Re: Monoculture

2003-10-11 Thread Ben Laurie
Thor Lancelot Simon wrote: On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: these operations. For example, there is no simple way to do the most common

Re: Monoculture

2003-10-05 Thread Thor Lancelot Simon
On Sun, Oct 05, 2003 at 03:04:00PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: these operations. For example, there is no simple way to do the most common certificate validation operation:

Re: Monoculture / Guild

2003-10-04 Thread Peter Gutmann
John Gilmore [EMAIL PROTECTED] writes: The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in about 1990. The way to tell who's in the Guild is that they can break your protocols or algorithms, but you can't break theirs. PS: Of

Re: Monoculture

2003-10-04 Thread Ben Laurie
Thor Lancelot Simon wrote: As far as what OpenSSL does, if you simply abandon outright any hope of acting as a certificate authority, etc. you can punt a huge amount of complexity; if you punt SSL, you'll lose quite a bit more. As far as the programming interface goes, I'd read Eric's book

Re: Monoculture

2003-10-04 Thread Ben Laurie
[EMAIL PROTECTED] wrote: On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: 1) Creates a socket-like connection object 2) Allows configuration of the expected identity of the party at the other end, and, optionally, parameters like acceptable cipher suite 3) Connects, returning error if the

Re: Monoculture

2003-10-04 Thread Thor Lancelot Simon
On Sat, Oct 04, 2003 at 02:09:10PM +0100, Ben Laurie wrote: Thor Lancelot Simon wrote: As far as what OpenSSL does, if you simply abandon outright any hope of acting as a certificate authority, etc. you can punt a huge amount of complexity; if you punt SSL, you'll lose quite a bit more. As

Re: Monoculture

2003-10-03 Thread Victor . Duchovni
On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: 1) Creates a socket-like connection object 2) Allows configuration of the expected identity of the party at the other end, and, optionally, parameters like acceptable cipher suite 3) Connects, returning error if the identity doesn't match.

Re: Monoculture / Guild

2003-10-03 Thread John Gilmore
... it does look very much from the outside that there is an informal Cryptographers Guild in place... The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in about 1990. The way to tell who's in the Guild is that they can break

Re: Monoculture / Guild

2003-10-03 Thread lrk
On Thu, Oct 02, 2003 at 03:34:35PM -0700, John Gilmore wrote: ... it does look very much from the outside that there is an informal Cryptographers Guild in place... The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in

Re: Monoculture

2003-10-02 Thread Dave Howe
slightly ranting, you might want to hit del now :) Ian Grigg wrote: What is written in these posts (not just the present one) does derive from that viewpoint and although one can quibble about the details, it does look very much from the outside that there is an informal Cryptographers Guild

RE: Monoculture

2003-10-02 Thread Don Davis
perry wrote: We could use more implementations of ssl and of ssh, no question. ...more cleanly implemented and simpler to use versions of existing algorithms and protocols... would be of tremendous utility. jill ramonsky replied: I am very much hoping that you can answer both (a) and (b)

Re: Monoculture

2003-10-02 Thread Dave Howe
Guus Sliepen [EMAIL PROTECTED] wrote: Thor Lancelot Simon wrote: In that case, I don't see why you don't bend your efforts towards producing an open-source implementation of TLS that doesn't suck. We don't want to program another TLS library, we want to create a VPN daemon. And RMS didn't

RE: Monoculture

2003-10-02 Thread Jill Ramonsky
, since Alice can tell all of her friends don't use Microsoft). Jill -Original Message- From: Don Davis [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 1:26 PM To: Jill Ramonsky Cc: [EMAIL PROTECTED] Subject: RE: Monoculture Is it possible for Bob to instruct his browser

Re: Monoculture

2003-10-02 Thread Thor Lancelot Simon
On Thu, Oct 02, 2003 at 02:21:29PM +0100, Jill Ramonsky wrote: Thanks everyone for the SSL encouragement. I'm going to have a quick re-read of Eric's book over the weekend and then start thinking about what sort of easy to use implementation I could do. I was thinking of doing a C++

Re: Monoculture

2003-10-02 Thread Simon Josefsson
Perry E. Metzger [EMAIL PROTECTED] writes: Guus Sliepen [EMAIL PROTECTED] writes: In that case, I don't see why you don't bend your efforts towards producing an open-source implementation of TLS that doesn't suck. We don't want to program another TLS library, we want to create a VPN

Re: Monoculture

2003-10-02 Thread Perry E. Metzger
Simon Josefsson [EMAIL PROTECTED] writes: Several people have now suggested using TLS, but nobody seem to also refute the arguments made earlier against building VPNs over TCP, in http://sites.inka.de/~bigred/devel/tcp-tcp.html. Well, I agree, the most reasonable thing to do is to use ipsec,

