Re: ECC patents?

2005-09-15 Thread Rich Salz
If the NSA paid anything significant for any of the 
curves, we would be told.


You were better off not responding; you have lost your credibility on 
this topic.


Given
the NSA's history of secrecy; and
the fact that it's common practice to not disclose
(financial) terms (e.g., what were the terms to get RSA
into early SSL?) and that either/both parties have incentive
to keep it private; and
the way they handled the SHA-1-Schnorr patent issues,
I find it *highly significant* that the NSA announced, in a public 
forum, that they have a license for part of the Certicom patents.


I am sure that I'm not alone.
/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Cross logins

2005-08-04 Thread Rich Salz
 Is it possible for two web sites to arrange for cross
 logins?

Check out SAML, esp the browser artifact profile.

/r$

-- 
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-15 Thread Rich Salz
 If you had two products ... both effectively performing the same
 function, one you already had deployed, which was significantly cheaper,
 significantly simpler, and significantly faster, which one would you choose?

I was told that one of the reasons SSL took off was because Visa and/or MC
told merchants they would for the time being treat SSL as card-present,
in terms of fraud penalties, etc.  If this is true (anyone here verify?
My source is on the list if s/he wants to name themselves), then SSL/SET
is an interesting example of betting on both sides.
/r$
-- 
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-14 Thread Rich Salz
 I think that by eliminating the need for a merchant to learn
 information about your identity I have aimed higher. Given that we're
 talking about credit instruments,

Wasn't that a goal of SET?

/r$

-- 
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Digital signatures have a big problem with meaning

2005-06-13 Thread Rich Salz

 I don't want to have to re-implement Apache in order to do
 an SSL implementation. ...


Those analogies aren't apt.  XML is a data format, so it's more like
I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.


Makes sense to me.  The other problem with XML sigs (also pointed out in the
writeup) is the fact that it gives you 10 ways to do everything, of which only
1 is actually correct/secure/usable, but is indistinguishable from the other
9.


I don't see it.  Yes, XML DSIG makes it possible to sign parts of an XML 
document.  And there are broken applications.  Er, so what?  Is the lack 
of certificate validation in outlook proof that S/MIME is broken?



reluctant to implement something that lets users blow their feet off in a
dozen different ways without even knowing it.


So have your API take an XML document and output a signature that signs 
the exclusive canonicalization of that document, and includes the 
signer's certificate in the keydata.  Problem solved.  And that's a fair 
comparison, since S/MIME is just a profile of PKCS#7 applied to email, 
right?  So use WS-Security which is a profile of XML DSIG applied to 
SOAP messages, for example.


In other postings, you've pointed out that nobody re-generates the 
DER, but instead keeps it around to verify the signature.  In the XML 
world we do it all the time; recreating and re-canonicalizing works.  I 
guess that proves S/MIME and PGP are fundamentally broken. :)


/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Digital signatures have a big problem with meaning

2005-06-07 Thread Rich Salz
Peter Gutmann wrote:
 Yup, see Why XML Security is Broken,
 http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this.

Peter's shared earlier drafts with me, and we've exchanged email about this.
The only complaint that has a factual basis is this:
I don't want to have to implement XML processing to do
XML Digital Signatures

The others are just blowing smoke, or proof by snarkiness. :)

/r$

-- 
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Digital signatures have a big problem with meaning

2005-06-02 Thread Rich Salz

On the one hand a digital signature should matter more
the bigger the transaction that it protects.  On the
other hand, the bigger the transaction the lower the
probability that it is between strangers who have no
other leverage for recourse.


I think signatures are increasingly being used for technical reasons, 
not legal.  That is, sign and verify just to prove that all the layers 
of middleware and Internet and general bugaboos didn't screw with it. 
People seem to be building systems that assume proper operation, and use 
signatures as an application-level way to check, and also as a line of 
defense to screen out outsiders, rather than hold insiders liable.


Loosly coupled, tightly contracted.

