Re: Monoculture

Thor Lancelot Simon wrote: > On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote: > >>Thor Lancelot Simon wrote: >> >> >>>On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: >>> >>> Thor Lancelot Simon wrote: >these operations. For example, there is no simple way

Re: Monoculture

On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote: > Thor Lancelot Simon wrote: > > > On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: > > > >>Thor Lancelot Simon wrote: > >> > >>>these operations. For example, there is no simple way to do the most > >>>common certificate val

Re: Monoculture

On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: > Thor Lancelot Simon wrote: > > As far as what OpenSSL does, if you simply abandon outright any hope of > > acting as a certificate authority, etc. you can punt a huge amount of > > complexity; if you punt SSL, you'll lose quite a bit mor

Re: Monoculture

[EMAIL PROTECTED] wrote: > On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: > > >>1) Creates a socket-like connection object >> >>2) Allows configuration of the expected identity of the party at the other >> end, and, optionally, parameters like acceptable cipher suite >> >>3) Connects, returnin

Re: Monoculture

Thor Lancelot Simon wrote: > As far as what OpenSSL does, if you simply abandon outright any hope of > acting as a certificate authority, etc. you can punt a huge amount of > complexity; if you punt SSL, you'll lose quite a bit more. As far as the > programming interface goes, I'd read Eric's book

Re: Monoculture / Guild

John Gilmore <[EMAIL PROTECTED]> writes: >The Guild, such as it is, is a meritocracy; many previously unknown people >have joined it since I started watching it in about 1990. > >The way to tell who's in the Guild is that they can break your protocols or >algorithms, but you can't break theirs. >

Re: Monoculture / Guild

On Thu, Oct 02, 2003 at 03:34:35PM -0700, John Gilmore wrote: > > ... it does look very much from the outside that there is an > > informal "Cryptographers Guild" in place... > > The Guild, such as it is, is a meritocracy; many previously unknown > people have joined it since I started watching it

RE: Monoculture

>>> Is it possible for Bob to instruct his browser to >>> (b) to trust Alice's certificate (which she handed >>> to him personally)? (And if so, how?) >> how it's done depends on the browser: >> in MSIE 5: (there seems to be no way to tell MSIE 5 to >> trust Alice's server cert f

Re: Monoculture / Guild

> ... it does look very much from the outside that there is an > informal "Cryptographers Guild" in place... The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in about 1990. The way to tell who's in the Guild is that they can bre

Re: Monoculture

On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: > 1) Creates a socket-like connection object > > 2) Allows configuration of the expected identity of the party at the other >end, and, optionally, parameters like acceptable cipher suite > > 3) Connects, returning error if the identity doesn't mat

Re: Monoculture

At 8:32 PM -0700 10/1/03, Matt Blaze wrote: >It might be debatable whether only licensed electricians should >design and install electrical systems. But hardly anyone would argue >that electrical system designers and installers needn't be competent >at what they do. (Perhaps most of those who wou

Re: Monoculture

Simon Josefsson <[EMAIL PROTECTED]> writes: > Several people have now suggested using TLS, but nobody seem to also > refute the arguments made earlier against building VPNs over TCP, in > . Well, I agree, the most reasonable thing to do is to use i

Re: Monoculture

"Perry E. Metzger" <[EMAIL PROTECTED]> writes: > Guus Sliepen <[EMAIL PROTECTED]> writes: >> > In that case, I don't see why you don't bend your efforts towards >> > producing an open-source implementation of TLS that doesn't suck. >> >> We don't want to program another TLS library, we want to cr

Re: Monoculture

On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: > Thanks everyone for the SSL encouragement. I'm going to have a quick > re-read of Eric's book over the weekend and then start thinking about > what sort of "easy to use" implementation I could do. I was thinking of > doing a C++ i

Re: Monoculture

Jill Ramonsky wrote: > This seems to me to a /serious/ flaw in the design of MSIE. What if > Alice doesn't /have/ a CA because she can't afford their fees? Alice can be her own CA if she wishes to - all you need is a copy of Openssl or, if you like having gui interfaces, XCA (http://sourceforge.net

Re: Monoculture

On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: > > Thanks everyone for the SSL encouragement. I'm going to have a quick > re-read of Eric's book over the weekend and then start thinking about > what sort of "easy to use" implementation I could do. I was thinking of > doing a C++

