Re: New article on root certificate problems with Windows
Paul Hoffman [EMAIL PROTECTED] writes: At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote: |From a security point of view, this is really bad. From a usability point of |view, it's necessary. As you can see from my list of proposed solutions, I disagree. I see no reason not to to alert a user *who has removed a root* that you are about to put it back in. It depends on what you mean by user. You're assuming that direct action by the wetware behind the keyboard resulted in its removal. However given how obscure and well-hidden this capability is, it's more likely that a user agent acting with the user's rights caused the problem. So the message you end up communicating to the user is: Something you've never heard of before has changed a setting you've never heard of before that affects the operation of something you've never heard of before and probably wouldn't understand no matter how patiently we explain it. (those things are, in order some application or script, the cert trust setting, certificates, and PKI). I guess we'd need word from MS on whether this is by design or by accident, but I can well see that quietly unbreaking something that's broken for some reason would be seen as desirable behaviour. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New article on root certificate problems with Windows
At 7:58 PM +1200 7/20/07, [EMAIL PROTECTED] wrote: Paul Hoffman [EMAIL PROTECTED] writes: At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote: |From a security point of view, this is really bad. From a usability point of |view, it's necessary. As you can see from my list of proposed solutions, I disagree. I see no reason not to to alert a user *who has removed a root* that you are about to put it back in. It depends on what you mean by user. You're assuming that direct action by the wetware behind the keyboard resulted in its removal. Correct, I was. However given how obscure and well-hidden this capability is, it's more likely that a user agent acting with the user's rights caused the problem. So the message you end up communicating to the user is: Something you've never heard of before has changed a setting you've never heard of before that affects the operation of something you've never heard of before and probably wouldn't understand no matter how patiently we explain it. (those things are, in order some application or script, the cert trust setting, certificates, and PKI). Very good point. Bigger picture takeaway: when both a user and an application can change a crypto setting in an application (or OS), any later messages relating to that event are likely to be confusing because they can't be directly linked to the action. This applies to all of our crypto-in-the-real-world, not just the trust anchor issue at hand. --Paul Hoffman, Director --VPN Consortium - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Announcing DIMACS 2007-2010 Special Focus on Algorithmic Foundations of the Internet
[Moderator's note: the Secure Routing focus may be of interest to some readers. --Perry] *** Announcing DIMACS 2007-2010 Special Focus on Algorithmic Foundations of the Internet http://dimacs.rutgers.edu/SpecialYears/2007_AFI/ *** The Internet has an ever-expanding role in our daily lives; yet, it is arguably one of the most fragile components of our nation's critical infrastructure. The Internet was designed as a research network without the expectation that it would eventually be used for everything from banking, commerce, and telecommunications to the remote management of power networks. The scale and heterogeneity of the Internet have far surpassed all expectations, and the Internet is responding by showing signs of strain. Moreover, new applications heighten the need for security and network management capabilities, neither of which were major goals in the original design of Internet protocols. DIMACS is hosting a 3-year special focus devoted to the study of algorithms and protocols for large-scale networks. The focus is scheduled to start in August 2007 and continue through July 2010. The special focus aims to enhance our understanding of the limitations of today's protocols, as well as the gains that new designs could achieve. This is an emerging cross-disciplinary area that requires expertise from several fields including networking, theory of computing, computer and communications security, and game theory. Research collaborations spanning these communities are crucial to making progress on the most challenging problems, and enabling these collaborations is a major goal of this special focus. As the Internet continues to grow, more and more business-critical functions rely on its availability. One can easily envision a future in which the vast majority of communications traffic, including telephone, television, radio, business data, and government data, will rely on an Internet infrastructure that is available and secure. For the Internet to meet these challenges, we need a much deeper understanding of the properties of our existing protocols and the fundamental tradeoffs that should guide the design of the future Internet. Providing a strong algorithmic foundation for the Internet is especially timely, as the research community embarks on an ambitious rethinking of the Internet architecture. There are many algorithms and protocols used in the Internet and its applications. Some adequately serve their desired purposes, while others need improvement. However, there is a disconnect between the methodology and results of algorithms research and the methodology and results used to guide the adoption of Internet protocol standards. On the one