/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Printers betray document secrets

2004-10-21 Thread Rich Salz
   US scientists have discovered that every desktop printer has a signature
  style that it invisibly leaves on all the documents it produces.

 I don't think this is new - I'm pretty sure it was
 published about 6 or 7 years back as a technique.

A couple of years ago, I was told that *every* Canon laser engine
generated a unique microprint signature that could be traced back to a
particular device.  OEMs could buy the engine with or without the
signature.  If so, this has been going on, surruptitiously, for years.
/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


NIST on TLS

2004-10-04 Thread Rich Salz
Found via the RSS feed for cryptome.org:

http://csrc.nist.gov/publications/drafts.html#sp800-52
NIST is pleased to announce the first public draft of Special Publication
800-52, Guidelines on the Selection and Use of Transport Layer Security.
This document is a guideline for implementing Transport Layer Security in
the Federal Government to protect sensitive information. Care must be
taken when selecting cryptographic mechanisms for authentication,
confidentiality, and message integrity, as some choices are non-compliant
with Government standards, or may pose security risks. The comment period
for this document will be 30 days, ending on November 1st, 2004.
Please direct all comments and questions to Matthew J. Fanto at
[EMAIL PROTECTED]


--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Kerberos Design

2004-09-06 Thread Rich Salz
I've been trying to study Kerberos' design history in the recent past
and have failed to come up with a good resource that explains why things
are built the way they are. 
http://web.mit.edu/kerberos/www/dialogue.html
/r$
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: dual-use digital signature vulnerability

2004-07-22 Thread Rich Salz
 attempt to address this area; rather than simple i agree/disagree
 buttons ... they put little checkmarks at places in scrolled form  you
 have to at least scroll thru the document and click on one or more
 checkmarks  before doing the i agree button. a digital signature has
 somewhat higher integrity than simple clicking on the i agree button ...

See US patent 5,995,625. The abstract:
A method of unwrapping wrapped digital data that is unusable
while wrapped, includes obtaining an acceptance phrase from a
user; deriving a cryptographic key from the acceptance phrase;
and unwrapping the package of digital data using the derived
cryptographic key. The acceptance phrase is a phrase entered
by a user in response to information provided to the user. The
information and the acceptance phrase can be in any appropriate
language. The digital data includes, alone or in combination, any
of: software, a cryptographic key, an identifying certificate,
an authorizing certificate, a data element or field of an
identifying or authorizing certificate, a data file representing
an images, data representing text, numbers, audio, and video.

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-15 Thread Rich Salz
 SET failed due to the complexity of distributing the software and setting
 up the credentials.  I think another reason was the go-fast atmosphere of
 the late 90s, where no one wanted to slow down the growth of ecommerce.
 The path of least resistance was simply to bring across the old way of
 authorizing transactions by card number.

I think your other reason was in fact the primary reason.  And, of course,
the primary enablers of the go-fast approach were, in fact, the very same
credit card companies.  They made a conscious business decision to treat
online transactions the same as conventional transactions -- I forget the
details, but it was pretty risk-free for a merchant to do online credit
cards, getting low surchage rates.  That, coupled with the US law that
limited consumer liability to $50, made CCard-over-SSL a no-brainer over
SET.

From a consumer viewpoint, CC/SSL is more secure then SET ever was.  Since
it wasn't a CCard transacdtion, my liability under SET was unlimited (at
least until Congress caught up to the technology).  Looking at the risk
management aspect, SET was a big loser for the customer.

/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Passwords can sit on disk for years

2004-06-14 Thread Rich Salz
 What?  No compiler is smart enough to say, The program
 sets these variables but they are never referenced again.
 I'll save time and not set them.

Given the semantics of C pointers, and multiple compilation units, the
answer to your question is probably not in non-research use.
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Security Architect Position at National Archives

2004-05-08 Thread Rich Salz
Forwarded with permission.  This may not be appropriate for the list, 
but it is one of the most interesting and useful crypto/security jobs 
I've seen in some time...

