Re: New article on root certificate problems with Windows

2007-07-21 Thread pgut001

Paul Hoffman [EMAIL PROTECTED] writes:

At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
|From a security point of view, this is really bad.  From a usability 
point of

|view, it's necessary.

As you can see from my list of proposed solutions, I disagree. I see no
reason not to to alert a user *who has removed a root* that you are about to
put it back in.


It depends on what you mean by user.  You're assuming that direct action by
the wetware behind the keyboard resulted in its removal.  However given how
obscure and well-hidden this capability is, it's more likely that a user agent
acting with the user's rights caused the problem.  So the message you end up
communicating to the user is:

  Something you've never heard of before has changed a setting you've never
  heard of before that affects the operation of something you've never heard
  of before and probably wouldn't understand no matter how patiently we
  explain it.

(those things are, in order some application or script, the cert trust
setting, certificates, and PKI).

I guess we'd need word from MS on whether this is by design or by accident,
but I can well see that quietly unbreaking something that's broken for some
reason would be seen as desirable behaviour.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: New article on root certificate problems with Windows

2007-07-21 Thread Paul Hoffman

At 7:58 PM +1200 7/20/07, [EMAIL PROTECTED] wrote:

Paul Hoffman [EMAIL PROTECTED] writes:

At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
|From a security point of view, this is really bad.  From a 
usability point of

|view, it's necessary.

As you can see from my list of proposed solutions, I disagree. I see no
reason not to to alert a user *who has removed a root* that you are about to
put it back in.


It depends on what you mean by user.  You're assuming that direct action by
the wetware behind the keyboard resulted in its removal.


Correct, I was.


  However given how
obscure and well-hidden this capability is, it's more likely that a user agent
acting with the user's rights caused the problem.  So the message you end up
communicating to the user is:

  Something you've never heard of before has changed a setting you've never
  heard of before that affects the operation of something you've never heard
  of before and probably wouldn't understand no matter how patiently we
  explain it.

(those things are, in order some application or script, the cert trust
setting, certificates, and PKI).


Very good point.

Bigger picture takeaway: when both a user and an application can 
change a crypto setting in an application (or OS), any later messages 
relating to that event are likely to be confusing because they can't 
be directly linked to the action. This applies to all of our 
crypto-in-the-real-world, not just the trust anchor issue at hand.


--Paul Hoffman, Director
--VPN Consortium

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Announcing DIMACS 2007-2010 Special Focus on Algorithmic Foundations of the Internet

2007-07-21 Thread Linda Casals
[Moderator's note: the Secure Routing focus may be of interest to some
readers. --Perry]

***

Announcing DIMACS 2007-2010 Special Focus on 
   Algorithmic Foundations of the Internet

http://dimacs.rutgers.edu/SpecialYears/2007_AFI/

***
 
The Internet has an ever-expanding role in our daily lives; yet, it is
arguably one of the most fragile components of our nation's critical
infrastructure. The Internet was designed as a research network
without the expectation that it would eventually be used for
everything from banking, commerce, and telecommunications to the
remote management of power networks. The scale and heterogeneity of
the Internet have far surpassed all expectations, and the Internet is
responding by showing signs of strain. Moreover, new applications
heighten the need for security and network management capabilities,
neither of which were major goals in the original design of Internet
protocols.

DIMACS is hosting a 3-year special focus devoted to the study of
algorithms and protocols for large-scale networks. The focus is
scheduled to start in August 2007 and continue through July 2010. The
special focus aims to enhance our understanding of the limitations of
today's protocols, as well as the gains that new designs could
achieve. This is an emerging cross-disciplinary area that requires
expertise from several fields including networking, theory of
computing, computer and communications security, and game
theory. Research collaborations spanning these communities are crucial
to making progress on the most challenging problems, and enabling
these collaborations is a major goal of this special focus.

As the Internet continues to grow, more and more business-critical
functions rely on its availability. One can easily envision a future
in which the vast majority of communications traffic, including
telephone, television, radio, business data, and government data, will
rely on an Internet infrastructure that is available and secure. For
the Internet to meet these challenges, we need a much deeper
understanding of the properties of our existing protocols and the
fundamental tradeoffs that should guide the design of the future
Internet. Providing a strong algorithmic foundation for the Internet
is especially timely, as the research community embarks on an
ambitious rethinking of the Internet architecture.

There are many algorithms and protocols used in the Internet and its
applications. Some adequately serve their desired purposes, while
others need improvement. However, there is a disconnect between the
methodology and results of algorithms research and the methodology and
results used to guide the adoption of Internet protocol standards. On
the one hand, traditional distributed-algorithms research does not
adequately model the Internet's design goals, including autonomy,
scalability, and privacy. On the other hand, protocol-adoption
standards far too often rely on experimentation and testing by vendors
and select customers, not on formal analysis. Protocols are often
tweaked to add customer functionality without scrutinizing the
resulting behavior in worst-case situations or proving any kind of
correctness or security properties. Furthermore, these worst-case
situations occur more often than expected, due to both the sheer size
of the network and the fact that malicious agents can use security
flaws to take control of significant parts of the Internet.