hand, traditional distributed-algorithms research does not adequately model the Internet's design goals, including autonomy, scalability, and privacy. On the other hand, protocol-adoption standards far too often rely on experimentation and testing by vendors and select customers, not on formal analysis. Protocols are often tweaked to add customer functionality without scrutinizing the resulting behavior in worst-case situations or proving any kind of correctness or security properties. Furthermore, these worst-case situations occur more often than expected, due to both the sheer size of the network and the fact that malicious agents can use security flaws to take control of significant parts of the Internet. This special focus seeks to bridge the gap between networking research focused on the existing artifacts - the protocols and mechanisms underlying today's Internet - and the new work that needs to be done to lay a solid foundation for the design of a future Internet. Research focusing on today's network emphasizes characterization, primarily through measurement and prototyping, of existing protocols and mechanisms, in order to improve our understanding of the Internet and guide incremental changes to the system. Although algorithmic models have played a role in this work, the details of today's protocols and mechanisms often defy attempts to impose rigorous models after the fact. The future Internet needs to be more secure, be easier to manage, and take greater advantage of new underlying technologies, such as sensor networks, wireless networks, and optical switching. This argues for the design of new protocols and mechanisms with their key properties in mind from the outset. An algorithmic mindset is an extremely important ingredient in this line of research. This special focus is guided by a deep understanding of the current Internet but allows for the possibility of radical change where it is warranted. The focus seeks to analyze and design protocols, algorithms, and architectures for a future Internet that is based on sound mathematical and computational foundations,
Re: New article on root certificate problems with Windows
(I don't have access to windoze... cannot verify if my suggestion would work...) Can't you replace the installed root certs with empty files or bogus content such that they will fail path validation and still trick MS not to re-install them? -Frank. Jeffrey Altman wrote: [EMAIL PROTECTED] wrote: The executive summary, so I've got something to reply to: In the default configuration for Windows XP with Service Pack 2 (SP2), if a user removes one of the trusted root certificates, and the certifier who issued that root certificate is trusted by Microsoft, Windows will silently add the root certificate back into the user's store and use the original trust settings. While I don't agree with this behaviour, I can see why Microsoft would do this, and I can't see them changing it at any time in the future. It's the same reason why they ignore key usage restrictions and allow (for example) an encryption-only key to be used for signatures, and a thousand other breaches of PKI etiquette: There'd be too many user complaints if they didn't. The real flaw that I see in their design is that they permit certificates that they installed to be removed. Instead they should have provided a disabled feature so that those who wish to disable installed certs can do so and thereby ensure that in the future they won't be restored. Jeffrey Altman -- Frank Siebenlist [EMAIL PROTECTED] The Globus Alliance - Argonne National Laboratory - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Enigma for sale on eBay
[EMAIL PROTECTED] said: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488 ebay now says (as of when this messge is sent): This Listing Is Unavailable This listing (270146164488) has been removed or is no longer available. Please make sure you entered the right item number. If the listing was removed by eBay, consider it canceled. Note: Listings that have ended more than 90 days ago will no longer appear on eBay. =JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: How the Greek cellphone network was tapped.
On Thu, 19 Jul 2007, Charles Jackson wrote: An earlier post, talking about vulnerabilities and the lack of an appropriate market response, said: We're talking about phone calls -- did all of the well-publicized cellular eavesdropping (Prince Charles, Newt Gingrich (then a major US politician), and more) prompt a change? Well, there are now US laws against that sort of phone eavesdropping gear -- a big help Halfway, I think. ISTR there are laws against manufacture for sale, sale, purchase, or most usage of such gear - but no laws against manufacture without intent to sell, posession, or some exempted types of use of such gear. Basically, owning such devices is not a crime, nor is using them provided the target has been duly notified that their call will be or is being intercepted. So you can build the gear, and you can demo the gear you've built on a call made for purposes of demo-ing the gear. Consult a lawyer first, but I believe it may also be legal to monitor calls made in a given location provided you first put up a sign that says all cell calls made on these premises will be monitored etc. But you can't legally buy or sell the equipment to do it. I think the most publicized cases of cellular interception, including the two mentioned above, were interceptions of analog calls. Such interception was not too hard to do. In some cases you could pick up one side of such calls on old American TV sets (sets that tuned above channel 69 on the UHF dial). The technical requirement was for a TV with a UHF analog *tuner* as opposed to a digital channel-selection dial. The channels that the cellular network used (still uses? I don't know) were inbetween the channels that were assigned whole numbers in TV tuning. So you could pick up some cell traffic if you tuned, for example, to UHF TV channel 78.44. But not if you tuned to channel 78 or channel 79. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