The position is at Archive II in College Park, right next to the 
University of MD, at the junction of I-95 and the beltway. The hours are 
flexible so avoiding the rush hour traffic is not a big deal.

The role is for a system architec/designer with strong cyber security 
experience. Somebody who can evaluate the security implication of 
various design proposal. In other words, I'm not looking just for 
somebody who can run a firewall or vulnerabiility check, or who can cite 
NIST security standard (although those skills woul dcome in handy too!).

We are hiring system integrator to build a large, distributed, 
multi-sites electronic archives. It's possibly the most interesting 
project in the civilian government, IMHO. You can find out more about it at
  http://www.archives.gov/electronic_records_archives/about_era/scope.html

The project is multi-year and is being bidded upon by large system 
integrators. So the candidate will get a chance to do interesting work, 
and watch how the big guys do it too.

Attched is the annoucement. It's a position I can bring directly in, 
without going through the OPM process.

Regards,
Dyung Le
[EMAIL PROTECTED]
Information Technology (IT) Specialist (INFORMATION SECURITY)
The National Archives and Records Administration (NARA) is seeking
one  (1) Information Technology (IT) Specialist (Information Security) as
part of the development team for NARAs Electronic Records Archives
(ERA) program. The Electronic Records Archives is a challenging program
with national importance, and aims to develop a comprehensive,
systematic, and dynamic mechanism for preserving virtually any kind of
electronic record, free from dependence on any specific hardware or
software. (http://www.archives.gov/electronic_records_archives/index.html)
--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Verisign CRL single point of failure

2004-03-31 Thread Rich Salz
dave kleiman wrote:
Because the client has a Certificate Revocation Checking function turned on
in a particular app (i.e. IE or NAV).
I don't think you understood my question.  Why is crl.verisign.com 
getting overloaded *now.*  What does the expiration of one of their CA 
certificates have to do with it?  Once you see that a cert has expired, 
there's no need whatsoever to go look at the CRL.  The point of a CRL is 
to revoke certificates prior to their expiration.
	/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Verisign CRL single point of failure

2004-03-31 Thread Rich Salz
   I'm not sure what the no longer
   dynamically changing means, I assume they've made it even worse by giving
   it a much larger expiry period, so your online check gives you the status
   from last year instead of last week.

It means that they learned the lesson when the erroneously issued
two MSFT certificates:
In the future, VRSN patches will be issued as MSFT
software updates.

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before

2003-12-29 Thread Rich Salz
I asked the guy making the presentation about the similarity to Kerberos 
message flows and he said something to the effect of ah yes, kerberos.
Not sure what the guy meant by that.  But yes, SAML flows are just 
like Kerberos flows.  And Liberty and WS-Federation look a lot like DCE 
cross-cell (er, Kerberos inter-realm) flows. After all, there's only not 
many ways to do secure online trusted third-party authentication.
	/r$
--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before

2003-12-26 Thread Rich Salz
2) certificates were fundamentally designed to address a trust issue in 
offline environments where a modicum of static, stale data was better 
than nothing
How many years have you been saying this, now? :)  How do those modern 
online environments achieve end-to-end content integrity and privacy? 
My guess is that they don't; their use of private value-add networks 
made it unnecessary.  If my guess is/was correct, than as more valuable 
transactions (or regulated data) flow over the commodity Internet, then 
those things will become important.  Make sense?  Am I right?

If so, then I believe that we need a federated identity and management 
infrastructure. The difference is that the third-party PKI enrollment 
model still doesn't make sense, and organizations will take over their 
own identity issues, as with SAML and Liberty.  Once you do that, adding 
publicKey as just another attribute is no big deal.  With any luck, 
the new year will bring the analogy SOAP::other middleware as SAML::x.509 :)

/r$
--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: IP2Location.com Releases Database to Identify IP's Geography

2003-12-22 Thread Rich Salz
 The IP2Location(TM) database contains more than 2.5 million records for all
 IP addresses. It has over 95 percent matching accuracy at the country
 level. Available at only US$499 per year, the database is available via
 download with free twelve monthly updates.

