Re: Monoculture

2003-10-03 Thread Victor . Duchovni
On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: 1) Creates a socket-like connection object 2) Allows configuration of the expected identity of the party at the other end, and, optionally, parameters like acceptable cipher suite 3) Connects, returning error if the identity doesn't match.

Protocol implementation errors

2003-10-03 Thread Bill Frantz
From: -- Security Alert Consensus -- Number 039 (03.39) Thursday, October 2, 2003 Network Computing and the SANS Institute Powered by Neohapsis *** {03.39.004} Cross - OpenSSL ASN.1 parsing vulns OpenSSL

Re: anonymous DH MITM

2003-10-03 Thread Zooko O'Whielacronx
Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, which are on my shelf. Where was it published? R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27:393-395, April 1984.

Re: Monoculture / Guild

2003-10-03 Thread John Gilmore
... it does look very much from the outside that there is an informal Cryptographers Guild in place... The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in about 1990. The way to tell who's in the Guild is that they can break

Re: quantum hype

2003-10-03 Thread Peter Fairbrother
[EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dave Howe Peter Fairbrother may well be in possession of a break for the QC hard problem - his last post stated there was a way to clone photons with high accuracy in retention of their polarization

Re: anonymous DH MITM

2003-10-03 Thread bear
On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote: Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, which are on my shelf. Where was it published? R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27:393-395, April 1984. Ah.

DH with shared secret

2003-10-03 Thread Jack Lloyd
This was just something that popped into my head a while back, and I was wondering if this works like I think it does. And who came up with it before me, because it's was too obvious. It's just that I've never heard of something alone these lines before. Basically, you share some secret with

Re: anonymous DH MITM

2003-10-03 Thread Anton Stiglic
- Original Message - From: Tim Dierks [EMAIL PROTECTED] I think it's a tautology: there's no such thing as MITM if there's no such thing as identity. You're talking to the person you're talking to, and that's all you know. That seems to make sense. In anonymity providing systems

using SMS challenge/response to secure web sites

2003-10-03 Thread Ian Grigg
Merchants who *really* rely on their web site being secure are those that take instructions for the delivery of value over them. It's a given that they have to work very hard to secure their websites, and it is instructive to watch their efforts. The cutting edge in making web sites secure is

Simple SSL/TLS - Some Questions

2003-10-03 Thread Jill Ramonsky
Having been greatly encouraged by people on this list to go ahead with a new SSL implementation, it looks like I am going to go for it, but I'd kinda like to not make any enemies in the process so I'll try to keep this list up to date with progress and decisions and stuff ... and I will ask a

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Eric Rescorla
Jill Ramonsky [EMAIL PROTECTED] writes: Now - SSL or TLS - this confuses me. From what I've read in Eric's book, SSL version 3.0 or below is called SSL, wheras SSL version 3.1 or above is called TLS. I wouldn't use quite that terminology. Noone talks about SSL version 3.1, but rather TLS 1.0.

Re: anonymous DH MITM

2003-10-03 Thread Benja Fallenstein
Hi, bear wrote: starting with Rivest Shamir's Interlock Protocol from 1984. Hmmm. I'll go read, and thanks for the pointer. Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, which are on my shelf. Where was it published? Communications of the ACM: Rivest and Shamir, How to

Re: anonymous DH MITM

2003-10-03 Thread R. A. Hettinga
At 2:16 PM -0700 10/2/03, bear wrote: That's not anonymity, that's pseudonymity. It seems to me that perfect pseudonymity *is* anonymity. Frankly, without the ability to monitor reputation, you don't have ways of controlling things like transactions, for instance. It's just that people are

Re: DH with shared secret

2003-10-03 Thread Eric Rescorla
Jack Lloyd [EMAIL PROTECTED] writes: This was just something that popped into my head a while back, and I was wondering if this works like I think it does. And who came up with it before me, because it's was too obvious. It's just that I've never heard of something alone these lines before.

Re: using SMS challenge/response to secure web sites

2003-10-03 Thread Rich Salz
Now a company called NetPay.TV - I have no idea about them, really - have started a service that sends out a 6 digit pin over the SMS messaging features of the GSM network for the user to type in to the website [4]. Authentify (http://www.authentify.com), does the same kind of thing. They put a

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Guus Sliepen
On Fri, Oct 03, 2003 at 05:55:25PM +0100, Jill Ramonsky wrote: It's worth summing up the design goals here, so nobody gets confused. Trouble is, I haven't figured out what they should all be. The main point of confusion/contention right now seem to be (1) should it be in C or C++?, (2)

Re: anonymous DH MITM

2003-10-03 Thread Benja Fallenstein
Hi -- bear wrote: On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote: R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27:393-395, April 1984. Ah. Interesting, I see. It's an interesting application of a bit-commitment scheme. Ok, so my other mail came far too

Re: DH with shared secret

2003-10-03 Thread Anton Stiglic
- Original Message - From: Jack Lloyd [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 5:13 AM Subject: DH with shared secret This was just something that popped into my head a while back, and I was wondering if this works like I think it does. And who came up

Re: anonymous DH MITM

2003-10-03 Thread Jerrold Leichter
| Date: Fri, 3 Oct 2003 10:14:42 -0400 | From: Anton Stiglic [EMAIL PROTECTED] | To: Cryptography list [EMAIL PROTECTED], | Tim Dierks [EMAIL PROTECTED] | Subject: Re: anonymous DH MITM | | | - Original Message - | From: Tim Dierks [EMAIL PROTECTED] | | | I think it's a tautology:

