On 18/09/11 2:59 PM, Arshad Noor wrote:
On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce
the probability of failure; it gives attackers more chances to score a
hit with (our agreed-upon hypothetical) 0.01 probability. After just
On 18/09/11 1:54 PM, Arshad Noor wrote:
When one connects to a web-site, one does not trust all 500 CA's in
one's browser simultaneously; one only trusts the CA's in that specific
cert-chain. The probability of any specific CA from your trust-store
being compromised does not change just because
On 18/09/11 7:55 PM, M.R. wrote:
On 18/09/11 09:12, Jeffrey Walton wrote:
If you can secure the system from the government...
I can't possibly be the only one here that takes the
following to be axiomatic:
+++
A communication security system, which depends on a corporate
entity playing a
On 19/09/11 3:50 AM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.
I'm afraid we will remain in disagreement on
On 19/09/11 6:53 AM, James A. Donald wrote:
On 2011-09-18 7:55 PM, M.R. wrote:
It follows then that we are not looking at replacing the SSL
system with something better, but at keeping the current
SSL - perhaps with some incremental improvements - for the
retail transactions,
These days, most
On 19/09/11 7:11 AM, Marsh Ray wrote:
Now that the cat's out of the bag about PKI in general and there's an
Iranian guy issuing to himself certs for www.*.gov seemingly at will,
Hmmm... did he do that?
That would seem to get the message across to the PKI proponents far
better than logic or
Hi Joe,
On 19/09/11 5:30 AM, Joe St Sauver wrote:
Ian asked:
#Right -- how to fix the race to the bottom?
Wasn't that supposed to be part of the Extended Validation solution?
In a way, it was. More particularly it was the fix to certificate
manufacturing. The obvious fix to low quality
Hi James,
On 19/09/11 1:39 PM, James A. Donald wrote:
On 19/09/11 6:53 AM, James A. Donald wrote:
These days, most retail transactions have a sign in.
Sign ins are phisher food.
SSL fails to protect sign ins.
On 2011-09-19 1:12 PM, Ian G wrote:
Hence, frequent suggestions to uptick
On 17/09/11 2:33 AM, Ben Laurie wrote:
A sufficiently low upper bound is convincing enough :-)
This is all the example seeks to show: There is a low upper bound.
We really don't care whether it is 1% or 30%, or +/- 2% or finger in the
air... as long as it is too low to be credible.
We
On 17/09/11 3:07 AM, M.R. wrote:
On 16/09/11 09:16, Jeffrey Walton wrote:
The problem is that people will probably die
due Digitar's failure.
I am not the one to defend DigiNotar, but I would not make such
dramatic assumption.
No one actively working against a government that is known to
On 15/09/2011, at 15:40, Kevin W. Wall kevin.w.w...@gmail.com wrote:
Trust is not binary.
Right. Or, in modelling terms, trust isn't absolute.
AES might be 99.99% reliable, which is approximately 100% for any million
or so events [1].
Trust in a CA might be more like 99%.
Now, if we
On 16/09/2011, at 1:22, Andy Steingruebl a...@steingruebl.com wrote:
On Wed, Sep 14, 2011 at 7:34 PM, Arshad Noor arshad.n...@strongauth.com
wrote:
However, an RP must assess this risk before trusting a self-signed
Root CA's certificate. If you believe there is uncertainty, then
don't
On 13/09/2011, at 23:57, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Sep 12, 2011 at 5:48 PM, James A. Donald jam...@echeque.com wrote:
--
On 2011-09-11 4:09 PM, Jon Callas wrote:
The bottom line is that there are places that continuity
works well -- phone calls are actually a good
The problem with shifts of faith is that if there is really a groundswell
against, we're as likely to miss it. People who leave generally do exactly
that, and don't bother talking about it.
That said ..
Some of us observe a third, more likely approach: nothing significant
happens due to
On 13/09/2011, at 0:15, M.R. makro...@gmail.com wrote:
In these long and extensive discussions about fixing PKI there
seems to be a fair degree of agreement that one of the reasons
for the current difficulties is the fact that there was no precisely
defined threat model, documented and
On 13/09/2011, at 5:12, Marsh Ray ma...@extendedsubset.com wrote:
It never was, and yet, it is asked to do that routinely today.
This is where threat modeling falls flat.
