;
* Using CGA, E establishes a secure channel from X to B;
Voila, the connections are properly secured with CGA, yet E is in the
middle.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
way to introduce public keys in
TSIG. Two alternative come to mind, using TLSA to negotiate a secure DNS
transport, and if you really want to use CGA, using CGA in conjunction with
TKEY to negotiate the TSIG secrets.
-- Christian Huitema
___
perpass
attention to
traffic analysis. We should obviously take the easy steps, encrypt the DNS,
e-mail and SIP connections. But when it comes to IP header analysis, we have
pretty few solutions. VPN, of course, but that requires configuration. Could
we change that?
-- Christian Huitema
as a perfectly stable reference for
correlation. But if the ISP cooperates, maybe we can get the top 64 bits to
also change often.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS
would add some value. How can we make it more likely they do use
SIP/TLS?
Define nobody, please. Microsoft Lync uses SIP/TLS by default. That must
be more than nobody.
-- Christian Huitema
to whom, and pretty soon I will have a good
idea of the social network.
If I was running such a system, I would hate to see SMTP traffic becoming
encrypted.
In the past, we did not suspect that someone would run such a system. We
were probably naïve.
-- Christian Huitema
in the DNS protocol. It does require that the resolver somehow learn
the zone cuts, but that is not impossible to learn.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
authentication of clients could be much more
than a band aid, and would have the advantage of not involving third parties
in the relation between server and client. Intuitively, that seems easier
than requiring all clients to get a PKI style certificate.
-- Christian Huitema
-Original Message-
From: perpass [mailto:perpass-boun...@ietf.org] On Behalf Of Dave Crocker
Sent: Wednesday, November 27, 2013 6:06 AM
To: perpass
Subject: [perpass] Guide to intranet protection?
Morning mid-coffee question:
There have been some recent news articles about
architectures is probably treated as
trade secret. And I am really not sure that the IETF is the best place to
conduct such discussions.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
no download. That would be
a nice way to push sites towards HTTPS. The various trackers will probably
be the first to move...
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
At a minimum, never send third party cookies over unencrypted links.
-Original Message-
From: Dean Willis dean.wil...@softarmor.com
Sent: 12/26/2013 8:24 PM
To: perpass perpass@ietf.org
Subject: [perpass] Don't forget St. Nsaclaus' cookies
Article link, cookies combined with leaky
.
- -- Christian Huitema
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
Comment: Using gpg4o v3.2.34.4474 - http://www.gpg4o.de/
Charset: utf-8
iQEcBAEBAgAGBQJS2Mw2AAoJELba05IUOHVQdHwH/RSjp+nR91GMvR9pOOh+axwg
Nyaw7EN6EXjsNyY22Ai2Zg993kBCdva4GXiIbmbTJjdpdjO76KLYJWQli7V78+Et
may use it as an
example of what reviewing old RFC could mean.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
one at random and write a provisional ticket in
https://trac.tools.ietf.org/group/ppm-legacy-review/wiki ?
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
Could be of interest for this list. An example of Internet infrastructure
vulnerability exploited by various operators. Mount an intercept attack on
the DNS protocol, and then use it for censorship or man-in-the-middle
insertion.
From: Lauren Weinstein lau...@vortex.com
Subject: [ NNSquad ]
-identifiers-00.txt
Sorry, won't be in Toronto.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
on the side of detecting an attack.
This would change if there was an easy way to detect that the site intended
to use self-sign cert. But there is no such easy way today.
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org
; it or don't report or log it.
That sounds like a reasonable plan. Let's start, then. What about having
interested parties meet at a bar in Yokohama, say Monday evening, and start
drafting the first solution? I would be happy to pay the first round of
drinks, if that speeds up consens
Jack’s bar has JPY 1000 cover charge. Hope that’s not a problem…
Sent from Outlook Mail for Windows 10 phone
From: Ted Lemon
Sent: Tuesday, November 3, 2015 12:45 PM
To: i...@ietf.org;perpass@ietf.org
Subject: [perpass] Email bar bof in Yokohama: location.
I've decided that given that the
nal writing styles,
but I found the draft a bit dry. I would have appreciated a discussion of
the scenarios, and a bit of emphasis on the "submission" part, which is the
most concerning for privacy.
-- Christian Huitema
___
perpass mailing
uot; for privacy --
along with the DNS work. It is quite important for the privacy program at
the IETF. Please take a minute and review the drafts!
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
on to him
> > than to the last umpteen times he's pulled this sort of stunt.
> >
> > R's,
> > John
> >
> > PS: What does this have to do with perpass?
>
> If you read his post, it conflates Snowden and Singapore in a bizarre way.
Be
by the manfacturer).
>
> That doesn't mean it needs to be visible in clear after bootstrap.
It also does not mean that the identifiers should be sent in clear text...
-- Christian Huitema
___
perpass mailing list
perpass@ietf.org
https://www.i
The MAC address issue is situational. When a device is moving, you want it not
tracked, and you want the MAC random. At home, you don't care about the device
privacy, and you want an easy way to do an inventory of what is on the network.
-- Christian Huitema
> On Oct 14, 2016, at 8:07
25 matches
Mail list logo