And since the charge is per-server, not per-query, you could easily
set up an international free service on a big piece of iron.
/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PKI root signing ceremony, etc.

2003-12-15 Thread Rich Salz
 *shrug* it doesn't retroactively enforce the safety net - but that's ok,
 most MS products don't either :)

The whole point is to enhance common practice, not stay at the lowest
common denominator.

 Key management and auditing is pretty much external to the actual software
 regardless of which solution you use I would have thought.

You'd be wrong. :)  I did just download and use XCA for a little bit.
It's practically impossible to audit.  Every key in the database is
protected with the same password.  The system ask for the password
as soon as it starts up.  If I leave the program running while
I leave my computer, I'm screwed.  The key-holder isn't asked to
confirm each signing -- there's no *ceremony* -- and they never
enter the password after the program starts.  For any kind of root
these are all very bad.

XCA is pretty nice for a Level-2 or small Level-1 CA.  The template
management, etc., is pretty good.  (Having them tied to the key database,
and having the keys be unlocked while making cert requests, are both
real bad ideas, however.)

/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


PKI root signing ceremony, etc.

2003-12-14 Thread Rich Salz
Some folks here might be interested in
   http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
which walks through a secure, auditable root keygen and signing ceremony.
The context is using OpenSSL to build a PKI so that we can write an XKMS
server, building up to secure Web Services messages using XML DSIG and
Encryption.

But hey, ya gotta start somewhere.
/r$


--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Rich Salz
 We've implemented a small version of SSL that we plan to release as
 open source by year's end.

Great!

 We're not looking for official legal advice, just some pointers to
 current online resources of how to go about registering our product in
 the US.

http://www.bxa.doc.gov/Encryption; Google for crypto export
turned it up as the third item.  Yes, open source is pretty easy
to export.  (Even for binaries, it's not like the bad old days;
the regulations are pretty realistic now.  For example, there's
really no such thing as export strength any more.)

 On a different, but similar legal note,
 what current patent/trademark issues have people run across with the
 algorithms mentioned above?

Well, for the ones you mentioned, RSA and 3DES are unencumberd.
RC4 is a trademark owned by RSA Data Security.  So don't violate their
trademark.
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: XML-proof UIDs

2003-11-17 Thread Rich Salz
 This is what GUIDs/UUIDs were designed for, and they're used broadly.
 They're standardized in ISO 11578 [1], although there's a very similar
 public description in an expired Internet Draft [2]. Microsoft also
 publishes a description of how they generate their GUIDs, but I can't find
 it right now.

That draft has been replaced by the UUID/URN draft that I mentioned.
It includes all of the original text.  Actually, I rewrote most of it
so it reads better now.  It's actually in the final comment period and
should show up as an official RFC in few weeks.
/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-07 Thread Rich Salz
  I took the initial view that closed source and trustable
 crypto are mutually incompatible

Of course this isn't true.  When is the last time you built your
own ATM or credit-card POS terminal?

 Claims such
 as Download this app and you will be secure should definitely need to
 be proven, and if the app is built with TLS++ that would mean
 distributing the source code.

That's not enough.  Are you validating the toolchain?  (See Ken Thompson's
Turing Aware lecture on trusting trust).  Are you going to prevent
users from storing private keys in world-readable files?  Think very
carefully before you make *any* claims about what features your software
will provide, and what is necessary to truly ensure those features.
Are you planning on taking real liability here?   That would be a first
in the software world.

 I don't want to restrict the distribution of TLS++, but I
 also don't want crippled versions of it being used to fool the public.

Do you really think that someone who wants to fool the public will
be deterred by a LICENSE.txt file in an open source distribution?

 If anyone could help me to outline a reasonable possibility?

