Re: Monoculture

I must admit I'm baffled, and rather appalled, to be seeing supposed advocates of cryptography suggesting, in effect, that cryptologic education somehow perpetuates a guild system or that deployed security protocols need not be measured against the current state of the art. It might be debatable

Re: anonymous DH & MITM

"Steven M. Bellovin" wrote: > > In message <[EMAIL PROTECTED]>, Ian Grigg writes: > >M Taylor wrote: > > > > >MITM is a real and valid threat, and should be > >considered. By this motive, ADH is not a recommended > >mode in TLS, and is also deprecated. > > > >Ergo, your threat model must include

Re: anonymous DH & MITM

On Wed, 1 Oct 2003, Ian Grigg wrote: >M Taylor wrote: >> >> Stupid question I'm sure, but does TLS's anonymous DH protect against >> man-in-the-middle attacks? If so, how? I cannot figure out how it would, > > >Ah, there's the rub. ADH does not protect against >MITM, as far as I am aware. DH i

Re: Reliance on Microsoft called risk to U.S. security

On Wed, Oct 01, 2003 at 07:02:00PM -0700, bear wrote: > > Heh. You looked at my mail headers, didn't you? Yes, I use pine - > primarily *because* of that property. It treats all incoming messages > as text rather than live code. > > A protocol for text (as opposed to live code) requires complia

Re: Reliance on Microsoft called risk to U.S. security

From: bear <[EMAIL PROTECTED]> > Heh. You looked at my mail headers, didn't you? Yes, I use pine - > primarily *because* of that property. It treats all incoming messages > as text rather than live code. BUGTRAQ in the last 3 years lists over 80 mails on pine - including reference to this recen

Don't kill the messenger (was: Re: Reliance on Microsoft called risk to U.S. security)

On Wednesday 01 October 2003 22:02, bear wrote: > No, it is not. You can make a hyperdocument that is completely > self-contained and therefore "text", but that is not how HTML is > normally made. HTML can cause your machine to do things other than > display it, and to that extent it is "code",

Re: Monoculture

Ian Grigg wrote: > What is written in these posts (not just the present one) > does derive from that viewpoint and although one can > quibble about the details, it does look very much from > the outside that there is an informal "Cryptographers > Guild" in place [1]. > > I don't think the jury ha

RE: Monoculture

perry wrote: >> We could use more implementations of ssl and >> of ssh, no question. >> ...more cleanly implemented and simpler to use >> versions of existing algorithms and protocols... >> would be of tremendous utility. jill ramonsky replied: > I am very much hoping that you can answer both (a)

Re: VeriSign tapped to secure Internet voting

> Schu stressed that several layers of security will prevent hackers from > accessing the system. VeriSign will house the security servers in its own > hosting centers. The company will ask military personnel to use their > Common Access Cards--the latest form of ID for the military--to access > th

Re: Monoculture

"Guus Sliepen" <[EMAIL PROTECTED]> wrote: > Thor Lancelot Simon wrote: >> In that case, I don't see why you don't bend your efforts towards >> producing an open-source implementation of TLS that doesn't suck. > We don't want to program another TLS library, we want to create > a VPN daemon. And RMS

RE: Monoculture

Thanks everyone for the SSL encouragement. I'm going to have a quick re-read of Eric's book over the weekend and then start thinking about what sort of "easy to use" implementation I could do. I was thinking of doing a C++ implentation with classes and templates and stuff. (By contrast OpenSSL

Speciality film heads meet to respond to MPAA

Paul Kocher quote at the bottom... Cheers, RAH --- The Hollywood Reporter Oct. 02, 2003 Speciality film heads meet to respond to MPAA By Gregg Kilday The MPAA may have hoped to create a nonproliferation

Re: Reliance on Microsoft called risk to U.S. security

| >> "Can be relied on to _only_ deliver text" is a valuable and important | >> piece of functionality, and a capability that has been cut out of too | >> many protocols with no replacement in sight. While I agree with the sentiment, the text/code distinction doesn't capture what's important. Is H

Return of the death of cypherpunks.

