it isn't sufficient that you show there is some specific
authentication protocol with unread, random data ... that has
countermeasures against a dual-use attack ... but you have to
exhaustively show that the private key has never, ever signed any
unread random data that failed to contain dual-u
there is a variation on the EU FINREAD terminal that sort of provides a
chain of trust/evidence (that has almost nothing at all to do with the
traditional trusted third party certification authorities and their
certificates)(
1) there ae a certain class of certified terminals with security modu
At 10:36 AM 7/18/2004, Sean Smith wrote:
In SSL and TLS, the client isn't signing random data provided by the
adversary. Rather, the client is signing a value derived from data both
the client and server provide as part of the handshake. I do not believe
it is feasible for a malicious server t
Enzo Michelangeli wrote:
Can someone explain me how the "phishermen" escape identification and
prosecution? Gaining online access to someone's account allows, at most,
to execute wire transfers to other bank accounts: but in these days
anonymous accounts are not exactly easy to get in any country,
at the NIST PKI workshop a couple months ago there were a number
of infrastructure presentations where various entities in the
infrastructure were ...signing random data as part of authentication
protocol
I believe our paper may have been one of those that Lynn objected to.
We used the sam
the fundamental issue is that there are infrastructures using the same
public/private key pair to digital sign
1) random authentication data that signer never looks at and believe is of
low value ... if they connect to anybody at all ... and are asked to
digitally sign some random data for aut
Enzo Michelangeli wrote:
Can someone explain me how the "phishermen" escape identification and
prosecution? Gaining online access to someone's account allows, at
most, to execute wire transfers to other bank accounts: but in these
days anonymous accounts are not exactly easy to get in any country,
At 05:55 PM 7/17/2004, Eric Rescorla wrote:
Now, my threat model mostly includes (1), does not really include
(3), and I'm careful not to do things that leave me susceptible
to (2), so SSL does in fact protect against the attacks in my
threat model. I know a number of other people with similar thre
At 01:33 AM 7/18/2004, Amir Herzberg wrote:
I don't see here any problem or attack. Indeed, there is difference
between signature in the crypto sense and legally-binding
signatures. The later are defined in one of two ways. One is by the
`digital signature` laws in different countries/states; that
Eric Rescorla wrote:
By (2) I guess you mean a bypass MITM?
I'm not sure what you mean by "bypass". I'm talking about attacks
where the attacker cons you into dereferencing the wrong
URL.
That's what I mean. The normal security checks
ot the system have been bypassed, in this case,
by having the
Amir Herzberg wrote:
(Amir, I replied to your other comments over on the
Mozilla security forum, which is presumably where they
will be more useful. That just leaves this:)
So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe
`Stop SSL-Abuse!`
Ha! I wondered when someone would
Can someone explain me how the "phishermen" escape identification and
prosecution? Gaining online access to someone's account allows, at most,
to execute wire transfers to other bank accounts: but in these days
anonymous accounts are not exactly easy to get in any country, and anyway
any bank large
Ian Grigg called attention to the fact that the use (as by pgp.com) of a
lock in the FavIcon position (in the location bar) can be abused in site
spoofing/phishing attacks, to fool users to think that a page is SSL
protected, when it's not. In fact, this is part of Ian's `SSL considered
harmful
Anne & Lynn Wheeler wrote:
ok, this is a long posting about what i might be able to reasonable assume
if a digital signature verifies (posting to c.p.k newsgroup):
... skipped (it was long :-)
the dual-use comes up when the person is 'signing" random challenges as
purely a means of authentication
Ian Grigg <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>> Ian Grigg <[EMAIL PROTECTED]> writes:
>>
>>>Notwithstanding that, I would suggest that the money
>>>already lost is in excess of the amount paid out to
>>>Certificate Authorities for secure ecommerce certificates
>>>(somewhere around
Eric Rescorla wrote:
Ian Grigg <[EMAIL PROTECTED]> writes:
Notwithstanding that, I would suggest that the money
already lost is in excess of the amount paid out to
Certificate Authorities for secure ecommerce certificates
(somewhere around $100 million I guess) to date. As
predicted, the CA-signed
>But is it so harmful? How much money is lost in a typical phishing
>attack against a large US bank, or PayPal?
A lot. According to people at the anti-phishing conference earlier
this year, six-figure losses are common, and seven-figure not unknown.
The kind of phishes we all see, trolling for
Ian Grigg <[EMAIL PROTECTED]> writes:
> Notwithstanding that, I would suggest that the money
> already lost is in excess of the amount paid out to
> Certificate Authorities for secure ecommerce certificates
> (somewhere around $100 million I guess) to date. As
> predicted, the CA-signed certificat
18 matches
Mail list logo