This special focus seeks to bridge the gap between networking research
focused on the existing artifacts - the protocols and mechanisms
underlying today's Internet - and the new work that needs to be done
to lay a solid foundation for the design of a future
Internet. Research focusing on today's network emphasizes
characterization, primarily through measurement and prototyping, of
existing protocols and mechanisms, in order to improve our
understanding of the Internet and guide incremental changes to the
system. Although algorithmic models have played a role in this work,
the details of today's protocols and mechanisms often defy attempts to
impose rigorous models after the fact. The future Internet needs to
be more secure, be easier to manage, and take greater advantage of new
underlying technologies, such as sensor networks, wireless networks,
and optical switching. This argues for the design of new protocols and
mechanisms with their key properties in mind from the outset. An
algorithmic mindset is an extremely important ingredient in this line
of research.

This special focus is guided by a deep understanding of the current
Internet but allows for the possibility of radical change where it is
warranted. The focus seeks to analyze and design protocols,
algorithms, and architectures for a future Internet that is based on
sound mathematical and computational foundations, 

Re: New article on root certificate problems with Windows

2007-07-21 Thread Frank Siebenlist
(I don't have access to windoze... cannot verify if my suggestion would
work...)

Can't you replace the installed root certs with empty files or bogus
content such that they will fail path validation and still trick MS not
to re-install them?

-Frank.




Jeffrey Altman wrote:
 [EMAIL PROTECTED] wrote:
 The executive summary, so I've got something to reply to:

   In the default configuration for Windows XP with Service Pack 2 (SP2),
 if a
   user removes one of the trusted root certificates, and the certifier who
   issued that root certificate is trusted by Microsoft, Windows will
 silently
   add the root certificate back into the user's store and use the original
   trust settings.

 While I don't agree with this behaviour, I can see why Microsoft would do
 this, and I can't see them changing it at any time in the future.  It's the
 same reason why they ignore key usage restrictions and allow (for
 example) an
 encryption-only key to be used for signatures, and a thousand other
 breaches
 of PKI etiquette: There'd be too many user complaints if they didn't.
 
 The real flaw that I see in their design is that they permit
 certificates that they installed to be removed.  Instead they should
 have provided a disabled feature so that those who wish to disable
 installed certs can do so and thereby ensure that in the future they
 won't be restored.
 
 Jeffrey Altman
 

-- 
Frank Siebenlist   [EMAIL PROTECTED]
The Globus Alliance - Argonne National Laboratory

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Enigma for sale on eBay

2007-07-21 Thread Jeff . Hodges


[EMAIL PROTECTED] said:
 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488


ebay now says (as of when this messge is sent):


   This Listing Is Unavailable 
 This listing (270146164488) has been removed or is no longer available.
 Please make sure you entered the right item number. If the listing was
 removed by eBay, consider it canceled. Note: Listings that have ended more
 than 90 days ago will no longer appear on eBay.



=JeffH


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: How the Greek cellphone network was tapped.

2007-07-21 Thread bear


On Thu, 19 Jul 2007, Charles Jackson wrote:

An earlier post, talking about vulnerabilities and the lack of an
appropriate market response, said:

We're talking about phone calls -- did all of the well-publicized
cellular eavesdropping (Prince Charles, Newt Gingrich (then a major US
politician), and more) prompt a change?  Well, there are now US laws
against that sort of phone eavesdropping gear -- a big help

Halfway, I think.  ISTR there are laws against manufacture for sale,
sale, purchase, or most usage of such gear - but no laws against
manufacture without intent to sell, posession, or some exempted
types of use of such gear.

Basically, owning such devices is not a crime, nor is using them
provided the target has been duly notified that their call will be
or is being intercepted.  So you can build the gear, and you can demo
the gear you've built on a call made for purposes of demo-ing the
gear.

Consult a lawyer first, but I believe it may also be legal to monitor
calls made in a given location provided you first put up a sign that
says all cell calls made on these premises will be monitored etc.
But you can't legally buy or sell the equipment to do it.

 I think the most publicized cases of cellular interception,
 including the two mentioned above, were interceptions of analog
 calls.  Such interception was not too hard to do.  In some cases you
 could pick up one side of such calls on old American TV sets (sets
 that tuned above channel 69 on the UHF dial).

The technical requirement was for a TV with a UHF analog *tuner* as
opposed to a digital channel-selection dial.  The channels that the
cellular network used (still uses?  I don't know) were inbetween the
channels that were assigned whole numbers in TV tuning.  So you could
pick up some cell traffic if you tuned, for example, to UHF TV
channel 78.44.  But not if you tuned to channel 78 or channel 79.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: How the Greek cellphone network was tapped.