I think that rather than spending time on deciding what to call this
library that is to-be-written, and how to license this library that is
to-be-written, that time should be spent on, well, writing it. :)
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: using SMS challenge/response to secure web sites

2003-10-03 Thread Rich Salz
Now a company called NetPay.TV - I have no idea about
them, really - have started a service that sends out
a 6 digit pin over the SMS messaging features of the
GSM network for the user to type in to the website [4].
Authentify (http://www.authentify.com), does the same kind of thing. 
They put a number on a web page, and then they call you and you key in 
the number.  They were founded in 1999; not sure if they're still active.
	/r$
--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Monoculture

2003-09-30 Thread Rich Salz
 I imagine the Plumbers  Electricians Union must have used similar
 arguments to enclose the business to themselves, and keep out unlicensed
 newcomers.  No longer acceptable indeed.  Too much competition boys?

The world might be better off if you couldn't call something
secure unless it came from a certificated security programmer.
Just like you don't want your house wired by a Master Electrician, who has
been proven to have experience and knowledge of the wiring code -- i.e.,
both theory and practice.

Yes, it sometimes sucks to be a newcomer and treated with derision unless you
can prove that you understand the current body of knowledge.  We should
all try to be nicer.  But surely you can understand a cryptographer's
frustration when a VPN -- what does that P stand for? -- shows flaws
that are equivalent to a syntax error in a Java class.

Perhaps it would help to think of it as defending the field.  When
crap and snake-oil get out, even well-meaning crap and snake-oil,
the whole profession ends up stinking.
/r$

PS:  As for wanting to avoid the client-server distinction in SSL/TLS,
 just require certs on both sides and do mutual authentication.
 The bytestream above is already bidirectional.

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Rich Salz
 You propose to put a key into a physical device and give it
 to the public, and expect that they will never recover
 the key from it?  Seems unwise.

You think the public can crack FIPS devices?  This is mass-market, not
govt-level attackers.

Second, if the key's in hardware you *know* it's been stolen.  You don't
know that for software.
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Rich Salz
And 'the public' doesn't include people like government level attackers?
People like cryptography experts?  People who like to play with things like
this?
No it doesn't.  *It's not in the threat model.*

	/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-06 Thread Rich Salz
 On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote:
  It is the first *source code* certification.

 The ability to do this runs counter to my understanding of FIPS 140-2.

Sure, that's why it's *the first.*  They have never done this before,
and it is very different to how they (or their Ft Meade experts) have
done things before.  I suppose one could argue that they're doing
this for Level 1 to increase the industry demand for Level 2,
but I'm not that paranoid.  I think they finally get it.   Also,
while I don't know anything beyond what's in the public email, but
based on the initial refeference platform I'll jump to some conclusions
about who's involved, and they're folks with a great deal of credibility,
experience, and influence in export and govt crypto issues.

Anyhow, if you are interested in details, read the articles (3 at
last check) in the thread from the original URL I posted.  You did
read before posting, right? :)
/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Rich Salz
This is termendously exciting.  For the first time ever, NIST will be 
certifying a FIPS 140 implementation based on the source code.  As long 
as the pedigree of the source is tracked, and checked at run-time, 
then applications can claim FIPS certification.

For details:
http://groups.google.com/groups?dq=hl=enlr=ie=UTF-8threadm=bj9mos%242tbt%241%40FreeBSD.csie.NCTU.edu.twprev=/groups%3Fgroup%3Dmailing.openssl.users
	/r$

--
Rich Salz, Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Session Fixation Vulnerability in Web Based Apps

2003-06-15 Thread Rich Salz
 The framework, however, generally provides insecure cookies.

No I'm confused.  First you said it doesn't make things like the
session-ID available, and I posted a URL to show otherwise.  Now you're
saying it's available but insecure?
/r$
--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Nullsoft's WASTE communication system

2003-06-01 Thread Rich Salz
 It's utterly baffling to me why people like this choose to design
 their own thing rather than just using SSL.

Totally agree.  At this point in time, if it's a TCP based protocol
and it isn't built on SSL/TLS, it should pretty much be treated
as snake oil, I'd say.  Perhaps some kind of evangelism is needed.
/r$


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]