Re: [therightkey] Barely-capable CAs
Rob Stradling <rob.stradling@comodo.com> Thu, 01 November 2012 20:13 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27DA721F89D0 for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 13:13:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.339
X-Spam-Level:
X-Spam-Status: No, score=-6.339 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1usul1oBseFn for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 13:13:03 -0700 (PDT)
Received: from mmmail1.mcr.colo.comodoca.net (mdfw.comodoca.net [91.209.196.68]) by ietfa.amsl.com (Postfix) with ESMTP id AF0EA21F85AE for <therightkey@ietf.org>; Thu, 1 Nov 2012 13:13:02 -0700 (PDT)
Received: (qmail 26303 invoked from network); 1 Nov 2012 20:12:53 -0000
Received: from ian1.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.201) by mail.colo.comodoca.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 1 Nov 2012 20:12:53 -0000
Received: (qmail 10663 invoked by uid 1000); 1 Nov 2012 20:12:53 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Thu, 01 Nov 2012 20:12:53 +0000
Message-ID: <5092D7C4.6020009@comodo.com>
Date: Thu, 01 Nov 2012 20:12:52 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <508A48C5.9070005@comodo.com> <544B0DD62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com> <CAMm+LwjQiJ3aWpAYdy1hxtf09Sf=4g9AO=r-PihSPVkc8PMLkg@mail.gmail.com> <5092B8C4.3070607@cs.tcd.ie> <CABrd9SRKuo-VW6AHapz0NogKSGmcXXtRomTh1bvZudaB5q-GTQ@mail.gmail.com> <CAMm+LwhxLYhEJ213AmvTo6cCfPRq_0X1hxJx1vN13nfxkBWLiw@mail.gmail.com> <CABrd9ST3=4b73jDZb=Cxq6L_+2z7ExCKcY-ywBiD5hW98uAWBw@mail.gmail.com> <CAMm+Lwh3KeAXibf+vE9KW+JJ7XaUSDMkstcTp-LDwCQe7QX8Mg@mail.gmail.com> <5092D644.5020909@comodo.com>
In-Reply-To: <5092D644.5020909@comodo.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Lucy Lynch <llynch@civil-tongue.net>, Ben Laurie <benl@google.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 20:13:11 -0000
On 01/11/12 20:06, Rob Stradling wrote: > On 01/11/12 20:01, Phillip Hallam-Baker wrote: >> OK so some examples do exist. But really what proportion of real world >> compromises do not involve something bone headed like using a 512 bit >> key for DKIM signatures? >> >> What I am saying here is not 'don't do CT', I am saying that we have to >> make the ease of administration a high priority in the design. > > I would say that "ease of administration" for server operators is one of > the main reasons why Ben is interested in getting CAs to participate! ;-) I'm not saying that CA participation in CT will magically make administration easy. ;-) I am suggesting that having no extra steps to perform is probably _easier_ than having some extra steps to perform. >> On Thu, Nov 1, 2012 at 3:52 PM, Ben Laurie <benl@google.com >> <mailto:benl@google.com>> wrote: >> >> On 1 November 2012 18:38, Phillip Hallam-Baker <hallam@gmail.com >> <mailto:hallam@gmail.com>> wrote: >> > Again, does it appear so subtle after it has been discovered? >> >> Well, I find I have to remind myself how it works. So ... yeah. >> >> Also, I assumed Bliechanbacher was the exponent 3 thing, which was >> also pretty subtle. >> >> > >> > Would the flaw have been discovered sooner if there was not so >> much dead >> > code? >> >> I don't think dead code had any influence on either of these. >> >> > >> > >> > On Thu, Nov 1, 2012 at 2:35 PM, Ben Laurie <benl@google.com >> <mailto:benl@google.com>> wrote: >> >> >> >> On 1 November 2012 18:00, Stephen Farrell >> <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> >> >> wrote: >> >> > >> >> > >> >> > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote: >> >> >> Having worked in Web security over 20 years now, I have still >> to see a >> >> >> case >> >> >> where a system was breached because of a really subtle design >> flaw. >> >> > >> >> > Bleichenbacher? >> >> >> >> TLS renegotiation? >> >> >> >> > >> >> > S. >> >> > _______________________________________________ >> >> > therightkey mailing list >> >> > therightkey@ietf.org <mailto:therightkey@ietf.org> >> >> > https://www.ietf.org/mailman/listinfo/therightkey >> > >> > >> > >> > >> > -- >> > Website: http://hallambaker.com/ >> > >> >> >> >> >> -- >> Website: http://hallambaker.com/ >> >> >> >> _______________________________________________ >> therightkey mailing list >> therightkey@ietf.org >> https://www.ietf.org/mailman/listinfo/therightkey >> > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- [therightkey] Certrans BoF planning Paul Hoffman
- [therightkey] Call for agenda items for certrans … Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Erwann Abalea
- Re: [therightkey] Impact on issue processes Rick Andrews
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rick Andrews
- [therightkey] Other solutions to the problem Paul Hoffman
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Chris Palmer
- Re: [therightkey] Other solutions to the problem Yoav Nir
- Re: [therightkey] Other solutions to the problem Rob Stradling
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Call for agenda items for certr… Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Leif Johansson
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Stephen Farrell
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Phillip Hallam-Baker
- Re: [therightkey] Other solutions to the problem Ben Laurie
- [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Lucy Lynch
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rick Andrews
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Stephen Farrell
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Nico Williams
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Martin Rex
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker