Re: PKI Research Workshop '04, CFP

2003-10-22 Thread Peter Gutmann
Carl Ellison [EMAIL PROTECTED] writes: The third annual PKI Research workshop CFP has been posted. I note that it's still not possible to use PKI to authenticate submissions to the PKI workshop :-). (To those people who missed the original comment a year or two back, the first PKI workshop

(Fwd) Electronic Signatures: Final Report available

2003-10-22 Thread Stefan Kelm
FYI: From: Jos Dumortier [EMAIL PROTECTED] Subject:Electronic Signatures: Final Report available Date sent: Tue, 21 Oct 2003 18:08:33 +0200 Dear colleagues and friends, The final report on legal and market aspects of electronic signatures in Europe

Re: PKI Research Workshop '04, CFP

2003-10-22 Thread Sean Smith
(To those people who missed the original comment a year or two back, the first PKI workshop required that people use plain passwords for the web-based submission system due to the lack of a PKI to handle the task). Hey, but at least the password was protected by an SSL channel, which was

[Announce] GPA 0.7.0 released

2003-10-22 Thread R. A. Hettinga
--- begin forwarded text Status: U Date: Wed, 22 Oct 2003 14:45:24 +0200 From: Miguel Coca [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED], [EMAIL PROTECTED] User-Agent: Mutt/1.5.4i Cc: Subject: [Announce] GPA 0.7.0 released List-Id: Help and

Liberty groups attack plan for EU health ID card

2003-10-22 Thread R. A. Hettinga
http://news.telegraph.co.uk/news/main.jhtml?xml=/news/2003/10/21/wid21.xmlsSheet=/news/2003/10/21/ixworld.html/news/2003/10/21/wid21.xml The Telegraph Liberty groups attack plan for EU health ID card By Ambrose Evans-Pritchard in Brussels (Filed: 21/10/2003) The European Union took its first

SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Tom Otvos
I read the WYTM thread with great interest because it dovetailed nicely with some research I am currently involved in. But I would like to branch this topic onto something specific, to see what everyone here thinks. As far as I can glean, the general consensus in WYTM is that MITM attacks are

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Tom Otvos wrote: As far as I can glean, the general consensus in WYTM is that MITM attacks are very low (read: inconsequential) probability. Is this *really* true? The frequency of MITM attacks is very low, in the sense that there are few or no reported occurrences. This makes it a

RE: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Tom Otvos
So what purpose would client certificates address? Almost all of the use of SSL domain name certs is to hide a credit card number when a consumer is buying something. There is no requirement for the merchant to identify and/or authenticate the client the payment infrastructure

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread John S. Denker
On 10/22/2003 04:33 PM, Ian Grigg wrote: The frequency of MITM attacks is very low, in the sense that there are few or no reported occurrences. We have a disagreement about the facts on this point. See below for details. This makes it a challenge to respond to in any measured way. We have a

RE: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Anne Lynn Wheeler
At 05:08 PM 10/22/2003 -0400, Tom Otvos wrote: The CC number is clearly not hidden if there is a MITM. I think the I got my money so who cares where it came from argument is not entirely a fair representation. Someone ends up paying for abuses, even if it is us in CC fees, otherwise why

RE: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Tom Otvos
Nobody doubts that it can occur, and that it *can* occur in practice. It is whether it *does* occur that is where the problem lies. Or, whether it gets reported if it does occur. The question is one of costs and benefits - how much should we spend to defend against this attack? How

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread David Wagner
Tom Otvos wrote: As far as I can glean, the general consensus in WYTM is that MITM attacks are very low (read: inconsequential) probability. Is this *really* true? I'm not aware of any such consensus. I suspect you'd get plenty of debate on this point. But in any case, widespread exploitation of

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Perry E. Metzger
Ian Grigg [EMAIL PROTECTED] writes: Nobody doubts that it can occur, and that it *can* occur in practice. It is whether it *does* occur that is where the problem lies. The question is one of costs and benefits - how much should we spend to defend against this attack? How much do we save

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Thor Lancelot Simon
On Wed, Oct 22, 2003 at 05:08:32PM -0400, Tom Otvos wrote: So what purpose would client certificates address? Almost all of the use of SSL domain name certs is to hide a credit card number when a consumer is buying something. There is no requirement for the merchant to identify and/or

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Perry E. Metzger
[EMAIL PROTECTED] (David Wagner) writes: Tom Otvos wrote: As far as I can glean, the general consensus in WYTM is that MITM attacks are very low (read: inconsequential) probability. Is this *really* true? I'm not aware of any such consensus. I will state that MITM attacks are hardly a

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Tom Weinstein wrote: Ian Grigg wrote: Nobody doubts that it can occur, and that it *can* occur in practice. It is whether it *does* occur that is where the problem lies. This sort of statement bothers me. In threat analysis, you have to base your assessment on capabilities, not

MITM attacks

2003-10-22 Thread l . crypto
Take many grains of salt before concluding that MITM attacks are either hard or don't happen. It is just that the environment for them is not the Internet per se, but modern switched LANs. The basic trick to monitoring someone's LAN traffic is to convince the ARP machinery that the MITM MAC is

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Perry E. Metzger
Ian Grigg [EMAIL PROTECTED] writes: In threat analysis, you base your assessment on economics of what is reasonable to protect. It is perfectly valid to decline to protect against a possible threat, if the cost thereof is too high, as compared against the benefits. The cost of MITM

RE: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Anne Lynn Wheeler
At 05:42 PM 10/22/2003 -0400, Tom Otvos wrote: Absolutely true. If the only effect of a MITM is loss of privacy, then that is certainly a lower-priority item to fix than some quick cash scheme. So the threat model needs to clearly define who the bad guys are, and what their motivations are.

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Tom Weinstein
Ian Grigg wrote: Tom Weinstein wrote: In threat analysis, you have to base your assessment on capabilities, not intentions. If an attack is possible, then you must guard against it. It doesn't matter if you think potential attackers don't intend to attack you that way, because you really don't

TLS, costs, and threat models

2003-10-22 Thread Perry E. Metzger
We've heard a bit recently from certain parties, especially Ian Grigg, claiming that one should use a cost/benefit analysis before using TLS. The claim seems to be that it provides more protection than one really needs. However, there are many perfectly free (in both senses) TLS implementations,

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Ian Grigg
Perry E. Metzger wrote: Ian Grigg [EMAIL PROTECTED] writes: In threat analysis, you base your assessment on economics of what is reasonable to protect. It is perfectly valid to decline to protect against a possible threat, if the cost thereof is too high, as compared against the

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread Perry E. Metzger
Ian Grigg [EMAIL PROTECTED] writes: Perry E. Metzger wrote: The cost of MITM protection is, in practice, zero. Not true! The cost is from 10 million dollars to 100 million dollars per annum. Those certs cost money, Perry! They cost nothing at all. I use certs every day that I've