Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-27 Thread Ian G
Ben Laurie wrote: Ian G wrote: ... http://wiki.cacert.org/wiki/VhostTaskForce (The big problem of course is that you can use one cert to describe many domains only if they are the same administrative entity.) If they share an IP address (which they must, otherwise there's no problem),

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-27 Thread Ben Laurie
Eric Rescorla wrote: Ben Laurie [EMAIL PROTECTED] writes: And we need SSL v2 to die so it doesn't interfere with the above. Actually, you just disable it in the server. I don't see why we need anything more than that. The problem is that the ServerHostName extension that signals which

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-27 Thread Ben Laurie
Ian G wrote: Ben Laurie wrote: Ian G wrote: ... http://wiki.cacert.org/wiki/VhostTaskForce (The big problem of course is that you can use one cert to describe many domains only if they are the same administrative entity.) If they share an IP address (which they must, otherwise there's

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-27 Thread Ian G
Ben Laurie wrote: Ian G wrote: http://wiki.cacert.org/wiki/VhostTaskForce (The big problem of course is that you can use one cert to describe many domains only if they are the same administrative entity.) If they share an IP address (which they must, otherwise there's no problem), then

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Ben Laurie
Anne Lynn Wheeler wrote: James A. Donald wrote: However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing relationship between two people that know and trust each other. in the public key model ... whether it

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: Eh? It surely does stop MitM attacks - the problem is that there's little value in doing so for various reasons, such as no strong binding between domain name and owner, UI that doesn't make it clear which domain you are going to, or homograph attacks. it stops the MITM

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: Eh? It surely does stop MitM attacks - the problem is that there's little value in doing so for various reasons, such as no strong binding between domain name and owner, UI that doesn't make it clear which domain you are going to, or homograph attacks. part II; i've

Re: another feature RNGs could provide

2005-12-27 Thread Travis H.
On 12/26/05, Ben Laurie [EMAIL PROTECTED] wrote: Surely if you do this, then there's a meet-in-the middle attack: for a plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the strength of your cipher from 2^x

Re: crypto for the average programmer

2005-12-27 Thread Ben Laurie
Jack Lloyd wrote: On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote: No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP if you want, but its entirely optional; OpenSSL has its own bignum implementation that's just as good. Last I checked, public key operations

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Ben Laurie
Anne Lynn Wheeler wrote: a more sensible human factors design ... is to remember whether a person has checked out first time communication with a stranger ... the real first time, have the person do something additional ... and from then on remember that checking. in that respect ... creating

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: This is the SSH design for host keys, of course, and also the petnames design for URLs. Unfortunately petnames don't solve the problem that it is hard to check the URL even the first time. the original SSL paradigm was predicated on end-to-end security that the server the

Re: another feature RNGs could provide

2005-12-27 Thread David Malone
On Tue, Dec 27, 2005 at 03:26:59AM -0600, Travis H. wrote: On 12/26/05, Ben Laurie [EMAIL PROTECTED] wrote: Surely if you do this, then there's a meet-in-the middle attack: for a plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and decrypt C. If E_A(P)=D_B(C), then your

ADMIN: end of latest SSL discussion

2005-12-27 Thread Perry E. Metzger
The latest round of SSL and X.509 certs in browsers are broken has gone on too long. I kept hoping after weeks people might get bored, but they haven't. I'm cutting it off for at least a little while. I'll entertain new postings only if they propose actual solutions rather than long

Re: crypto for the average programmer

2005-12-27 Thread Jack Lloyd
On Tue, Dec 27, 2005 at 02:28:07PM +, Ben Laurie wrote: Apparently this rather depends on platform and compiler options. I am reliably informed that GMP is not always faster. For those that really care it'd be cool if someone did a careful comparison. It would also be interesting to