IETF Logo Mail Archive

Re: [therightkey] Barely-capable CAs

Phillip Hallam-Baker <hallam@gmail.com> Thu, 01 November 2012 18:13 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84E7E21F8E65 for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:13:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.505
X-Spam-Level:
X-Spam-Status: No, score=-3.505 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNHwXMV1BDIs for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id BF89E21F8E41 for <therightkey@ietf.org>; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id v19so3062542obq.31 for <therightkey@ietf.org>; Thu, 01 Nov 2012 11:13:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/E9XaP/2UxBsXiIxRcspQUBoHOEV3cujffvE2GwfTQI=; b=Tb5tHSy7sxpefTrZpmSa623gKNsrr9HokN2qAr4+XerL9QzLbYsBlzWUgGdzVsoipT 72OA+RDN2yazzBmSzT/PUSeRKYV2o+9nlcbFm0aY0/RMg54B//rhLQiL3uxdmAt7QkoI +ccdQ3d0XE5n8oFFkN8a/fIlhKXUDvRzCfij+dgPGR0nYA8oZQc42gJzohruEJugKFzT qU1cxNPhJMvg0ZzoCnQ1DPz90xarxfs8VDlVIp5K0ZENvtveuqsS+GsmdXJcMaSqW8kK K6P8xy+sQDqj6l/NgFi6Ijcsy/oLAdCvLWSpXS+ReTiRCWCyEDGvI8tZA/fQfkXtvjhE vbzQ==
MIME-Version: 1.0
Received: by 10.182.54.103 with SMTP id i7mr33616534obp.62.1351793610222; Thu, 01 Nov 2012 11:13:30 -0700 (PDT)
Received: by 10.76.27.103 with HTTP; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
In-Reply-To: <5092B8C4.3070607@cs.tcd.ie>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D3FBAE8@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAOuvq22PMSq2sAmUBfJcWu6LhEdCA3jKteu38m4UuHbykp7xZw@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D5FC685@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <6DD8CB4F-1233-403D-A27E-F3F80310390F@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D5FC79B@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <508A48C5.9070005@comodo.com> <544B0DD62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com> <CAMm+LwjQiJ3aWpAYdy1hxtf09Sf=4g9AO=r-PihSPVkc8PMLkg@mail.gmail.com> <5092B8C4.3070607@cs.tcd.ie>
Date: Thu, 01 Nov 2012 14:13:30 -0400
Message-ID: <CAMm+Lwgn=hLvKkmMmn9r7BExg6P413YNFWp2o0CS9Mx6NLDv7g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="14dae93a113df26af104cd72f953"
Cc: Lucy Lynch <llynch@civil-tongue.net>, "therightkey@ietf.org" <therightkey@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 18:13:31 -0000

Which depended on a subtle mistake in the SSL 3.0 protocol. Specifically,
it gave a different report depending on whether the text decrypted or not.

Rather ironically here, the specific flaw in SSL 3.0 that made the attack
possible was one that the designer of 3.0 had actually played a major part
in raising in the civil field. Paul Kocher's other work being exploiting
differences in the physical behavior of devices running crypto (timing,
behavior in fault situation, radiation).

Now if Netscape had not been so chronically mismanaged as to only allow
Paul two weeks to review the spec and to only give Knight 10 days to write
Javascript, well the history of Web Security might have been rather
different.




On Thu, Nov 1, 2012 at 2:00 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
>
> On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote:
> > Having worked in Web security over 20 years now, I have still to see a
> case
> > where a system was breached because of a really subtle design flaw.
>
> Bleichenbacher?
>
> S.
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email