The more generally useful a communications facility that you develop, the
less knowledge and control the engineer
On 11/09/2011, at 10:02, James A. Donald jam...@echeque.com wrote:
On 2011-09-11 9:10 AM, Andy Steingruebl wrote:
1. Phishing isn't the only problem right?
Malware + breaches might be the other 2 biggies.
Note that the malware/pc takeover market was probably financed by profits from
Lucky Peter said:
Moreover, I noticed that some posts list one or more desirable properties
and requirements together with a proposed solution.
That's the nice thing about PKI, there's more than enough fail to go around.
So, what happens now? As we all observe, there are two approaches
Arrgghh apologies. I fell asleep over my iPhone and my finger slid over the
Send button.
On 10/09/2011, at 8:46, Ian G i...@iang.org wrote:
On 09/09/2011, at 9:11, Lucky Green shamr...@cypherpunks.to wrote:
o What do I mean by the SSL system?
I've taken to using TLS
Hi Steve,
On 11/09/2011, at 1:07, Steven Bellovin s...@cs.columbia.edu wrote:
Sorry, that doesn't work. Afaik, there is practically zero evidence of
Internet interception of credit cards.
This makes no sense whatsoever.
(the point here is that the original statement said we had limited
On 08/09/2011, at 11:31, Lucky Green shamr...@cypherpunks.to wrote:
The SSL/public CA model did an admirable job in that regard and Taher
ElGamal and Paul Kocher deserve full credit for this accomplishment.
As long as we can document that original model, I'm inclined to agree.
SSL's
Hi, Lucky, good to see some perspective!
On 08/09/2011, at 8:52, Lucky Green shamr...@cypherpunks.to wrote:
o Changes to OCSP
.
The
problem was that the top three CA vendors at the time, RSA Security,
VeriSign, and Netscape didn't have a comprehensive database of
certificates issued by
On 7/09/11 7:34 AM, Fredrik Henbjork wrote:
Here's another gem related to the subject. In 2003 CAcert wished to have
their root certificate added to Mozilla's browser, and in the resulting
discussion in Bugzilla, Mozilla cryptodeveloper Nelson Bolyard had the
following to say:
I have no
On 8/09/11 5:34 AM, Fredrik Henbjork wrote:
http://www.globalsign.com/company/press/090611-security-response.html
This whole mess just gets better and better...
As a responsible CA, we have decided to temporarily cease issuance of
all Certificates until the investigation is complete.
On 8/09/11 6:02 AM, I wrote:
H I'm not sure I'd suspend issuance without some evidence.
On 8/09/11 6:13 AM, Franck Leroy wrote, coz he checked the source!:
http://pastebin.com/GkKUhu35
extract:
Third: You only heards Comodo (successfully issued 9 certs for me -
thanks by the
On 5/09/11 7:23 PM, Gervase Markham wrote:
The thing which makes the entire system as weak as its weakest link is
the lack of CA pinning.
Just a question of understanding: how is the CA pinning information
delivered to the browser?
(For those who don't know, I also had to look it up too
On 21/08/11 6:21 AM, Simon Josefsson wrote:
Thierry Moreau writes:
If there were devices meeting the stated goal (commercially available
with a reasonable cost structure), they would be a very useful
security solution element for high security contexts. The user
guidance would be: never enter
On 20/07/11 9:08 PM, Eugen Leitl wrote:
On Wed, Jul 20, 2011 at 11:56:06AM +0200, Alfonso De Gregorio wrote:
I'd better rephrase it in: expectation to have money backed by
bitcoins exhibiting all the desirable properties of a perfect
currency (ie, stable money) are greatly exaggerated.
The
Back in the 1980s, a little thing called public key cryptography gave
birth to a metaphor called the digital signature which some smart
cryptographers thought to be a technological analogue of the human
manuscript act of signing.
It wasn't, but this didn't stop the world spending vast sums to
On 14/07/11 12:37 PM, Ai Weiwei wrote:
Hello list,
Recently, Wired published material on their website which are claimed to be
logs of instant message conversations between Bradley Manning and Adrian Lamo
in that infamous case. [1] I have only casually skimmed them, but did notice
the
On 13/07/11 9:25 AM, Marsh Ray wrote:
On 07/12/2011 04:24 PM, Zooko O'Whielacronx wrote:
On Tue, Jul 12, 2011 at 11:10 AM, Hill, Bradbh...@paypal-inc.com
wrote:
I have found that when H3 meets deployment and use, the reality
too often becomes: Something's gotta give. We haven't yet found
a
On 13/07/11 3:10 AM, Hill, Brad wrote:
Re: H3, There is one mode and it is secure
I have found that when H3 meets deployment and use, the reality too often becomes:
Something's gotta give. We haven't yet found a way to hide enough of the
complexity of security to make it free, and this
On 13/07/11 9:27 PM, Ralph Holz wrote:
Hi,
You know this is why you should use ssh-keys and disable password
authentication. First thing I do when someone gives me an ssh account.
