Re: CAs for spies?

2004-05-28 Thread Peter Gutmann
Steve Bellovin [EMAIL PROTECTED] writes:

Have you ever wondered what CA a spy agency would trust?  In the case of the
Mossad, it's Thawte.

Minor nitpick: That should really be phrased as Have you ever wondered what
CA a spy agency would select to make the browser warning dialogs go away?.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Examining the Encryption Threat

2004-05-28 Thread Peter Gutmann
Peter Parker [EMAIL PROTECTED] writes:

In one of the issue of ijde found at
http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed
various encryption applications and discussed results for few sample
applications. Does any one have the complete results. Tried mailing the
author but no response. Any one having further info.

To save people downloading the PDF, it's an 11-page article that reinvents
the 'file' command.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Ed Reed
Why worry about satellites when car/plane/neighbor unpiloted remote
controlled airplanes work so well?

You're free-radiating electronic emissions.  That's all a determined
adversary needs.  Or an opportunistic war-driving script-kiddie, for
that matter.

 John Kelsey [EMAIL PROTECTED] 5/27/2004 12:35:00 PM 
Guys,

Does anyone know whether the low-power nature of wireless LANs protects
them from eavesdropping by satellite?  Is there some simple reference
that would easily let me figure out whether transmitters at a given
power are in danger of eavesdropping by satellite?  

Thanks,

--John 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The future of security

2004-05-28 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes:

I think cryptography techniques can provide a partial solution to spam.

No they won't.  All the ones I've seen are some variant on the build a big
wall around the Internet and only let the good guys in, which will never work
because the Internet doesn't contain any definable inside and outside, only
800 million Manchurian candidates waiting to activate.  For example
MessageLabs recently reported that *two thirds* of all the spam it blocks is
from infected PCs, with much of it coming from ADSL/cable modem IP pools.
Given that these spammers are legitimate users, no amount of crypto will
solve the problem.  I did a talk on this recently where I claimed that various
protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail
Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and
the only dissent was from an anti-virus researcher who said it'd buy weeks and
not months.  The alternative proof-of-resource-consumption is little better,
since it's not the spammers' resources that are being consumed.

There is one technological solution which would help things a bit, which is
Microsoft implementing virus throttling in the Windows TCP stack.  Like a
firebreak, you can never prevent fires, but you can at least limit the damage
when they do occur.  Unfortunately I don't see this happening too soon, both
because MS aren't exactly at the forefront of implementing security features
(it took them how many years to add the most basic popup-blocking?), and
because of liability issues - adding virus throttling would be an admission
that Windows is a petri dish.

The problem we're facing is social, not technological, so no there's no
technological fix.  The problem is that neither users nor vendors have any
natural incentive to fix things.  In the long run, only legislation will help:
penalise vendors for selling spam-enabling software (MS Outlook, via
viruses/worms), and penalise users for running software in a spam-enabling
manner (open relays).  This is equivalent to standard corporate-governance
legislation that sets auditing/environmental/due diligence/etc requirements.
Unfortunately this is unlikely to pass in the US (where it matters most) due
to software industry lobbying, it'd require an Enron-style debacle to pass
over there, perhaps a virus-induced reactor meltdown or something similar.

(Much of the above was lifted from Why isn't the Internet secure yet,
 dammit?, http://www.cs.auckland.ac.nz/~pgut001/pubs/dammit.pdf, with the
 section on spam starting at page 5.  Apologies for the PDF link, but there
 are some diagrams in there that don't translate well to text).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The future of security

2004-05-28 Thread Anne Lynn Wheeler
At 09:27 AM 5/28/2004, Peter Gutmann wrote:
No they won't.  All the ones I've seen are some variant on the build a big
wall around the Internet and only let the good guys in, which will never work
because the Internet doesn't contain any definable inside and outside, only
800 million Manchurian candidates waiting to activate.  For example
MessageLabs recently reported that *two thirds* of all the spam it blocks is
from infected PCs, with much of it coming from ADSL/cable modem IP pools.
Given that these spammers are legitimate users, no amount of crypto will
solve the problem.  I did a talk on this recently where I claimed that various
protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail
Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and
the only dissent was from an anti-virus researcher who said it'd buy weeks and
not months.  The alternative proof-of-resource-consumption is little better,
since it's not the spammers' resources that are being consumed.
the caveat to that is many of the infected machines were originally 
infected by spam with spoofed origin ... somehow convincing users to click 
on something. authentication would help somewhat with that ... and, in 
fact, some of the spam being sent out by the infected machines, in turn 
uses spoofed origin. authentication might also help address the 
identity-theft oriented spam ... claiming to be your bank and needing 
personal information.

