Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Ben Laurie
Anne Lynn Wheeler wrote: James A. Donald wrote: However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing relationship between two people that know and trust each other. in the public key model ... whether it

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: Eh? It surely does stop MitM attacks - the problem is that there's little value in doing so for various reasons, such as no strong binding between domain name and owner, UI that doesn't make it clear which domain you are going to, or homograph attacks. it stops the MITM

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: Eh? It surely does stop MitM attacks - the problem is that there's little value in doing so for various reasons, such as no strong binding between domain name and owner, UI that doesn't make it clear which domain you are going to, or homograph attacks. part II; i've

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Ben Laurie
Anne Lynn Wheeler wrote: a more sensible human factors design ... is to remember whether a person has checked out first time communication with a stranger ... the real first time, have the person do something additional ... and from then on remember that checking. in that respect ... creating

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-27 Thread Anne Lynn Wheeler
Ben Laurie wrote: This is the SSH design for host keys, of course, and also the petnames design for URLs. Unfortunately petnames don't solve the problem that it is hard to check the URL even the first time. the original SSL paradigm was predicated on end-to-end security that the server the

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-16 Thread James A. Donald
-- From: Werner Koch [EMAIL PROTECTED] You need to clarify the trust model. The OpenPGP standard does not define any trust model at all. The standard merely defines fatures useful to implement a trust model. Clarifying the trust model sounds suspiciously like designers

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-16 Thread Ed Gerck
James A. Donald wrote: -- From: Werner Koch [EMAIL PROTECTED] You need to clarify the trust model. The OpenPGP standard does not define any trust model at all. The standard merely defines fatures useful to implement a trust model. Clarifying the trust model sounds

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-14 Thread Werner Koch
On Mon, 12 Dec 2005 10:59:05 -0600, Travis H said: Not to side track the discussion, but frequently I've heard PKI compared to PGP's model. Isn't PGP's trust model the same as everyone being their own CA? You need to clarify the trust model. The OpenPGP standard does not define any trust

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread Anne Lynn Wheeler
Ed Gerck wrote: I think that's where PKI got it wrong in several parts and not just the CPS. It started with the simplest (because it was meant to work for a global RA -- remember X.500?) and then complexity was added. Today, in the most recent PKIX dialogues, even RFC authors often disagree

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread Ed Gerck
Anne Lynn Wheeler wrote: OCSP provides for a online transaction which asks whether the stale, staic information is still usuable, attempting to preserve the facade that digital certificates serve some useful purpose when there is online, direct access capability. The alternative is to eliminate

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread Ralf Senderek
On Fri, 9 Dec 2005, Ed Gerck wrote: [...] at least the grand picture should exist beforehand. This is what this thread's subject paper is about, the grand picture for secure email and why aren't we there yet (Phil's PGP is almost 15 years old) --

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread James A. Donald
-- James A. Donald wrote: However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing relationship between two people that know and trust each other. Anne Lynn Wheeler [EMAIL PROTECTED] in the traditional,

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread Anne Lynn Wheeler
James A. Donald wrote: This was the scenario envisaged when PKI was created, but I don't see it happening, and in fact attempting to do so using existing user interfaces is painful. They don't seem designed to do this. My product, Crypto Kong, http://echeque.com/Kong was designed to

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread James A. Donald
-- From: Bill Stewart [EMAIL PROTECTED] The real security issue for your mother is [...] her bank and eBay don't cryptographically sign their mail. And, since her bank and ebay are under massive attack from phishers, and your mother, if she is using any of the common email clients is

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread James A. Donald
-- From: Anne Lynn Wheeler [EMAIL PROTECTED] drastically improving the useability of the interface to the trusted public key repositories could be viewed as having two downsides 1) certification authorities that haven't payed to have their public keys preloaded can more easily join

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread James A. Donald
-- From: Ed Gerck [EMAIL PROTECTED] Digital certs (X.509 and PGP) are useful when the key owner is not online. There is a world when this not only happens but is also useful. BTW, this is recognized in IBE as well. But the key owner is always online, for in practice,

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread Travis H.
Not to side track the discussion, but frequently I've heard PKI compared to PGP's model. Isn't PGP's trust model the same as everyone being their own CA? I find PGP to be problematic. Many keys I see are only self-signed, and this includes important keys like CERT. Many others sit unsigned on

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-12 Thread James A. Donald
-- From: Ralf Senderek [EMAIL PROTECTED] I think what's missing is the understanding that there cannot be secure email without the persons involved acting responsible and knowing their role in the process. Your mother will probably expect the computer to do the job for her (mine will

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Victor Duchovni
On Thu, Dec 08, 2005 at 05:10:20PM -0800, Ed Gerck wrote: PGP is public-key email without PKI. This is true for use in geodesic networks, but not true for inter-organization email, one ends up introducing gateway systems, that create an ad-hoc PKI of gateways that have exchanged keys and users

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Anne Lynn Wheeler
Ed Gerck wrote: I believe that's what I wrote above. This rather old point (known to the X.509 authors, as one can read in their documents) is why X.509 simplifies what it provides to the least possible _to_automate_ and puts all the local and human-based security decisions in the CPS.