Using keys to authenticate is what I usally do, too. But even if a user
decides not to use plain password auth,
On 14/07/11 4:33 AM, Jeffrey Walton wrote:
On Wed, Jul 13, 2011 at 2:17 PM, James A. Donaldjam...@echeque.com wrote:
On 2011-07-13 9:10 PM, Peter Gutmann wrote:
As for Microsoft,
Microsoft have a big interest in bypassing the status quo, and they've
tried several times. But each time it
On 13/07/11 8:36 AM, Andy Steingruebl wrote:
On Tue, Jul 12, 2011 at 2:24 PM, Zooko O'Whielacronxzo...@zooko.com wrote:
When systems come with good usability properties in the key management
(SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see
this pattern. People are willing
On 5/07/11 4:44 PM, Jon Callas wrote:
Did you know that if a Bitcoin is destroyed, then the value of all the other
Bitcoins goes up slightly? That's incredible. It's amazing and leads to some
emergent properties.
This assumes fixed value. As there is no definition of the value in
BitCoin,
On 5/07/11 3:59 PM, Jon Callas wrote:
There are plenty of people who agree with you that options are bad. I'm not one
of them. Yeah, yeah, sure, it's always easy to make too many options. But just
because you can have too many options that doesn't mean that zero is the right
answer. That's
On 28/06/11 1:01 PM, Paul Hoffman wrote:
And this discussion of ASCII and internationalization has what to do with
cryptography,
I personally think this list is about users of crypto, rather than
cryptographers-creators in particular. The former are mostly computer
scientists who think in
On 28/06/11 11:25 AM, Nico Williams wrote:
On Tue, Jun 28, 2011 at 9:56 AM, Marsh Rayma...@extendedsubset.com wrote:
Consequently, we can hardly blame users for not using special characters in
their passwords.
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not
On 26/06/11 1:26 PM, Marsh Ray wrote:
On 06/25/2011 03:48 PM, Ian G wrote:
On 21/06/11 4:15 PM, Marsh Ray wrote:
This was about the CNNIC situation,
Ah, the I'm not in control of my own root list threat scenario.
See, the thing there is that CNNIC has a dirty reputation.
That's part
On 26/06/11 5:50 AM, Ralph Holz wrote:
Hi,
Any model that offers a security feature to a trivially tiny minority,
to the expense of the dominant majority, is daft. The logical
conclusion of 1.5 decades worth of experience with centralised root
lists is that we, in the aggregate, may as well
On 21/06/11 4:15 PM, Marsh Ray wrote:
On 06/21/2011 12:18 PM, Ian G wrote:
On 18/06/11 8:16 PM, Marsh Ray wrote:
On 06/18/2011 03:08 PM, slinky wrote:
But we know there are still hundreds of
trusted root CAs, many from governments, that will silently install
themselves into Windows
On 16/06/11 12:34 AM, John Levine wrote:
Bitcoins aren't securities, because they don't act like securities.
Right. Or more particularly, he asked:
... I can’t help wondering why
Bitcoins aren’t unregistered securities.
And the answer is that the registrar of securities defines what
On 14/06/11 2:31 AM, Marsh Ray wrote:
I 'aint no self-appointed moderator of this list and I do find the
subject of economics terribly interesting, but maybe it would make sense
to willfully confine the scope of our discussion of Bitcoin and other
virtual currencies to the crypto side of it.