RE: Monoculture

e "It can't be done". (That may not be a problem if other browsers don't have this design flaw, of course, since Alice can tell all of her friends "don't use Microsoft"). Jill > -Original Message- > From: Don Davis [mailto:[EMAIL PROTECTED] > S

Re: Monoculture

"Guus Sliepen" <[EMAIL PROTECTED]> wrote: > Thor Lancelot Simon wrote: >> In that case, I don't see why you don't bend your efforts towards >> producing an open-source implementation of TLS that doesn't suck. > We don't want to program another TLS library, we want to create > a VPN daemon. And RMS

RE: Monoculture

perry wrote: >> We could use more implementations of ssl and >> of ssh, no question. >> ...more cleanly implemented and simpler to use >> versions of existing algorithms and protocols... >> would be of tremendous utility. jill ramonsky replied: > I am very much hoping that you can answer both (a)

Re: Monoculture

Ian Grigg wrote: > What is written in these posts (not just the present one) > does derive from that viewpoint and although one can > quibble about the details, it does look very much from > the outside that there is an informal "Cryptographers > Guild" in place [1]. > > I don't think the jury ha

Re: Monoculture

I must admit I'm baffled, and rather appalled, to be seeing supposed advocates of cryptography suggesting, in effect, that cryptologic education somehow perpetuates a guild system or that deployed security protocols need not be measured against the current state of the art. It might be debatable

Re: Monoculture

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >Unfortunately, those parts are rather dangerous to omit. > >0) If you omit the message authenticator, you will now be subject to a > range of fine and well documented cut and paste attacks. With some > ciphers, especially stream cip

Re: Monoculture

"John S. Denker" <[EMAIL PROTECTED]> writes: >According to 'ps', an all-up ssh system is less than 3 megabytes (sshd, ssh- >agent, and the ssh client). At current memory prices, your clients would >save less than $1.50 per system even if their custom software could reduce >this "bulk" to zero. L

Re: Monoculture

Don Davis <[EMAIL PROTECTED]> writes: >there's another rationale my clients often give for wanting a new security >system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and >the XML security specs are seen as too heavyweight for some applications. >the developer doesn't want to sh

Re: Monoculture

Don Davis <[EMAIL PROTECTED]> writes: > eric wrote: > > The way I see it, there are basically four options: > > (1) Use OpenSSL (or whatever) as-is. > > (2) Strip down your toolkit but keep using SSL. > > (3) Write your own toolkit that implements a > > stripped down subset of SSL (e.g. self-s

Re: how simple is SSL? (Re: Monoculture)

Adam Back <[EMAIL PROTECTED]> writes: > On Wed, Oct 01, 2003 at 08:53:39AM -0700, Eric Rescorla wrote: > > > there's another rationale my clients often give for > > > wanting a new security system [existing protcools] too heavyweight for > > > some applications. > > > > I hear this a lot, but I t

Re: how simple is SSL? (Re: Monoculture)

At 02:21 PM 10/1/2003 -0700, Adam Back wrote: Maybe but X.509 certificates, ASN.1 and X.500 naming, ASN.1 string types ambiguities inherited from PKIX specs are hardly what one could reasonably calls simple. There was no reason SSL couldn't have used for example SSH key formats or something that

Re: Monoculture

"Ronald L. Rivest" <[EMAIL PROTECTED]> writes: > What is "aperture minimization"? That's a new term for me... > Never heard of it before. Google has never seen it either... > > (Perhaps others on the list would be curious as well...) I'm sure you have heard of it, just under other names. The

Re: Monoculture

Guus Sliepen <[EMAIL PROTECTED]> writes: > > In that case, I don't see why you don't bend your efforts towards > > producing an open-source implementation of TLS that doesn't suck. > > We don't want to program another TLS library, we want to create a VPN > daemon. Well, then you might consider

Re: Monoculture

On Wed, Oct 01, 2003 at 04:54:35PM -0400, Thor Lancelot Simon wrote: > > Uhm, before getting flamed again: by "our own", I don't mean we think we > > necessarily have to implement something different from all the existing > > protocols. We just want to understand it so well and want to be so > > c

how simple is SSL? (Re: Monoculture)

On Wed, Oct 01, 2003 at 08:53:39AM -0700, Eric Rescorla wrote: > > there's another rationale my clients often give for > > wanting a new security system [existing protcools] too heavyweight for > > some applications. > > I hear this a lot, but I think that Perry nailed it earlier. SSL, for > insta

Re: Monoculture

On Wed, Oct 01, 2003 at 10:20:53PM +0200, Guus Sliepen wrote: > > You clearly formulated what we are doing! We want to keep our crypto as > simple and to the point as necessary for tinc. We also want to > understand it ourselves. Implementing our own authentication protocol > helps us do all that.