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Anne Lynn Wheeler
Ed Gerck wrote: PGP is public-key email without PKI. So is IBE. And yet neither of them has all the identical, same basic components that PKI also needs. Now, when you look at the paper on email security at http://email-security.net/papers/pki-pgp-ibe.htm you see that the issue of what

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Anne Lynn Wheeler
James A. Donald wrote: However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing relationship between two people that know and trust each other. in the public key model ... whether it involves pgp, pki, digital

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Ed Gerck
Anne Lynn Wheeler wrote: usually when you are doing baseline ... you start with the simplest, evaluate that and then incrementally add complexity. I think that's where PKI got it wrong in several parts and not just the CPS. It started with the simplest (because it was meant to work for a

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Bill Stewart
At 09:40 AM 12/8/2005, Aram Perez wrote: On Dec 7, 2005, at 10:24 PM, James A. Donald wrote: Software is cheaper than boats - the poorest man can afford the strongest encryption, but he cannot afford the strongest boat. If it is that cheap, then why are we having this discussion? Why isn't

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-09 Thread Ed Gerck
Anne Lynn Wheeler wrote: Ed Gerck wrote: Regarding PKI, the X.509 idea is not just to automate the process of reliance but to do so without introducing vulnerabilities in the threat model considered in the CPS. but that is one of the points of the article that as you automate more things

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-09 Thread James A. Donald
-- From: Anne Lynn Wheeler [EMAIL PROTECTED] PKI is trying to offer some added value in first time communication between two strangers However, the main point of attack is phishing, when an outsider attempts to interpose himself, the man in the middle, into an existing

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-09 Thread James A. Donald
-- James A. Donald: We can, and should, compare any system with the attacks that are made upon it. As a boat should resist every probable storm, and if it does not it is a bad boat, an encryption system should resist every real threat, and if it does not it is a

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-09 Thread Matthew Byng-Maddick
On Thu, Dec 08, 2005 at 09:40:22AM -0800, Aram Perez wrote: On Dec 7, 2005, at 10:24 PM, James A. Donald wrote: Aram Perez James A. Donald: We can, and should, compare any system with the attacks that are made upon it. As a boat should resist every probable storm, and if it does not it is

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread Anne Lynn Wheeler
Ed Gerck wrote: Depends on your use. An X.509 identity cert or a PGP cert can be made as secure as you wish to pay for. The real question, however, that is addressed by the paper is how useful are they in terms of email security? How do you compare them and which one or which product to

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread James A. Donald
-- James A. Donald: We can, and should, compare any system with the attacks that are made upon it. As a boat should resist every probable storm, and if it does not it is a bad boat, an encryption system should resist every real threat, and if it does not it is a bad encryption

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread StealthMonger
James A. Donald [EMAIL PROTECTED] writes: ... email should be sent by a direct connection from the client to the recipient mail server, rather than this store and forward crap. This would eliminate the only available technique for strong anonymity or pseudonymity. Strong anonymity or

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread James A. Donald
-- From: Ed Gerck [EMAIL PROTECTED] Depends on your use. An X.509 identity cert or a PGP cert can be made as secure as you wish to pay for. Many users are already using MUAs that check signatures. Why are phishing targets not already using signed mail? I conjecture that

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread Ed Gerck
Anne Lynn Wheeler wrote: i've periodically written on security proportional to risk ... small sample http://www.garlic.com/~lynn/2001h.html#61 ... introductioin of PKI and certificates in such an environment may actually create greater vulnerabilities ... since it may convince the recipient to

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-08 Thread Anne Lynn Wheeler
Ed Gerck wrote: Regarding PKI, the X.509 idea is not just to automate the process of reliance but to do so without introducing vulnerabilities in the threat model considered in the CPS. but that is one of the points of the article that as you automate more things you have to be extra careful

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-07 Thread James A. Donald
-- From: Ed Gerck [EMAIL PROTECTED] Subject:X.509 / PKI, PGP, and IBE Secure Email Technologies http://email-security.net/papers/pki-pgp-ibe.htm X.509 / PKI (Public-Key Infrastructure), PGP (Pretty Good Privacy) and IBE (Identity-Based Encryption)

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-07 Thread Aram Perez
On Dec 7, 2005, at 8:40 AM, James A. Donald wrote: -- From: Ed Gerck [EMAIL PROTECTED] Subject:X.509 / PKI, PGP, and IBE Secure Email Technologies http://email-security.net/papers/pki-pgp-ibe.htm X.509 / PKI (Public-Key Infrastructure), PGP (Pretty Good

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-07 Thread Anne Lynn Wheeler
Aram Perez wrote: I'm sorry James, but you can't expect a (several hundred dollar) rowboat to resist the same probable storm as a (million dollar) yacht. There is no such thing as one-size encryption system fits all cases. unfortunately there are more than a few counter-examples that are