Re: anonymous DH MITM

2003-10-03 Thread Tim Dierks
At 02:16 PM 10/3/2003, Jerrold Leichter wrote: From: Anton Stiglic [EMAIL PROTECTED] | From: Tim Dierks [EMAIL PROTECTED] | I think it's a tautology: there's no such thing as MITM if there's no such | thing as identity. You're talking to the person you're talking to, and | that's all you know.

anonymity +- credentials

2003-10-03 Thread John S. Denker
On 10/03/2003 01:26 PM, R. A. Hettinga wrote: It seems to me that perfect pseudonymity *is* anonymity. They're not quite the same thing; see below. Frankly, without the ability to monitor reputation, you don't have ways of controlling things like transactions, for instance. It's just that

Re: anonymous DH MITM

2003-10-03 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Benja Fallenstein writes: Hi, bear wrote: starting with Rivest Shamir's Interlock Protocol from 1984. Hmmm. I'll go read, and thanks for the pointer. Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, which are on my shelf. Where was it

Re: Simple SSL/TLS - Some Questions

2003-10-03 Thread Roy M. Silvernail
iang wrote: Jill Ramonsky wrote: It's worth summing up the design goals here, so nobody gets confused. Trouble is, I haven't figured out what they should all be. The main point of confusion/contention right now seem to be (1) should it be in C or C++?, C. And write C++ wrappers or

Re: anonymous DH MITM

2003-10-03 Thread Ian Grigg
R. A. Hettinga wrote: At 2:16 PM -0700 10/2/03, bear wrote: That's not anonymity, that's pseudonymity. It seems to me that perfect pseudonymity *is* anonymity. Conventionally, I think, Anonymity is when one publishes a pamphlet of political criticism, and there is no name on the pamphlet.

Re: anonymous DH MITM

2003-10-03 Thread Taral
On Fri, Oct 03, 2003 at 02:16:22PM -0400, Jerrold Leichter wrote: The Interlock Protocol doesn't provide this - it prevents the MITM from modifying the exchanged messages, but can't prevent him from reading them. It's not clear if it can be achieved at all. But it does make sense as a

Re: DH with shared secret

2003-10-03 Thread Trevor Perrin
At 05:13 AM 10/3/2003 -0400, Jack Lloyd wrote: This was just something that popped into my head a while back, and I was wondering if this works like I think it does. And who came up with it before me, because it's was too obvious. It's just that I've never heard of something alone these lines

Re: anonymous DH MITM

2003-10-03 Thread Anton Stiglic
- Original Message - From: Jerrold Leichter [EMAIL PROTECTED] [...] | I think it's a tautology: there's no such thing as MITM if there's no such | thing as identity. You're talking to the person you're talking to, and | that's all you know. | | That seems to make sense No;

threat modelling strategies

2003-10-03 Thread Ian Grigg
Arnold G. Reinhold wrote: At 11:50 PM -0400 10/1/03, Ian Grigg wrote: ... A threat must occur sufficiently in real use, and incur sufficient costs in excess of protecting against it, in order to be included in the threat model on its merits. I think that is an excellent summation of

Strong-Enough Pseudonymity as Functional Anonymity

2003-10-03 Thread R. A. Hettinga
At 2:32 PM -0400 10/3/03, John S. Denker wrote: -- anonymous (no handle all) If they don't know who I am, I'm anonymous, whether I use a pseudonym or not. However, the more perfect the pseudonym is, the more secure it is, the more anonymous I am. All of the anonymous payment protocols I

Re: anonymous DH MITM

2003-10-03 Thread Jerrold Leichter
| From: Anton Stiglic [EMAIL PROTECTED] | From: Jerrold Leichter [EMAIL PROTECTED] | No; it's false. If Alice and Bob can create a secure channel between | themselves, it's reasonable to say that they are protected from MITM | attacks if they can be sure that no third party can read their

Re: Monoculture / Guild

2003-10-03 Thread lrk
On Thu, Oct 02, 2003 at 03:34:35PM -0700, John Gilmore wrote: ... it does look very much from the outside that there is an informal Cryptographers Guild in place... The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in

RE: Choosing an implementation language

2003-10-03 Thread Scott Guthery
Ah, the joys of diversity. Implementations of all your favorite protocols in all your favorite programming languages by all your favorite programmers in all your favorite countries on all your favorite operating systems for all your favorite chips. Continuous debugging certainly is the path

Re: Choosing an implementation language

2003-10-03 Thread Thor Lancelot Simon
On Fri, Oct 03, 2003 at 04:31:26PM -0400, Tyler Close wrote: On Thursday 02 October 2003 09:21, Jill Ramonsky wrote: I was thinking of doing a C++ implentation with classes and templates and stuff. (By contrast OpenSSL is a C implementation). Anyone got any thoughts on that? Given the

Re: anonymous DH MITM

2003-10-03 Thread Jerrold Leichter
| Date: Fri, 03 Oct 2003 17:27:36 -0400 | From: Tim Dierks [EMAIL PROTECTED] | To: Jerrold Leichter [EMAIL PROTECTED] | Cc: Cryptography list [EMAIL PROTECTED] | Subject: Re: anonymous DH MITM | | At 03:28 PM 10/3/2003, Jerrold Leichter wrote: | From: Tim Dierks [EMAIL PROTECTED] | | No; it's