Re: Monoculture

On Wed, 1 Oct 2003, John S. Denker wrote: >According to 'ps', an all-up ssh system is less >than 3 megabytes (sshd, ssh-agent, and the ssh >client). At current memory prices, your clients >would save less than $1.50 per system even if >their custom software could reduce this "bulk" >to zero. T

Re: Monoculture

Guus Sliepen <[EMAIL PROTECTED]> writes: > You clearly formulated what we are doing! We want to keep our crypto as > simple and to the point as necessary for tinc. We also want to > understand it ourselves. There is nothing wrong with either goal. > Implementing our own authentication protocol h

Re: Monoculture

On Wed, Oct 01, 2003 at 02:24:00PM -0400, Ian Grigg wrote: > What is written in these posts (not just the present one) > does derive from that viewpoint and although one can > quibble about the details, it does look very much from > the outside that there is an informal "Cryptographers > Guil

Re: Monoculture

At 2:25 PM -0700 9/30/03, Matt Blaze wrote: >I'd encourage the designer of the protocol who asked the original question >to learn the field. I am very glad that before I started the E communication protocol , I looked at the problems that exist

Re: Monoculture

On Wed, Oct 01, 2003 at 02:24:00PM -0400, Ian Grigg wrote: > Matt Blaze wrote: > > > > > I imagine the Plumbers & Electricians Union must have used similar > > > arguments to enclose the business to themselves, and keep out unlicensed > > > newcomers. "No longer acceptable" indeed. Too much compe

Re: Monoculture

Ian Grigg <[EMAIL PROTECTED]> writes: > "Perry E. Metzger" wrote: > ... > >Dumb cryptography kills people. > > What's your threat model? Or, that's your threat > model? > > Applying the above threat model as written up in > "The Codebreakers" to, for example, SSL and its > original credit c

Re: Monoculture

On Wed, Oct 01, 2003 at 02:34:23PM -0400, Ian Grigg wrote: > Don Davis wrote: > > > note that customers aren't usually dissatisfied with > > the crypto protocols per se; they just want the > > protocol's implementation to meet their needs exactly, > > without extra baggage of flexibility, config

Re: Monoculture

"Perry E. Metzger" wrote: ... >Dumb cryptography kills people. What's your threat model? Or, that's your threat model? Applying the above threat model as written up in "The Codebreakers" to, for example, SSL and its original credit card nreeds would seem to be a mismatch. On the face of

Re: Monoculture

Ian Grigg <[EMAIL PROTECTED]> writes: > This is where maybe the guild and the outside world part > ways. > > The guild would like the application builder to learn the > field. They would like him to read up on all the literature, > the analysies. To emulate the successes and avoid the > pitfall

Re: Monoculture

On Wed, Oct 01, 2003 at 04:48:33PM +0100, Jill Ramonsky wrote: > I could do an implementation of SSL. Speaking as a programmer with an > interest in crypto, I'm fairly sure I could produce a cleanly > implemented and simple-to-use version. Yep. It's a bit of work, and more work to ensure that t

Re: Monoculture

eric wrote: > The way I see it, there are basically four options: > (1) Use OpenSSL (or whatever) as-is. > (2) Strip down your toolkit but keep using SSL. > (3) Write your own toolkit that implements a > stripped down subset of SSL (e.g. self-signed > certs or anonymous DH). > (4) Design yo

Re: Monoculture

Don Davis wrote: > > EKR writes: > > I'm trying to figure out why you want to invent a new authentication > > protocol rather than just going back to the literature ... > note that customers aren't usually dissatisfied with > the crypto protocols per se; they just want the > protocol's implement

Re: Monoculture

On Wed, Oct 01, 2003 at 04:48:33PM +0100, Jill Ramonsky wrote: > > But I would like to ask you to clarify something about SSL which has > been bugging me. Allow me to present a scenario. Suppose: > (1) Alice runs a web server. > (2) Bob has a web client. > (3) Alice and Bob know each other person

