Anne Lynn Wheeler wrote:
James A. Donald wrote:
However, the main point of attack is phishing, when an
outsider attempts to interpose himself, the man in the
middle, into an existing relationship between two people
that know and trust each other.
in the public key model ... whether it
Ben Laurie wrote:
Eh? It surely does stop MitM attacks - the problem is that there's
little value in doing so for various reasons, such as no strong binding
between domain name and owner, UI that doesn't make it clear which
domain you are going to, or homograph attacks.
it stops the MITM
Anne Lynn Wheeler wrote:
a more sensible human factors design ... is to remember whether a person
has checked out first time communication with a stranger ... the real
first time, have the person do something additional ... and from then on
remember that checking. in that respect ... creating
Ben Laurie wrote:
This is the SSH design for host keys, of course, and also the petnames
design for URLs. Unfortunately petnames don't solve the problem that it
is hard to check the URL even the first time.
the original SSL paradigm was predicated on end-to-end security that
the server the
--
From: Werner Koch [EMAIL PROTECTED]
You need to clarify the trust model. The OpenPGP
standard does not define any trust model at all. The
standard merely defines fatures useful to implement a
trust model.
Clarifying the trust model sounds suspiciously like
designers
James A. Donald wrote:
--
From: Werner Koch [EMAIL PROTECTED]
You need to clarify the trust model. The OpenPGP
standard does not define any trust model at all. The
standard merely defines fatures useful to implement a
trust model.
Clarifying the trust model sounds
On Mon, 12 Dec 2005 10:59:05 -0600, Travis H said:
Not to side track the discussion, but frequently I've heard PKI
compared to PGP's model. Isn't PGP's trust model the same as everyone
being their own CA?
You need to clarify the trust model. The OpenPGP standard does not
define any trust
Ed Gerck wrote:
I think that's where PKI got it wrong in several parts and not
just the CPS. It started with the simplest (because it was meant to
work for a global RA -- remember X.500?) and then complexity was
added. Today, in the most recent PKIX dialogues, even RFC authors
often disagree
Anne Lynn Wheeler wrote:
OCSP provides for a online
transaction which asks whether the stale, staic information is still
usuable, attempting to preserve the facade that digital certificates
serve some useful purpose when there is online, direct access
capability. The alternative is to eliminate
On Fri, 9 Dec 2005, Ed Gerck wrote:
[...] at least the grand
picture should exist beforehand. This is what this thread's subject
paper is about, the grand picture for secure email and why aren't
we there yet (Phil's PGP is almost 15 years old) --
--
James A. Donald wrote:
However, the main point of attack is phishing, when
an outsider attempts to interpose himself, the man
in the middle, into an existing relationship between
two people that know and trust each other.
Anne Lynn Wheeler [EMAIL PROTECTED]
in the traditional,
James A. Donald wrote:
This was the scenario envisaged when PKI was created,
but I don't see it happening, and in fact attempting to
do so using existing user interfaces is painful. They
don't seem designed to do this.
My product, Crypto Kong, http://echeque.com/Kong was
designed to
--
From: Bill Stewart [EMAIL PROTECTED]
The real security issue for your mother is [...] her
bank and eBay don't cryptographically sign their mail.
And, since her bank and ebay are under massive attack
from phishers, and your mother, if she is using any of
the common email clients is
--
From: Anne Lynn Wheeler [EMAIL PROTECTED]
drastically improving the useability of the interface
to the trusted public key repositories could be viewed
as having two downsides 1) certification authorities
that haven't payed to have their public keys preloaded
can more easily join
--
From: Ed Gerck [EMAIL PROTECTED]
Digital certs (X.509 and PGP) are useful when the key
owner is not online. There is a world when this not
only happens but is also useful. BTW, this is
recognized in IBE as well.
But the key owner is always online, for in practice,
Not to side track the discussion, but frequently I've heard PKI
compared to PGP's model. Isn't PGP's trust model the same as everyone
being their own CA?
I find PGP to be problematic. Many keys I see are only self-signed,
and this includes important keys like CERT. Many others sit unsigned
on
--
From: Ralf Senderek [EMAIL PROTECTED]
I think what's missing is the understanding that there
cannot be secure email without the persons involved
acting responsible and knowing their role in the
process. Your mother will probably expect the computer
to do the job for her (mine will
On Thu, Dec 08, 2005 at 05:10:20PM -0800, Ed Gerck wrote:
PGP is public-key email without PKI.