2007-07-21 Thread Steven M. Bellovin
On Sat, 21 Jul 2007 04:46:51 -0700 (PDT)
bear [EMAIL PROTECTED] wrote:

 
 
 On Thu, 19 Jul 2007, Charles Jackson wrote:
 
 An earlier post, talking about vulnerabilities and the lack of an
 appropriate market response, said:
 
 We're talking about phone calls -- did all of the well-publicized
 cellular eavesdropping (Prince Charles, Newt Gingrich (then a major
 US politician), and more) prompt a change?  Well, there are now US
 laws against that sort of phone eavesdropping gear -- a big help
 
 Halfway, I think.  ISTR there are laws against manufacture for sale,
 sale, purchase, or most usage of such gear - but no laws against
 manufacture without intent to sell, posession, or some exempted
 types of use of such gear.
 
 Basically, owning such devices is not a crime, nor is using them
 provided the target has been duly notified that their call will be
 or is being intercepted.  So you can build the gear, and you can demo
 the gear you've built on a call made for purposes of demo-ing the
 gear.

Not as I read the statute (and of course I'm not a lawyer).  Have a
look at 18 USC 2512
(http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_2512000-.html)

any person who intentionally ...

manufactures, assembles, possesses, or sells any electronic,
mechanical, or other device, knowing or having reason to know
that the design of such device renders it primarily useful for the
purpose of the surreptitious interception of wire, oral, or
electronic communications, and that such device or any component
thereof has been or will be sent through the mail or transported
in interstate or foreign commerce;

...

So simple possession of a surreptitious interception device is illegal,
with exceptions for things like sale to law enforcement or
communications companies.

 
 Consult a lawyer first, but I believe it may also be legal to monitor
 calls made in a given location provided you first put up a sign that
 says all cell calls made on these premises will be monitored etc.
 But you can't legally buy or sell the equipment to do it.

Probably -- that's not surreptitious.
 
  I think the most publicized cases of cellular interception,
  including the two mentioned above, were interceptions of analog
  calls.  Such interception was not too hard to do.  In some cases you
  could pick up one side of such calls on old American TV sets (sets
  that tuned above channel 69 on the UHF dial).
 
 The technical requirement was for a TV with a UHF analog *tuner* as
 opposed to a digital channel-selection dial.  The channels that the
 cellular network used (still uses?  I don't know) were inbetween the
 channels that were assigned whole numbers in TV tuning.  So you could
 pick up some cell traffic if you tuned, for example, to UHF TV
 channel 78.44.  But not if you tuned to channel 78 or channel 79.

The specific law I had in mind when I posted that note was the
ban on scanners capable of picking up cellular bands, as well as
decoders to convert digital cellular signals to analog.  See
http://findarticles.com/p/articles/mi_m3457/is_n17_v11/ai_13701996
and http://www.eff.org/Legislation/?f=bills_affect_online.notice.txt

There are other provisions in the law that bar interception of
encrypted or scrambled signals, but I haven't waded through the
verbiage enough to know if they apply here.



--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: How the Greek cellphone network was tapped.

2007-07-21 Thread bear


On Sat, 21 Jul 2007, Steven M. Bellovin wrote:

Not as I read the statute (and of course I'm not a lawyer).  Have a
look at 18 USC 2512
(http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_2512000-.html)

   any person who intentionally ...

   manufactures, assembles, possesses, or sells any electronic,
   mechanical, or other device, knowing or having reason to know
that the design of such device renders it primarily useful for the
   purpose of the surreptitious interception of wire, oral, or
   electronic communications, and that such device or any component
   thereof has been or will be sent through the mail or transported
   in interstate or foreign commerce;

   ...

So simple possession of a surreptitious interception device is illegal,
with exceptions for things like sale to law enforcement or
communications companies.

Hm.  Okay, we're looking at the same law, and I am not a lawyer
either; but I read knowing or having reason to know ... that such
device or any component thereof has been or will be sent through the
mail or transported in interstate or foreign commerce as a limiting
clause on what would otherwise be an unconstitutional law.

In the case of someone who manufactures and posesses such a device,
but never sends it or its components through the mail nor transports
it in interstate or foreign commerce, I don't think this law gets
broken.  Despite intimidation tactics that do their best to try to
spread the opposite impression, this is explicitly *not* forbidden by
this law.

And the statute on using such a device, IIRC, also has a limitation,
in that it bans using such devices *surreptitiously* - which I think
permits non-surreptitious use such as demonstrations.

Still, it's a case of two reasonably educated people being able to
look at the same statute and draw different conclusions: Sooner or
later it will have to be decided in a trial to see who can pay the
best lawyers^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H see which
interpretation of the statute best serves justice.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Enigma for sale on eBay

2007-07-21 Thread Steven M. Bellovin
On Fri, 20 Jul 2007 14:10:40 -0700
[EMAIL PROTECTED] wrote:

 
 
 [EMAIL PROTECTED] said:
  http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488
 
 
 ebay now says (as of when this messge is sent):
 
 
  This Listing Is Unavailable 
  This listing (270146164488) has been removed or is no longer
  available. Please make sure you entered the right item number. If
  the listing was removed by eBay, consider it canceled. Note:
  Listings that have ended more than 90 days ago will no longer
  appear on eBay.
 

See Bruce Schneier's blog entry
(http://www.schneier.com/blog/archives/2007/07/enigma_machine.html) --
it was relisted and sold for $30K.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]