On 13/09/11 00:09, Marsh Ray wrote:
> The more generally useful a communications facility that you develop,
> the less knowledge and control the engineer has about the conditions
> under which it will be used.
If that describes the current situation, it also tells us why
"software engineering
On 2011-09-13 5:22 AM, Peter Gutmann wrote:
Some years ago I predicted that it'd take an Enron-scale catastrophe to
finally get browser security fixed.
Note that Enron led to Sarbanes Oxley, which mandated a mighty
bureaucracy to do even more of what accountants had been doing before Enron.
_
On Sep 12, 2011, at 2:02 AM, Ian G wrote:
>> (There are likely some Googlers on this list who can speak authoritatively
>> on whether their management are "scared as hell" or even noticing.)
>
> Googlers are unlikely to do so. Google has a firm rule about not discussing
> business outside the c
On 09/12/2011 02:50 PM, Ian G wrote:
On 13/09/2011, at 5:12, Marsh Ray wrote:
It never was, and yet, it is asked to do that routinely today.
This is where threat modeling falls flat.
The more generally useful a communications facility that you
develop, the less knowledge and control the eng
Jon, I think there was a great deal of wisdom in your post. I'd add only one
thing: a pointer to the definition of "dialog box" at
http://www.w3.org/2006/WSC/wiki/Glossary .
___
cryptography mailing list
cryptography@randombit.net
http://lists.random
Peter Gutmann commented:
#[0] I'm being conservative here, in practice I don't recall seeing anyone
#expressing faith in PKI, but I didn't read every one of the vast numbers
#of comments.
Well, I'd suggest that NIST 800-63
(http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_
On 13/09/2011, at 5:12, Marsh Ray wrote:
> It never was, and yet, it is asked to do that routinely today.
>
> This is where threat modeling falls flat.
>
> The more generally useful a communications facility that you develop, the
> less knowledge and control the engineer has about the condit
Paul Hoffman writes:
>We don't "all" observe that. Some of us observe a third, more likely
>approach: nothing significant happens due to this event. The "collapse of
>faith" is only among the security folks whose faith was never there in the
>first place. A week after the event, who was talking a
On 09/12/2011 01:45 PM, M.R. wrote:
The system is not expected to protect individual
liberty, life or limb, nor is it expected to protect high-value
monetary transactions, intellectual property assets, state secrets
or critical civic infrastructure operations.
It never was, and yet, it is asked
In my, rather mundane world of corporate security, the threat model
must answer (at the very least) the following questions:
1) What is the upper bound of the loss of protected asset?
2) Who is the attacker and what are his capabilities?
3) What is the estimated cost of mounting a successful at
On 13/09/2011, at 0:15, "M.R." wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~be
M.R.,
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~before~ the
> "SSL system" was desig
On Sun, Sep 11, 2011 at 8:37 AM, Douglas Huff wrote:
>
> On Sep 11, 2011, at 9:25 AM, Thierry Moreau wrote:
>>
>> E.g. http://datatracker.ietf.org/wg/dane/ (DNS-based Authentication of Named
>> Entities (dane))
>
> Which makes a huge assumption about DNS SEC that is just not realistic.
> Namely,
On Sun, Sep 11, 2011 at 10:45 AM, Peter Gutmann
wrote:
> "James A. Donald" writes:
>>On 2011-09-11 9:10 AM, Andy Steingruebl wrote:
>>> 1. Phishing isn't the only problem right?
>>> 2. To some degree this is a game where we have to guess their next
>>> step, and make that harder too.
>>
>>If we w
On 09/11/2011 11:24 PM, Paul Hoffman wrote:
On Sep 11, 2011, at 6:40 PM, Marsh Ray wrote:
On 09/11/2011 07:26 PM, Paul Hoffman wrote:
Some of us observe a third, more likely approach: nothing
significant happens due to this event. The "collapse of faith" is
only among the security folks whose
On Sep 12, 2011, at 7:15 AM, M.R. wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon ~b
On Mon, Sep 12, 2011 at 9:15 AM, M.R. wrote:
> In these long and extensive discussions about "fixing PKI" there
> seems to be a fair degree of agreement that one of the reasons
> for the current difficulties is the fact that there was no precisely
> defined threat model, documented and agreed upon
On Sun, Sep 11, 2011 at 1:09 AM, Jon Callas wrote:
> We're all in the middle of a maze trying to get back. It's easier to
> understand things if you start at the beginning and walk your way forward.
> (It's often even easier to start at the end and walk backwards, too, but I
> don't think we have
In summary, Jon Callas wrote, about the challenges of ascertaining
identities:
The who who make you an authority are the community,
and they do it because you act like one.
This is just one of three models of identity assessment, prior to any
technological component:
one's reputation in
On Sun, Sep 11, 2011 at 7:09 AM, Jon Callas wrote:
> PGP is of course the most notorious consensus system. There's a lot of good
> things about it. It's very resilient in the face of unreliable authorities
> (think Nasrudin). A number of proposals on how to fix the SSL problem adopt
> a quasi-PGP
We're all in the middle of a maze trying to get back. It's easier to understand
things if you start at the beginning and walk your way forward. (It's often
even easier to start at the end and walk backwards, too, but I don't think we
have that option.)
When public-key crypto was created, it lib
In these long and extensive discussions about "fixing PKI" there
seems to be a fair degree of agreement that one of the reasons
for the current difficulties is the fact that there was no precisely
defined threat model, documented and agreed upon ~before~ the
"SSL system" was designed and deployed.
On Sun, 2011-09-11 at 17:26 -0700, Paul Hoffman wrote:
> On Sep 11, 2011, at 4:50 PM, Ian G wrote:
>
> > So, what happens now? As we all observe, there are two approaches to
> > dealing with the collapse of faith of the PKI system: incremental fixes,
> > and complete rewrite.
>
> We don't "all
On Sun, 2011-09-11 at 17:26 -0700, Paul Hoffman wrote:
> On Sep 11, 2011, at 4:50 PM, Ian G wrote:
>
> > So, what happens now? As we all observe, there are two approaches to
> > dealing with the collapse of faith of the PKI system: incremental fixes,
> > and complete rewrite.
>
> We don't "all
The problem with "shifts of faith" is that if there is really a groundswell
against, we're as likely to miss it. People who leave generally do exactly
that, and don't bother talking about it.
That said ..
>>> Some of us observe a third, more likely approach: nothing significant
>>> happens due
25 matches
Mail list logo