On 15/06/11 12:47 AM, Ian G wrote:
Or worse:
http://forum.bitcoin.org/index.php?topic=16457.0
That link is down, no surprise. From my cached copy, I wrote it up on
the blog:
http://financialcryptography.com/mt/archives/001327.html
Far too much from me, signing out... iang
On 13/06/11 12:56 PM, James A. Donald wrote:
On 2011-06-12 8:57 AM, Ian G wrote:
I wrote a paper about John Levine's observation of low knowledge, way
back in 2000, called Financial Cryptography in 7 Layers. The sort of
unstated thesis of this paper was that in order to understand this area
you
On 13/06/11 5:54 PM, Adam Back wrote:
Bitcoin is not a pyramid scheme, and doesnt have to have the collapse and
late joiner losers. If bitcoin does not lose favor - ie the user base grows
and then maintains size of user base in the long term, then no one loses.
Um, Adam, that's the very
On 12/06/11 4:21 PM, Peter Gutmann wrote:
Am I the only one who thinks it's not coincidence that the (supposed) major
use of bitcoin is by people buying hallucinogenic substances?
The best way to think of this is from the marketing concepts of product
diffusion or product life cycle.
On 12/06/11 8:16 PM, Eugen Leitl wrote:
How safe is the bitcoin cryptosystem and the communication network
against targeted attacks?
It depends on what the intention or objective of the attack is. And
that depends on the threat actor.
For example, a phishing threat actor would be looking
On 12/06/11 8:29 AM, Jeffrey Walton wrote:
On Sat, Jun 11, 2011 at 4:13 PM, John Levinejo...@iecc.com wrote:
Unlike fiat currencies, algorithms assert limit of total volume.
And the mint and transaction infrastructure is decentral, so there's
no single point of control. These both are very
On 6/06/11 11:57 AM, David G. Koontz wrote:
On 5/06/11 6:26 PM, Peter Gutmann wrote:
That's the thing, you have to consider the threat model: If anyone's really
that desperately interested in watching your tweets about what your cat's
doing as you type them then there are far easier attack
On 14/01/11 5:40 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
So does anyone know off the top of their head whether dm-crypt or
TrueCrypt (or other encrypted storage things) promise data integrity
in any way, shape or form?
I'm assuming they're just encrypting, but figured I'd ask
Following is written as a user perspective, not a cryptography
perspective :)
On 8/01/11 1:03 PM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Hey all,
I'm attempting to create an extensive archive of papers on -graphy and
-analysis, locally stored and broken down by category/hierarchy,
(resend, with right sender this time)
On 17/12/10 3:30 PM, Peter Gutmann wrote:
To put it more succinctly, and to paraphrase Richelieu, give me six lines of
code written by the hand of the most honest of coders and I'll find something
in there to backdoor.
This is the sort of extraordinary
On 1/12/10 6:12 AM, travis+ml-rbcryptogra...@subspacefield.org wrote:
Can anyone give me a good rundown of the current anonymous payment
systems, technologies and/or algorithms?
OK, there are some issues here. There is technology, algorithms,
patents, techniques, protocols, applications,
On 2/12/10 1:36 AM, Rayservers wrote:
Not really, but one thing is: if you build it bottom-up, from the crypto,
you'll have trouble :) Instead, look to the business, and go bottom down.
You mean top down... :)
Oh, snap! Yes, exactly.
iang
Which is exactly going on here:
On 25/11/10 3:26 AM, Jack Lloyd wrote:
What are people's thoughts on these kinds of local cache attacks, in
terms of actual systems security? While obviously very powerful, I
tend to think that once you have a focused attacker in an unprivledged
account on your machine, you have bigger problems
On 21/11/10 11:19 PM, Peter Gutmann wrote:
Ian Gi...@iang.org writes:
It sucks so badly, I decided in future that the only moral and ethical way
one could use the words encryption or security or the like in any
conversation was if the following were the case:
there is only one mode, and
On 21/11/10 8:37 AM, Marsh Ray wrote:
On 11/19/2010 05:39 PM, Ian G wrote:
I don't think this qualifies as a bait-and-switch scenario because the
originally-advertised functionality (the bait) is still part of the
package.
:)
Bait-and-switch would be more like a salesperson saying
On 21/11/10 2:45 AM, John Levine wrote:
By the way, what does all this semi-informed ranting about patents
have to do with cryptography?
NSA's dominance in security engineering?
= example of DES-era crypto dominance
= ECC push today means?
= patents complication
= war of words!
The
On 20/11/10 2:10 PM, James A. Donald wrote:
Ian G wrote:
On this I would demure. We do have a good metric: losses. Risk
management starts from the business, and then moves on to how losses are
effecting that business, which informs our threat model.
We now have substantial measureable history
61 matches
Mail list logo