On Sat, 21 Jul 2007 04:46:51 -0700 (PDT) bear [EMAIL PROTECTED] wrote: On Thu, 19 Jul 2007, Charles Jackson wrote: An earlier post, talking about vulnerabilities and the lack of an appropriate market response, said: We're talking about phone calls -- did all of the well-publicized cellular eavesdropping (Prince Charles, Newt Gingrich (then a major US politician), and more) prompt a change? Well, there are now US laws against that sort of phone eavesdropping gear -- a big help Halfway, I think. ISTR there are laws against manufacture for sale, sale, purchase, or most usage of such gear - but no laws against manufacture without intent to sell, posession, or some exempted types of use of such gear. Basically, owning such devices is not a crime, nor is using them provided the target has been duly notified that their call will be or is being intercepted. So you can build the gear, and you can demo the gear you've built on a call made for purposes of demo-ing the gear. Not as I read the statute (and of course I'm not a lawyer). Have a look at 18 USC 2512 (http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_2512000-.html) any person who intentionally ... manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce; ... So simple possession of a surreptitious interception device is illegal, with exceptions for things like sale to law enforcement or communications companies. Consult a lawyer first, but I believe it may also be legal to monitor calls made in a given location provided you first put up a sign that says all cell calls made on these premises will be monitored etc. But you can't legally buy or sell the equipment to do it. Probably -- that's not surreptitious. I think the most publicized cases of cellular interception, including the two mentioned above, were interceptions of analog calls. Such interception was not too hard to do. In some cases you could pick up one side of such calls on old American TV sets (sets that tuned above channel 69 on the UHF dial). The technical requirement was for a TV with a UHF analog *tuner* as opposed to a digital channel-selection dial. The channels that the cellular network used (still uses? I don't know) were inbetween the channels that were assigned whole numbers in TV tuning. So you could pick up some cell traffic if you tuned, for example, to UHF TV channel 78.44. But not if you tuned to channel 78 or channel 79. The specific law I had in mind when I posted that note was the ban on scanners capable of picking up cellular bands, as well as decoders to convert digital cellular signals to analog. See http://findarticles.com/p/articles/mi_m3457/is_n17_v11/ai_13701996 and http://www.eff.org/Legislation/?f=bills_affect_online.notice.txt There are other provisions in the law that bar interception of encrypted or scrambled signals, but I haven't waded through the verbiage enough to know if they apply here. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How the Greek cellphone network was tapped.
On Sat, 21 Jul 2007, Steven M. Bellovin wrote: Not as I read the statute (and of course I'm not a lawyer). Have a look at 18 USC 2512 (http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_2512000-.html) any person who intentionally ... manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce; ... So simple possession of a surreptitious interception device is illegal, with exceptions for things like sale to law enforcement or communications companies. Hm. Okay, we're looking at the same law, and I am not a lawyer either; but I read knowing or having reason to know ... that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce as a limiting clause on what would otherwise be an unconstitutional law. In the case of someone who manufactures and posesses such a device, but never sends it or its components through the mail nor transports it in interstate or foreign commerce, I don't think this law gets broken. Despite intimidation tactics that do their best to try to spread the opposite impression, this is explicitly *not* forbidden by this law. And the statute on using such a device, IIRC, also has a limitation, in that it bans using such devices *surreptitiously* - which I think permits non-surreptitious use such as demonstrations. Still, it's a case of two reasonably educated people being able to look at the same statute and draw different conclusions: Sooner or later it will have to be decided in a trial to see who can pay the best lawyers^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H see which interpretation of the statute best serves justice. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Enigma for sale on eBay
On Fri, 20 Jul 2007 14:10:40 -0700 [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] said: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488 ebay now says (as of when this messge is sent): This Listing Is Unavailable This listing (270146164488) has been removed or is no longer available. Please make sure you entered the right item number. If the listing was removed by eBay, consider it canceled. Note: Listings that have ended more than 90 days ago will no longer appear on eBay. See Bruce Schneier's blog entry (http://www.schneier.com/blog/archives/2007/07/enigma_machine.html) -- it was relisted and sold for $30K. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]