it doesn't help with ... click on this to get the latest, greatest game ... 
where there isn't any attention at all paid to the origin ... just looking 
for instant gratification.

the 60s/70s time-sharing systems nominally had some assurance applied to 
the introduction of executables into the environment. this is my comment 
about the desktop systems having diametrically opposing requirements ... 
the original design point of totally unconnected, stand alone environment 
where an introduced executable could take over the whole machine ... and at 
the same time fully wired to an increasingly hostile environment needing 
signficant safeguards and processes associated with assurance of introduced 
executables. the intermediate step was that some of these stand-alone 
machines acquired interconnect capability for a local, safe, isolated 
departmental/office network. This had hardly any restricted execution and 
access capability ... again not worrying about protection against a hostile 
and unsafe operation.

the shared environment analogy is highway traffic and rules about operating 
an unsafe vehicle could result in both having your license revoked and the 
vehicle confiscated (it doesn't require the driver to be a highly trained 
car mechanic ... it just holds the driver responsible).

connecting systems that were designed for fundamentally safe and isolated 
environment to wide-open anarchy hostile operation exposes all sorts of 
problems. somewhat analogous to not actually needing a helmet for riding a 
motorcycle ... or seat belts and airbags to drive a car.

--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/ 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Ed Gerck
On Thu, May 20, 2004 at 10:07:43AM -0400, R. A. Hettinga wrote:
yahoo draft internet standard for using DNS as a public key server
http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt
The main problem with this approach is revealed in a mind slip by Yahoo
themselves at http://antispam.yahoo.com/domainkeys :
 For consumers, such as Yahoo! Mail users or a grandmother accessing email
 through a small mid-western ISP, industry support for sender authentication
 technologies will mean that they can start trusting email again
It's industry support. We know what it means: multiple, conflicting
approaches, slow, fragmented adoption -- will not work. It would be better
if the solution does NOT need industry support at all, only user support. It
should use what is already available.
Cheers--/Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Trei, Peter
R. A. Hettinga

 At 12:35 PM -0400 5/27/04, John Kelsey wrote:
 Does anyone know whether the low-power nature of wireless 
 LANs protects
 them from eavesdropping by satellite?
 
 It seems to me that you'd need a pretty big dish in orbit to 
 get that kind
 of resolution.
 
 The Keyholes(?) are for microwaves, right?
 
 Cheers,
 RAH

I don't claim great expertise, but

802.11b/g operates in the microwave range - My home
net falls over every time my kid heats up a
burrito (It comes right back, though).

GSM phones run at a MAX of 0.25 watts (GSM900) or 
0.125 watts (GSM1800), but it is normal for the 
power used to be one hundredth of this maximum 
or less.

However, the base stations are much more powerful - 
50 watts. I suspect the spy-from-orbit stuff looks 
at this, not the phone transmitter. 802.11b/g 
typically runs around 0.1 watt, and there is no 
high-power base station.

If this is the case, then the power in an 802.11b/g
net is 1/500th of that for GSM phones - which seems
to fit in with the difference in range. Phones 
operate with kilometers to the base station, while
802.11b/g is lucky to cover a whole house.

A big antenna would obviously be a lot of help, but a
smaller one a lot closer would be better. If you insist
on listening from orbit, geosync is probably not the way
to go - you'd want something like the Iridium constellation
of low-orbit sats (600 miles up).

Clarke orbit (geosync) is about 35800 km up. You'd get
a 10,000 fold advantage by putting your spysats at only
358km. 

I suspect that eavesdropping on 802.11b/g from 
orbit is pretty hard. The power levels are very 
low, and there may be several nets running on the same 
channel within a satellites' antenna footprint. 
My summary: Very tough. Probably not impossible.

Peter

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Perry E. Metzger

Trei, Peter [EMAIL PROTECTED] writes:
 I suspect that eavesdropping on 802.11b/g from 
 orbit is pretty hard. The power levels are very 
 low, and there may be several nets running on the same 
 channel within a satellites' antenna footprint. 

