primarily *because* of that property. It treats all incoming messages as text rather than live code. A protocol for text (as opposed to live code) requires compliant

Re: Reliance on Microsoft called risk to U.S. security

2003-10-02 Thread lists
From: bear [EMAIL PROTECTED] Heh. You looked at my mail headers, didn't you? Yes, I use pine - primarily *because* of that property. It treats all incoming messages as text rather than live code. BUGTRAQ in the last 3 years lists over 80 mails on pine - including reference to this recently:

Don't kill the messenger (was: Re: Reliance on Microsoft called risk to U.S. security)

2003-10-02 Thread Roy M. Silvernail
On Wednesday 01 October 2003 22:02, bear wrote: No, it is not. You can make a hyperdocument that is completely self-contained and therefore text, but that is not how HTML is normally made. HTML can cause your machine to do things other than display it, and to that extent it is code, not

Re: Monoculture

2003-10-02 Thread Dave Howe
slightly ranting, you might want to hit del now :) Ian Grigg wrote: What is written in these posts (not just the present one) does derive from that viewpoint and although one can quibble about the details, it does look very much from the outside that there is an informal Cryptographers Guild

RE: Monoculture

2003-10-02 Thread Don Davis
perry wrote: We could use more implementations of ssl and of ssh, no question. ...more cleanly implemented and simpler to use versions of existing algorithms and protocols... would be of tremendous utility. jill ramonsky replied: I am very much hoping that you can answer both (a) and (b)

Re: VeriSign tapped to secure Internet voting

2003-10-02 Thread Anton Stiglic
Schu stressed that several layers of security will prevent hackers from accessing the system. VeriSign will house the security servers in its own hosting centers. The company will ask military personnel to use their Common Access Cards--the latest form of ID for the military--to access the

Re: Monoculture

2003-10-02 Thread Dave Howe
Guus Sliepen [EMAIL PROTECTED] wrote: Thor Lancelot Simon wrote: In that case, I don't see why you don't bend your efforts towards producing an open-source implementation of TLS that doesn't suck. We don't want to program another TLS library, we want to create a VPN daemon. And RMS didn't

RE: Monoculture

2003-10-02 Thread Jill Ramonsky
Thanks everyone for the SSL encouragement. I'm going to have a quick re-read of Eric's book over the weekend and then start thinking about what sort of easy to use implementation I could do. I was thinking of doing a C++ implentation with classes and templates and stuff. (By contrast OpenSSL

Speciality film heads meet to respond to MPAA

2003-10-02 Thread R. A. Hettinga
Paul Kocher quote at the bottom... Cheers, RAH --- http://www.hollywoodreporter.com/thr/article_display.jsp?vnu_content_id=1991585 The Hollywood Reporter Oct. 02, 2003 Speciality film heads meet to respond to MPAA By Gregg Kilday The MPAA may have hoped to create a nonproliferation

Re: Reliance on Microsoft called risk to U.S. security

2003-10-02 Thread Jerrold Leichter
| Can be relied on to _only_ deliver text is a valuable and important | piece of functionality, and a capability that has been cut out of too | many protocols with no replacement in sight. While I agree with the sentiment, the text/code distinction doesn't capture what's important. Is HTML

Return of the death of cypherpunks.

2003-10-02 Thread R. A. Hettinga
--- begin forwarded text Status: U From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 1 Oct 2003 23:37:08 -0700 Subject: Return of the death of cypherpunks. Sender: [EMAIL PROTECTED] -- When a mailing list is full of crap, it dies, even though the regulars set

Re: anonymous DH MITM

2003-10-02 Thread Zooko O'Whielacronx
Bear wrote: DH is an open protocol; it doesn't rely on an initial shared secret or a Trusted Authority. There is a simple proof that an open protocol between anonymous parties is _always_ vulnerable to MITM. Put simply, in an anonymous protocol, Alice has no way of knowing whether she

Re: Monoculture

2003-10-02 Thread Thor Lancelot Simon
On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: Thanks everyone for the SSL encouragement. I'm going to have a quick re-read of Eric's book over the weekend and then start thinking about what sort of easy to use implementation I could do. I was thinking of doing a C++

Re: anonymous DH MITM

2003-10-02 Thread Tim Dierks
At 11:50 PM 10/1/2003, Ian Grigg wrote: (AFAIK, self-signed certs in every way dominate ADH in functional terms.) In TLS, AnonDH offers forward secrecy, but there are no RSA certificate modes which do (except for ExportRSA). You can use ephemeral DH key agreement keys with static certified DSA

Re: Monoculture

2003-10-02 Thread Simon Josefsson
Perry E. Metzger [EMAIL PROTECTED] writes: Guus Sliepen [EMAIL PROTECTED] writes: In that case, I don't see why you don't bend your efforts towards producing an open-source implementation of TLS that doesn't suck. We don't want to program another TLS library, we want to create a VPN

Re: Monoculture

2003-10-02 Thread Perry E. Metzger
Simon Josefsson [EMAIL PROTECTED] writes: Several people have now suggested using TLS, but nobody seem to also refute the arguments made earlier against building VPNs over TCP, in http://sites.inka.de/~bigred/devel/tcp-tcp.html. Well, I agree, the most reasonable thing to do is to use ipsec,

Re: Reliance on Microsoft called risk to U.S. security

2003-10-02 Thread Bill Frantz
Peter has raised a number of important points. Let me start by saying that I do not see a strong distinction between a file to be viewed and a program. Both are instructions to the computer to perform some actions. While we might think the renderer showing us flat ASCII text is quite

Re: anonymous DH MITM

2003-10-02 Thread Zooko O'Whielacronx
Bear wrote: If it's an anonymous protocol, then credit for being a good chess player is a misnomer at best; the channel cannot provide credit to any particular person. I understand the objection, which is why I made the notion concrete by saying that Mitch wins if he gets the first player

Re: anonymous DH MITM

2003-10-02 Thread Tim Dierks
At 11:52 AM 10/2/2003, Zooko O'Whielacronx wrote: Bear wrote: You can have anonymous protocols that aren't open be immune to MITM And you can have open protocols that aren't anonymous be immune to MITM. But you can't have both. I'd like to see the proof. I think it depends on what you mean

Re: anonymous DH MITM

2003-10-02 Thread Ed Gerck
bear wrote: You can have anonymous protocols that aren't open be immune to MITM True. And you can have open protocols that aren't anonymous be immune to MITM. True. But you can't have both. False. In fact, it is possible to prove the existence of at least one open and anonymous

Re: Monoculture

2003-10-02 Thread Bill Frantz
At 8:32 PM -0700 10/1/03, Matt Blaze wrote: It might be debatable whether only licensed electricians should design and install electrical systems. But hardly anyone would argue that electrical system designers and installers needn't be competent at what they do. (Perhaps most of those who would

crypto licence

2003-10-02 Thread Ian Grigg
Guus Sliepen wrote: Some advice on licensing wouldn't go amiss either. (GPL? ... LGPL? ... something else?) I'd say LGPL or BSD, without any funny clauses. With crypto code, we have taken the view that it should BSD 2 clause. The reason for this is that crypto code has enough other