Re: Against Rekeying

2010-03-25 Thread Steven Bellovin
On Mar 23, 2010, at 11:21 AM, Perry E. Metzger wrote: Ekr has an interesting blog post up on the question of whether protocol support for periodic rekeying is a good or a bad thing: http://www.educatedguesswork.org/2010/03/against_rekeying.html I'd be interested in hearing what people

Re: Against Rekeying

2010-03-25 Thread Joseph Ashwood
-- From: Perry E. Metzger pe...@piermont.com Subject: Against Rekeying I'd be interested in hearing what people think on the topic. I'm a bit skeptical of his position, partially because I think we have too little experience with real world

Re: Against Rekeying

2010-03-25 Thread Simon Josefsson
Perry E. Metzger pe...@piermont.com writes: Ekr has an interesting blog post up on the question of whether protocol support for periodic rekeying is a good or a bad thing: http://www.educatedguesswork.org/2010/03/against_rekeying.html I'd be interested in hearing what people think on the

Re: Against Rekeying

2010-03-25 Thread Adam Back
Seems people like bottom post around here. On Tue, Mar 23, 2010 at 8:51 PM, Nicolas Williams nicolas.willi...@sun.com wrote: On Tue, Mar 23, 2010 at 10:42:38AM -0500, Nicolas Williams wrote: On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote: Ekr has an interesting blog post up

Re: Against Rekeying

2010-03-25 Thread Stephan Neuhaus
On Mar 23, 2010, at 22:42, Jon Callas wrote: If you need to rekey, tear down the SSL connection and make a new one. There should be a higher level construct in the application that abstracts the two connections into one session. ... which will have its own subtleties and hence probability

Re: Question regarding common modulus on elliptic curve cryptosystems

2010-03-25 Thread Matt Crawford
On Mar 21, 2010, at 4:13 PM, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may

Law Enforcement Appliance Subverts SSL

2010-03-25 Thread Rui Paulo
http://www.wired.com/threatlevel/2010/03/packet-forensics/ At a recent wiretapping convention however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds designed to intercept those communications, without breaking the encryption,

copy of On the generation of DSS one-time keys?

2010-03-25 Thread James Muir
Daniel Bleichenbacher presented an implementation attack against DSA in 2001 titled On the generation of DSS one-time keys. I think it made the rounds as a preprint, but I don't know if it was ever officially published. It's cited frequently (e.g. in the SEC1 doc

Re: Question regarding common modulus on elliptic curve cryptosystems

2010-03-25 Thread James A. Donald
On 2010-03-22 11:22 PM, Sergio Lerner wrote: Commutativity is a beautiful and powerful property. See On the power of Commutativity in Cryptography by Adi Shamir. Semantic security is great and has given a new provable sense of security, but commutative building blocks can be combined to build

Re: Against Rekeying

2010-03-25 Thread Jon Callas
On Mar 24, 2010, at 2:07 AM, Stephan Neuhaus wrote: On Mar 23, 2010, at 22:42, Jon Callas wrote: If you need to rekey, tear down the SSL connection and make a new one. There should be a higher level construct in the application that abstracts the two connections into one session.

Re: Question regarding common modulus on elliptic curve cryptosystems AND E-CASH

2010-03-25 Thread James A. Donald
On 2010-03-23 1:09 AM, Sergio Lerner wrote: I've read some papers, not that much. But I don't mind reinventing the wheel, as long as the new protocol is simpler to explain. Reading the literature, I couldn't find a e-cash protocol which : - Hides the destination / source of payments. - Hides

Re: Against Rekeying

2010-03-25 Thread John Ioannidis
I think the problem is more marketing and less technology. Some marketoid somewhere decided to say that their product supports rekeying (they usually call it key agility). Probably because they read somewhere that you should change your password frequently (another misconception, but that's

Re: [vserver] Bought an entropykey - very happy

2010-03-25 Thread Eugen Leitl
From: coderman coder...@gmail.com Date: Wed, 24 Mar 2010 10:50:33 -0700 To: Morlock Elloi morlockel...@yahoo.com Cc: cypherpu...@al-qaeda.net Subject: Re: [vserver] Bought an entropykey - very happy On Wed, Mar 24, 2010 at 8:43 AM, Morlock Elloi morlockel...@yahoo.com wrote: While avalanche

New Research Suggests That Governments May Fake SSL Certificates

2010-03-25 Thread Dave Kleiman
March 24th, 2010 New Research Suggests That Governments May Fake SSL Certificates Technical Analysis by Seth Schoen http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl Today two computer security researchers, Christopher Soghoian and Sid Stamm, released a

Re: Law Enforcement Appliance Subverts SSL

2010-03-25 Thread dan
Rui Paulo writes: -+--- | http://www.wired.com/threatlevel/2010/03/packet-forensics/ | | At a recent wiretapping convention however, security researcher Chris = | Soghoian discovered that a small company was marketing internet spying = | boxes to the feds designed to intercept

Blog post from Matt Blaze about Soghoian Stamm paper

2010-03-25 Thread Perry E. Metzger
Matt has an interesting blog post up about the Soghoian Stamm SSL interception paper: http://www.crypto.com/blog/spycerts -- Perry E. Metzgerpmetz...@cis.upenn.edu Department of Computer and Information Science, University of Pennsylvania

Re: Against Rekeying

2010-03-25 Thread Ben Laurie
On 24/03/2010 08:28, Simon Josefsson wrote: Perry E. Metzger pe...@piermont.com writes: Ekr has an interesting blog post up on the question of whether protocol support for periodic rekeying is a good or a bad thing: http://www.educatedguesswork.org/2010/03/against_rekeying.html I'd be

Re: Against Rekeying

2010-03-25 Thread Nicolas Williams
On Thu, Mar 25, 2010 at 01:24:16PM +, Ben Laurie wrote: Note, however, that one of the reasons the TLS renegotiation attack was so bad in combination with HTTP was that reauthentication did not result in use of the new channel to re-send the command that had resulted in a need for

Re: [Not] Against Rekeying

2010-03-25 Thread james hughes
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote: Ekr has an interesting blog post up on the question of whether protocol support for periodic rekeying is a good or a bad thing: http://www.educatedguesswork.org/2010/03/against_rekeying.html On Mar 23, 2010, at 4:23 PM, Adam