Re: authentication and ESP

2003-06-22 Thread John S. Denker
On 06/19/2003 01:49 PM, martin f krafft wrote: As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in: It depends on what you mean by built in. 1) The RFC provides for ESP+authentication but does not require ESP to use authentication. 2) Although the

Re: traffic analysis

2003-08-28 Thread John S. Denker
A couple of people wrote in to say that my remarks about defending against traffic analysis are not true. As 'proof' they cite which proves nothing of the sort. The conclusion of that paper correctly summarizes the body of the paper; it says

Re: traffic analysis

2003-08-29 Thread John S. Denker
On 08/28/2003 04:26 PM, David Wagner wrote: Are you sure you understood the attack? Are you sure you read my original note? The attack assumes that communications links are insecure. I explicitly hypothesized that the links were encrypted. The cryptotext may be observed and its timing may be

lopsided Feistel (was: cryptographic ergodic sequence generators)

2003-09-06 Thread John S. Denker
On 09/06/2003 02:33 PM, Tim Dierks wrote: I'm sure that it would be possible to design a Feistel-based block cipher with variable block size, supporting some range of even values of n. There's no need to exclude odd n. I know the typical superficial textbook describes the Feistel trick in

Re: Monoculture

2003-10-01 Thread John S. Denker
On 10/01/2003 11:22 AM, Don Davis wrote: there's another rationale my clients often give for wanting a new security system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and the XML security specs are seen as too heavyweight for some applications. the developer doesn't want

anonymity +- credentials

2003-10-03 Thread John S. Denker
On 10/03/2003 01:26 PM, R. A. Hettinga wrote: It seems to me that perfect pseudonymity *is* anonymity. They're not quite the same thing; see below. Frankly, without the ability to monitor reputation, you don't have ways of controlling things like transactions, for instance. It's just that

Re: cryptographic ergodic sequence generators?

2003-10-15 Thread John S. Denker
Perry E. Metzger wrote: I've noted to others on this before that for an application like the IP fragmentation id, it might be even better if no repeats occurred in any block of 2^31 (n being 32) but the sequence did not repeat itself (or at least could be harmlessly reseeded at very very long


2003-10-17 Thread John S. Denker
On 10/16/2003 07:19 PM, David Honig wrote: it would make sense for the original vendor website (eg Palm) to have signed the MITM site's cert (, not for Verisign to do so. Even better, for Mastercard to have signed both Palm and as well. And

Re: SSL, client certs, and MITM (was WYTM?)

2003-10-22 Thread John S. Denker
On 10/22/2003 04:33 PM, Ian Grigg wrote: The frequency of MITM attacks is very low, in the sense that there are few or no reported occurrences. We have a disagreement about the facts on this point. See below for details. This makes it a challenge to respond to in any measured way. We have a

Re: Gresham's Law?

2003-11-21 Thread John S. Denker
On 11/19/2003 07:51 PM, Jon Callas wrote: This is indeed the only case I know of where government has given protection and preference to inferior systems over superior ones. It's not hard to discover other cases. At the philosophical level, one could argue that protecting the weak is one of the

example: secure computing kernel needed

2003-12-11 Thread John S. Denker
Previous discussions of secure computing technology have been in some cases sidetracked and obscured by extraneous notions such as -- Microsoft is involved, therefore it must be evil. -- The purpose of secure computing is DRM, which is intrinsically evil ... computers must be able to