Re: Monoculture

2003-10-02 Thread Bill Frantz
At 8:32 PM -0700 10/1/03, Matt Blaze wrote: It might be debatable whether only licensed electricians should design and install electrical systems. But hardly anyone would argue that electrical system designers and installers needn't be competent at what they do. (Perhaps most of those who would

Re: Monoculture

2003-10-01 Thread Don Davis
EKR writes: I'm trying to figure out why you want to invent a new authentication protocol rather than just going back to the literature ... there's another rationale my clients often give for wanting a new security system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and the

Re: Monoculture

2003-10-01 Thread Eric Rescorla
Don Davis [EMAIL PROTECTED] writes: EKR writes: I'm trying to figure out why you want to invent a new authentication protocol rather than just going back to the literature ... there's another rationale my clients often give for wanting a new security system, instead of the off-

RE: Monoculture

2003-10-01 Thread Jill Ramonsky
, in which case I will /definitely/ get on with recoding SSL. Jill -Original Message- From: Perry E. Metzger [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 3:36 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Monoculture We could use more implementations

Re: Monoculture

2003-10-01 Thread Bill Sommerfeld
Who on this list just wrote a report on the dangers of Monoculture? An implementation monoculture is more dangerous than a protocol monoculture.. Most exploitable security problems arise from implementation errors, rather than from inherent flaws in the protocol being implemented. And broad

Re: Monoculture

2003-10-01 Thread John Saylor
hi ( 03.09.30 20:39 -0700 ) [EMAIL PROTECTED]: And, given the recent set of widely publicized flaws in openssl and openssh, I think that concern about monoculture in cryptography software is pretty damn well founded. except for the fact that these holes get fixed as opposed to the other flaws

Re: Monoculture

2003-10-01 Thread John S. Denker
On 10/01/2003 11:22 AM, Don Davis wrote: there's another rationale my clients often give for wanting a new security system, instead of the off- the-shelf standbys: IPSec, SSL, Kerberos, and the XML security specs are seen as too heavyweight for some applications. the developer doesn't want

Re: Monoculture

2003-10-01 Thread Ian Grigg
Matt Blaze wrote: I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed newcomers. No longer acceptable indeed. Too much competition boys? Rich, Oh come on. Are you willfully misinterpreting what I

Re: Monoculture

2003-10-01 Thread Dave Howe
Jill Ramonsky wrote: Is it possible for Bob to instruct his browser to (a) refuse to trust anything signed by Eve, and (b) to trust Alice's certificate (which she handed to him personally)? (And if so, how?) I am very much hoping that you can answer both (a) and (b) with a yes, ok then yes :)

Re: Monoculture

2003-10-01 Thread Barney Wolff
On Wed, Oct 01, 2003 at 04:48:33PM +0100, Jill Ramonsky wrote: But I would like to ask you to clarify something about SSL which has been bugging me. Allow me to present a scenario. Suppose: (1) Alice runs a web server. (2) Bob has a web client. (3) Alice and Bob know each other personally,

Re: Monoculture

2003-10-01 Thread Ian Grigg
Don Davis wrote: EKR writes: I'm trying to figure out why you want to invent a new authentication protocol rather than just going back to the literature ... note that customers aren't usually dissatisfied with the crypto protocols per se; they just want the protocol's implementation to

Re: Monoculture

2003-10-01 Thread Don Davis
eric wrote: The way I see it, there are basically four options: (1) Use OpenSSL (or whatever) as-is. (2) Strip down your toolkit but keep using SSL. (3) Write your own toolkit that implements a stripped down subset of SSL (e.g. self-signed certs or anonymous DH). (4) Design your own

Re: Monoculture

2003-10-01 Thread Eric Murray
On Wed, Oct 01, 2003 at 04:48:33PM +0100, Jill Ramonsky wrote: I could do an implementation of SSL. Speaking as a programmer with an interest in crypto, I'm fairly sure I could produce a cleanly implemented and simple-to-use version. Yep. It's a bit of work, and more work to ensure that

Re: Monoculture

2003-10-01 Thread Perry E. Metzger
Ian Grigg [EMAIL PROTECTED] writes: This is where maybe the guild and the outside world part ways. The guild would like the application builder to learn the field. They would like him to read up on all the literature, the analysies. To emulate the successes and avoid the pitfalls of

Re: Monoculture

2003-10-01 Thread Ian Grigg
Perry E. Metzger wrote: ... Dumb cryptography kills people. What's your threat model? Or, that's your threat model? Applying the above threat model as written up in The Codebreakers to, for example, SSL and its original credit card nreeds would seem to be a mismatch. On the face of it,