This is true for use in geodesic networks, but not true for
inter-organization email, one ends up introducing gateway systems, that
create an ad-hoc PKI of gateways that have exchanged keys and users
Ed Gerck wrote:
I believe that's what I wrote above. This rather old point (known to the
X.509 authors, as one can read in their documents) is why X.509 simplifies
what it provides to the least possible _to_automate_ and puts all the local
and
human-based security decisions in the CPS.
Ed Gerck wrote:
PGP is public-key email without PKI. So is IBE. And yet neither of
them has
all the identical, same basic components that PKI also needs. Now, when you
look at the paper on email security at
http://email-security.net/papers/pki-pgp-ibe.htm
you see that the issue of what
James A. Donald wrote:
However, the main point of attack is phishing, when an
outsider attempts to interpose himself, the man in the
middle, into an existing relationship between two people
that know and trust each other.
in the public key model ... whether it involves pgp, pki, digital
Anne Lynn Wheeler wrote:
usually when you are doing baseline ... you start with the simplest,
evaluate that and then incrementally add complexity.
I think that's where PKI got it wrong in several parts and not
just the CPS. It started with the simplest (because it was meant to
work for a
At 09:40 AM 12/8/2005, Aram Perez wrote:
On Dec 7, 2005, at 10:24 PM, James A. Donald wrote:
Software is cheaper than boats - the poorest man can
afford the strongest encryption, but he cannot afford
the strongest boat.
If it is that cheap, then why are we having this discussion? Why
isn't
Anne Lynn Wheeler wrote:
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the
threat model considered in the CPS.
but that is one of the points of the article that as you automate more
things
--
From: Anne Lynn Wheeler
[EMAIL PROTECTED]
PKI is trying to offer some added value in first time
communication between two strangers
However, the main point of attack is phishing, when an
outsider attempts to interpose himself, the man in the
middle, into an existing
--
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat
should resist every probable storm, and if it
does not it is a bad boat, an encryption system
should resist every real threat, and if it does
not it is a
On Thu, Dec 08, 2005 at 09:40:22AM -0800, Aram Perez wrote:
On Dec 7, 2005, at 10:24 PM, James A. Donald wrote:
Aram Perez
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat should
resist every probable storm, and if it does not it
is
Ed Gerck wrote:
Depends on your use. An X.509 identity cert or a PGP cert
can be made as secure as you wish to pay for. The real
question, however, that is addressed by the paper is
how useful are they in terms of email security? How do
you compare them and which one or which product to
--
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat should
resist every probable storm, and if it does not it
is a bad boat, an encryption system should resist
every real threat, and if it does not it is a bad
encryption
James A. Donald [EMAIL PROTECTED] writes:
... email should be sent by a direct connection from the client to
the recipient mail server, rather than this store and forward crap.
This would eliminate the only available technique for strong anonymity
or pseudonymity. Strong anonymity or
--
From: Ed Gerck [EMAIL PROTECTED]
Depends on your use. An X.509 identity cert or a PGP
cert can be made as secure as you wish to pay for.
Many users are already using MUAs that check signatures.
Why are phishing targets not already using signed mail?
I conjecture that
Anne Lynn Wheeler wrote:
i've periodically written on security proportional to risk ... small sample
http://www.garlic.com/~lynn/2001h.html#61
...
introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
recipient to
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the threat model
considered in the CPS.
but that is one of the points of the article that as you automate more
things you have to be extra careful
On Dec 7, 2005, at 8:40 AM, James A. Donald wrote:
--
From: Ed Gerck [EMAIL PROTECTED]
Subject:X.509 / PKI, PGP, and IBE Secure
Email Technologies
http://email-security.net/papers/pki-pgp-ibe.htm
X.509 / PKI (Public-Key Infrastructure), PGP (Pretty
Good
Aram Perez wrote:
I'm sorry James, but you can't expect a (several hundred dollar)
rowboat to resist the same probable storm as a (million dollar) yacht.
There is no such thing as one-size encryption system fits all cases.
unfortunately there are more than a few counter-examples that are
35 matches
Mail list logo