As I mentioned, phased arrays are very good at getting out from under
the too many users of the same channel problem while
eavesdropping. They allow you to focus on multiple sources
simultaneously.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Arnold G. Reinhold
At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote:
R. A. Hettinga [EMAIL PROTECTED] writes:
 At 12:35 PM -0400 5/27/04, John Kelsey wrote:
Does anyone know whether the low-power nature of wireless LANs protects
them from eavesdropping by satellite?
 It seems to me that you'd need a pretty big dish in orbit to get that kind
 of resolution.
 The Keyholes(?) are for microwaves, right?
Dunno if it would work in orbit,, but you can get surprising results
right here on earth using phased arrays.
Vivato is selling very long range phased array equipment as long
range/high quality 802.11 basestations, but you could do precisely the
same trick to eavesdrop instead of to communicate. With enough
computing power, one device could listen in on every 802.11
communication in a very large radius.
I don't know how practical it would be to set up some sort of large
scale phased array in orbit -- I suspect the answer is not practical
at all -- but the principle could apply there, too.
I would say quite practical. A huge advantage for the attacker is 
that 802.11b/g is in a fixed frequency band. A half-wave dipole is 
6.25 cm long. A large phased array could be assembled out of printed 
circuit board tiles, each with many antennas.

The outdoor range for 802.11 is up to 100 m.  Low earth orbit is 
about 150 km.  That is a factor of 1500. Power attenuation is the 
square of that, which works out to a 64 db loss.  Throw in another 10 
db for slant range, building attenuation, etc. The loss has to be 
made up by a combination of antenna gain, improved receiver 
performance and better signal processing. That doesn't sound undoable.

A single LEO satellite would only have a few minutes of visibility 
per day over any one location on Earth. That suggests an active 
attack, where the satellite looks for files or even changes data. The 
satellite's ability to transmit at much higher power levels is an 
advantage.

A third option is spot jamming. Here high power means one can get 
away with a smaller antenna, perhaps wrapped around a cheaper spin 
stabilized satellite.  Such a system could be used to briefly disable 
802.11-based security systems, perhaps allowing a spy to gain access 
to a building.

Other interesting possibilities include long endurance 
remotely-piloted aircraft, balloons and small receiving stations that 
could be planted by spies or even parachuted into position. I'm sure 
802.11 has given the SIGINT community much joy.

Arnold Reinhold
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Matt Crawford
Don't dismiss possibilities for wireless data eavesdropping without 
considering the possibilities of this new chip

http://pr.caltech.edu/media/Press_Releases/PR12490.html
and its friends
http://www.chic.caltech.edu/
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The future of security

2004-05-28 Thread Eugen Leitl
On Fri, May 28, 2004 at 09:46:03AM -0700, bear wrote:

 Spam won't stop until spam costs the spammers money.

If I'm a node in a web of trust (FOAF is a human), prestige will 
percolate through it completely. That way I can color a whole domain with a
nonboolean trust hue, while a domain of fakers will have only very few
connections (through compromises, or human mistakes), which will rapidly sealed,
once actually used to do something to lower their prestige (I signed the key
of a spammer, please kill me now). 

Of course, tracking prestige globally, robustly in a p2p fashion is
difficult, and will require agoric load levelling elements (to prevent bad
nodes from DoSing the global store) which also requires prestige tracking.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpnR1gxzugWi.pgp
Description: PGP signature


Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Victor . Duchovni
On Fri, 28 May 2004, Ed Gerck wrote:

 The main problem with this approach is revealed in a mind slip by Yahoo
 themselves at http://antispam.yahoo.com/domainkeys :

   For consumers, such as Yahoo! Mail users or a grandmother accessing email
   through a small mid-western ISP, industry support for sender authentication
   technologies will mean that they can start trusting email again

 It's industry support. We know what it means: multiple, conflicting
 approaches, slow, fragmented adoption -- will not work.

And indeed some will view the various sender authentication proposals as
misguided solutions for the wrong problems, while others will be simply
disinclined to spend money to upgrade their working just fine MTAs so
these will by no means be universally adopted.

The spammers will increase the cost of receiving a clean mail stream, but
if that increase is not too high and the filter accuracy is high enough,
email will continue to work just fine.

The bargain basement email providers may be disinclined to pay more to
provide a commodity service where the competition often offers the service
at no cost. There may in the future be a larger market for premium email
services, with a second market for low to zero cost mailboxes subjected to
a kinder, gentler spam stream (likely from the email provider).

How soon will the spammers get into the business of hosting free mailboxes
for people who actually buy spamvertized products. Much easier to send the
spam to their own users, let them indicate their preferences, set up
forwarded notifications, ...

What things brings us to is that a major part of the problem are of course
the people who buy the spamvertized products. So long as there is a new
sucker born every minute, there will also be someone ready to take
advantage of same.

Can spam be solved through end-user education? Do not buy spammed
products campaign signs right next to the public health signs against
smoking? How to not be this minute's sucker education in schools? :-)

Is spam really that important a societal ill, if the spammers had better
parenting, schooling and better career prospects would they still spam or
litter the sidewalk? Are human societies free of spam and more serious
ills possible or even desirable (what is the cost of eliminating the
ills)?