Re: Monoculture

2003-10-01 Thread Guus Sliepen
On Wed, Oct 01, 2003 at 02:34:23PM -0400, Ian Grigg wrote: Don Davis wrote: note that customers aren't usually dissatisfied with the crypto protocols per se; they just want the protocol's implementation to meet their needs exactly, without extra baggage of flexibility, configuration

Re: Monoculture

2003-10-01 Thread Perry E. Metzger
Ian Grigg [EMAIL PROTECTED] writes: Perry E. Metzger wrote: ... Dumb cryptography kills people. What's your threat model? Or, that's your threat model? Applying the above threat model as written up in The Codebreakers to, for example, SSL and its original credit card nreeds would

Re: Monoculture

2003-10-01 Thread M Taylor
On Wed, Oct 01, 2003 at 02:24:00PM -0400, Ian Grigg wrote: Matt Blaze wrote: I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed newcomers. No longer acceptable indeed. Too much competition boys?

Re: Monoculture

2003-10-01 Thread Perry E. Metzger
Guus Sliepen [EMAIL PROTECTED] writes: You clearly formulated what we are doing! We want to keep our crypto as simple and to the point as necessary for tinc. We also want to understand it ourselves. There is nothing wrong with either goal. Implementing our own authentication protocol helps

Re: Monoculture

2003-10-01 Thread bear
On Wed, 1 Oct 2003, John S. Denker wrote: According to 'ps', an all-up ssh system is less than 3 megabytes (sshd, ssh-agent, and the ssh client). At current memory prices, your clients would save less than $1.50 per system even if their custom software could reduce this bulk to zero. That's

Re: Monoculture

2003-10-01 Thread Thor Lancelot Simon
On Wed, Oct 01, 2003 at 10:20:53PM +0200, Guus Sliepen wrote: You clearly formulated what we are doing! We want to keep our crypto as simple and to the point as necessary for tinc. We also want to understand it ourselves. Implementing our own authentication protocol helps us do all that.

Re: Monoculture

2003-10-01 Thread Perry E. Metzger
Ronald L. Rivest [EMAIL PROTECTED] writes: What is aperture minimization? That's a new term for me... Never heard of it before. Google has never seen it either... (Perhaps others on the list would be curious as well...) I'm sure you have heard of it, just under other names. The term

Re: how simple is SSL? (Re: Monoculture)

2003-10-01 Thread Eric Rescorla
Adam Back [EMAIL PROTECTED] writes: On Wed, Oct 01, 2003 at 08:53:39AM -0700, Eric Rescorla wrote: there's another rationale my clients often give for wanting a new security system [existing protcools] too heavyweight for some applications. I hear this a lot, but I think that Perry

Re: Monoculture

2003-10-01 Thread Eric Rescorla
Don Davis [EMAIL PROTECTED] writes: eric wrote: The way I see it, there are basically four options: (1) Use OpenSSL (or whatever) as-is. (2) Strip down your toolkit but keep using SSL. (3) Write your own toolkit that implements a stripped down subset of SSL (e.g. self-signed

Re: Monoculture

2003-10-01 Thread Peter Gutmann
John S. Denker [EMAIL PROTECTED] writes: According to 'ps', an all-up ssh system is less than 3 megabytes (sshd, ssh- agent, and the ssh client). At current memory prices, your clients would save less than $1.50 per system even if their custom software could reduce this bulk to zero. Let me

Re: Monoculture

2003-10-01 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Perry E. Metzger writes: Unfortunately, those parts are rather dangerous to omit. 0) If you omit the message authenticator, you will now be subject to a range of fine and well documented cut and paste attacks. With some ciphers, especially stream ciphers,

Re: Monoculture

2003-09-30 Thread Matt Blaze
I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed newcomers. No longer acceptable indeed. Too much competition boys? Rich, Oh come on. Are you willfully misinterpreting what I wrote, or did you

Re: Monoculture

2003-09-30 Thread Perry E. Metzger
Richard Schroeppel [EMAIL PROTECTED] writes: (Responding to the chorus of protocol professionals saying please do not roll your own) I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed newcomers. No longer

Re: Monoculture

2003-09-30 Thread Matt Blaze
Perry writes: Richard Schroeppel [EMAIL PROTECTED] writes: (Responding to the chorus of protocol professionals saying please do not roll your own) I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed

Re: Monoculture

2003-09-30 Thread Rich Salz
I imagine the Plumbers Electricians Union must have used similar arguments to enclose the business to themselves, and keep out unlicensed newcomers. No longer acceptable indeed. Too much competition boys? The world might be better off if you couldn't call something secure unless it came