Re: Monoculture

Jill Ramonsky wrote: > Is it possible for Bob to instruct his browser to (a) refuse to trust > anything signed by Eve, and (b) to trust Alice's certificate (which > she handed to him personally)? (And if so, how?) > > I am very much hoping that you can answer both (a) and (b) with a yes, ok then "y

Re: Monoculture

Matt Blaze wrote: > > > I imagine the Plumbers & Electricians Union must have used similar > > arguments to enclose the business to themselves, and keep out unlicensed > > newcomers. "No longer acceptable" indeed. Too much competition boys? > > > > Rich, > > Oh come on. Are you willfully misinte

Re: Monoculture

John S. Denker wrote: On 10/01/2003 11:22 AM, Don Davis wrote: > > there's another rationale my clients often give for > wanting a new security system, instead of the off- > the-shelf standbys: IPSec, SSL, Kerberos, and the > XML security specs are seen as too heavyweight for > some applications.

Re: Monoculture

On 10/01/2003 11:22 AM, Don Davis wrote: > > there's another rationale my clients often give for > wanting a new security system, instead of the off- > the-shelf standbys: IPSec, SSL, Kerberos, and the > XML security specs are seen as too heavyweight for > some applications. the developer doesn't

Re: Monoculture

hi ( 03.09.30 20:39 -0700 ) [EMAIL PROTECTED]: > And, given the recent set of widely publicized flaws in openssl and > openssh, I think that concern about monoculture in cryptography > software is pretty damn well founded. except for the fact that these holes get fixed as opposed to the other fla

Re: Monoculture

> Who on this list just wrote a report on the dangers of Monoculture? An implementation monoculture is more dangerous than a protocol monoculture.. Most exploitable security problems arise from implementation errors, rather than from inherent flaws in the protocol being implemented. And broad di

RE: Monoculture

hoping that you can answer both (a) and (b) with a yes, in which case I will /definitely/ get on with recoding SSL. Jill > -Original Message- > From: Perry E. Metzger [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 01, 2003 3:36 PM > To: [EMAIL PROTECTED] >

Re: Monoculture

Don Davis <[EMAIL PROTECTED]> writes: > EKR writes: > > I'm trying to figure out why you want to invent a new authentication > > protocol rather than just going back to the literature ... > > there's another rationale my clients often give for > wanting a new security system, instead of the off-

Re: Monoculture

EKR writes: > I'm trying to figure out why you want to invent a new authentication > protocol rather than just going back to the literature ... there's another rationale my clients often give for wanting a new security system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and the

Re: Monoculture

[EMAIL PROTECTED] writes: > I would think that the cryptographers in question would be even more > frustrated that so few products were available, to tell you the truth, > and would therefore be eager to help when someone makes an honest > attempt. We do. We generally tell them to use the exis

Re: Monoculture

On Tue, Sep 30, 2003 at 07:54:44PM -0400, Rich Salz wrote: > Yes, it sometimes sucks to be a newcomer and treated with derision unless you > can prove that you understand the current body of knowledge. We should > all try to be nicer. But surely you can understand a cryptographer's > frustration

Re: Monoculture

> I imagine the Plumbers & Electricians Union must have used similar > arguments to enclose the business to themselves, and keep out unlicensed > newcomers. "No longer acceptable" indeed. Too much competition boys? The world might be better off if you couldn't call something "secure" unless it c

Re: Monoculture

Perry writes: > > Richard Schroeppel <[EMAIL PROTECTED]> writes: > (Responding to the chorus of protocol professionals saying "please do > not roll your own") > > I imagine the Plumbers & Electricians Union must have used similar > > arguments to enclose the business to themselves, and keep out u

Re: Monoculture

Richard Schroeppel <[EMAIL PROTECTED]> writes: (Responding to the chorus of protocol professionals saying "please do not roll your own") > I imagine the Plumbers & Electricians Union must have used similar > arguments to enclose the business to themselves, and keep out unlicensed > newcomers. "N

Re: Monoculture

> I imagine the Plumbers & Electricians Union must have used similar > arguments to enclose the business to themselves, and keep out unlicensed > newcomers. "No longer acceptable" indeed. Too much competition boys? > Rich, Oh come on. Are you willfully misinterpreting what I wrote, or did you