We get too carried away with spam, as threats to our way of life there are
far more serious problems...

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Eugen Leitl
On Fri, May 28, 2004 at 01:19:15PM -0500, Matt Crawford wrote:
 Don't dismiss possibilities for wireless data eavesdropping without 
 considering the possibilities of this new chip
 
 http://pr.caltech.edu/media/Press_Releases/PR12490.html
 
 and its friends
 
 http://www.chic.caltech.edu/

If you want to fly a LEO constellation of them, you need a very sparse structure (or
a huge density of pongsats, which doesn't agree with observations).

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpjSdYUSaXAn.pgp
Description: PGP signature


Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread Adam Fields
On Fri, May 28, 2004 at 03:20:52PM -0400, [EMAIL PROTECTED] wrote:
[...]
 How soon will the spammers get into the business of hosting free mailboxes
 for people who actually buy spamvertized products. Much easier to send the
 spam to their own users, let them indicate their preferences, set up
 forwarded notifications, ...

Er, doesn't this describe Gmail?

 What things brings us to is that a major part of the problem are of course
 the people who buy the spamvertized products. So long as there is a new
 sucker born every minute, there will also be someone ready to take
 advantage of same.

Yeah...

I'm curious about who these suckers actually are. I've never heard of
anyone buying any spam crap except journalists researching whether or
not you can actually buy spam crap.

Does anyone personally know someone who's bought something from a
spammer, for real?

 Can spam be solved through end-user education? Do not buy spammed
 products campaign signs right next to the public health signs against
 smoking? How to not be this minute's sucker education in schools? :-)

Put that sign right next to the Snapple machine.

 Is spam really that important a societal ill, if the spammers had better
 parenting, schooling and better career prospects would they still spam or
 litter the sidewalk? Are human societies free of spam and more serious
 ills possible or even desirable (what is the cost of eliminating the
 ills)?
 
 We get too carried away with spam, as threats to our way of life there are
 far more serious problems...


-- 
- Adam

-
http://www.adamfields.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The future of security

2004-05-28 Thread bear


On Fri, 28 May 2004, Anne  Lynn Wheeler wrote:

connecting systems that were designed for fundamentally safe and isolated
environment to wide-open anarchy hostile operation exposes all sorts of
problems. somewhat analogous to not actually needing a helmet for riding a
motorcycle ... or seat belts and airbags to drive a car.

Perspective on things...

Where I grew up, safety equipment inside your car (or on your head on
a motorcycle) was limited to that which prevented you from becoming
more of a hazard to *OTHER* drivers.  Motorcyclists didn't need
helmets, because helmets don't prevent crashes or change the
consequences of crashes for anyone who's not wearing them.  But they
did need eye protection, because eye protection reduced the
probability of crashes that could be dangerous to others.

I thought this was actually a well-considered system.  The law
required us to take whatever reasonable precautions we needed to
protect others from our actions, but it was entirely up to us whether
we attempted to protect ourselves from our own actions.

Now, in most states, law doesn't work this way any more -- protecting
people from each other has gotten fuzzed into the idea of protecting
the people (monolithic unit) from themselves (monolithic unit).

But I think there is some wisdom here that may apply to the spam
situation. Have partial solutions been getting rejected because we're
seeing that we can't protect users against their *own* stupidity?
What we actually need is systems to protect *other* users from their
stupidity.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-28 Thread martin f krafft
also sprach Ed Gerck [EMAIL PROTECTED] [2004.05.28.1853 +0200]:
 It's industry support. We know what it means: multiple,
 conflicting approaches, slow, fragmented adoption -- will not
 work. It would be better if the solution does NOT need industry
 support at all, only user support. It should use what is already
 available.

While I fundamentally agree, a user-side approach will not work for
two reasons, at least:

  - The technology is too complex to be grasped. users may be able
to select encryption in their GUI, but they fail to understand
the consequences. This is especially problematic on the receiver
side, because no standard user knows how to handle a BAD
SIGNATURE alert.

  - The infrastructure is not there. Two standards compete for email
cryptography, and both need an infrastructure to back them up.
Unless the governments do not settle on one standard and provide
the necessary infrastructure, such as signing keycards or
pocket devices capable of stream en/decryption, encryption is
not going to be standard.

If everyone and their mother is supposed to use cryptography, then
the two points need to be addressed. And unless everyone (and their
mother) uses cryptography consistently, email is not going to be
safe.

-- 
martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
 
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
 
the unix philosophy basically involves
giving you enough rope to hang yourself.
and then some more, just to be sure.


signature.asc
Description: Digital signature