--- begin forwarded text Status: U From: "James A. Donald" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Wed, 1 Oct 2003 23:37:08 -0700 Subject: Return of the death of cypherpunks. Sender: [EMAIL PROTECTED] -- When a mailing list is full of crap, it dies, even though the regulars set k

Re: anonymous DH & MITM

Bear wrote: > > DH is an "open" protocol; it doesn't rely on an initial shared > secret or a Trusted Authority. > > There is a simple proof that an open protocol between anonymous > parties is _always_ vulnerable to MITM. > > Put simply, in an anonymous protocol, Alice has no way of knowing > w

Re: Monoculture

On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: > > Thanks everyone for the SSL encouragement. I'm going to have a quick > re-read of Eric's book over the weekend and then start thinking about > what sort of "easy to use" implementation I could do. I was thinking of > doing a C++

Re: Monoculture

Jill Ramonsky wrote: > This seems to me to a /serious/ flaw in the design of MSIE. What if > Alice doesn't /have/ a CA because she can't afford their fees? Alice can be her own CA if she wishes to - all you need is a copy of Openssl or, if you like having gui interfaces, XCA (http://sourceforge.net

Re: Monoculture

On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: > Thanks everyone for the SSL encouragement. I'm going to have a quick > re-read of Eric's book over the weekend and then start thinking about > what sort of "easy to use" implementation I could do. I was thinking of > doing a C++ i

Re: anonymous DH & MITM

At 11:50 PM 10/1/2003, Ian Grigg wrote: (AFAIK, self-signed certs in every way dominate ADH in functional terms.) In TLS, AnonDH offers forward secrecy, but there are no RSA certificate modes which do (except for ExportRSA). You can use ephemeral DH key agreement keys with static certified DSA ke

Re: Monoculture

"Perry E. Metzger" <[EMAIL PROTECTED]> writes: > Guus Sliepen <[EMAIL PROTECTED]> writes: >> > In that case, I don't see why you don't bend your efforts towards >> > producing an open-source implementation of TLS that doesn't suck. >> >> We don't want to program another TLS library, we want to cr

Re: Monoculture

Simon Josefsson <[EMAIL PROTECTED]> writes: > Several people have now suggested using TLS, but nobody seem to also > refute the arguments made earlier against building VPNs over TCP, in > . Well, I agree, the most reasonable thing to do is to use i

Re: Reliance on Microsoft called risk to U.S. security

Peter has raised a number of important points. Let me start by saying that I do not see a strong distinction between a file to be viewed and a program. Both are instructions to the computer to perform some actions. While we might think the renderer showing us flat ASCII text is quite trustworthy,

Re: anonymous DH & MITM

On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote: > > Bear wrote: >> >> DH is an "open" protocol; it doesn't rely on an initial shared >> secret or a Trusted Authority. >> >> There is a simple proof that an open protocol between anonymous >> parties is _always_ vulnerable to MITM. >> >> Put simply,

Re: anonymous DH & MITM

Bear wrote: > > If it's an anonymous protocol, then "credit" for being a good chess > player is a misnomer at best; the channel cannot provide credit to > any particular person. I understand the objection, which is why I made the notion concrete by saying that Mitch wins if he gets the first pl

Re: anonymous DH & MITM

At 11:52 AM 10/2/2003, Zooko O'Whielacronx wrote: Bear wrote: > You can have anonymous protocols that aren't open be immune to MITM > And you can have open protocols that aren't anonymous be immune to > MITM. But you can't have both. I'd like to see the proof. I think it depends on what you mean

Re: Reliance on Microsoft called risk to U.S. security

The US General Accounting Office today issued "Critical Infrastructure Protection: Challenges in Securing Control Systems," testimony before Congress yesterday, which discusses widespread infratructure vulnerabilities caused by increasing use of Microsoft OS, "Unix-like" systems and Internet pr

Re: anonymous DH & MITM

bear wrote: > You can have anonymous protocols that aren't open be immune to MITM True. > And you can have open protocols that aren't anonymous be immune to > MITM. True. > But you can't have both. False. In fact, it is possible to prove the existence of at least one open and anonymous pro

Re: Monoculture

At 8:32 PM -0700 10/1/03, Matt Blaze wrote: >It might be debatable whether only licensed electricians should >design and install electrical systems. But hardly anyone would argue >that electrical system designers and installers needn't be competent >at what they do. (Perhaps most of those who wou

Full-Duplex-Chess Grandmaster (was: anonymous DH & MITM)

It's clear that my challenge about the Chess Grandmaster Problem has thrown more shadow than light. This is partly because it is an inherently tricky problem, but also because I confused the issue by talking about both traditional Chess Grandmaster (a problem that I am interested in) and Full-

crypto licence

Guus Sliepen wrote: > > Some advice on licensing wouldn't go amiss either. (GPL? ... LGPL? ... > > something else?) > > I'd say LGPL or BSD, without any funny clauses. With crypto code, we have taken the view that it should BSD 2 clause. The reason for this is that crypto code has enough other