Re: [therightkey] Barely-capable CAs
Phillip Hallam-Baker <hallam@gmail.com> Thu, 01 November 2012 18:13 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84E7E21F8E65 for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:13:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.505
X-Spam-Level:
X-Spam-Status: No, score=-3.505 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNHwXMV1BDIs for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id BF89E21F8E41 for <therightkey@ietf.org>; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id v19so3062542obq.31 for <therightkey@ietf.org>; Thu, 01 Nov 2012 11:13:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/E9XaP/2UxBsXiIxRcspQUBoHOEV3cujffvE2GwfTQI=; b=Tb5tHSy7sxpefTrZpmSa623gKNsrr9HokN2qAr4+XerL9QzLbYsBlzWUgGdzVsoipT 72OA+RDN2yazzBmSzT/PUSeRKYV2o+9nlcbFm0aY0/RMg54B//rhLQiL3uxdmAt7QkoI +ccdQ3d0XE5n8oFFkN8a/fIlhKXUDvRzCfij+dgPGR0nYA8oZQc42gJzohruEJugKFzT qU1cxNPhJMvg0ZzoCnQ1DPz90xarxfs8VDlVIp5K0ZENvtveuqsS+GsmdXJcMaSqW8kK K6P8xy+sQDqj6l/NgFi6Ijcsy/oLAdCvLWSpXS+ReTiRCWCyEDGvI8tZA/fQfkXtvjhE vbzQ==
MIME-Version: 1.0
Received: by 10.182.54.103 with SMTP id i7mr33616534obp.62.1351793610222; Thu, 01 Nov 2012 11:13:30 -0700 (PDT)
Received: by 10.76.27.103 with HTTP; Thu, 1 Nov 2012 11:13:30 -0700 (PDT)
In-Reply-To: <5092B8C4.3070607@cs.tcd.ie>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D3FBAE8@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAOuvq22PMSq2sAmUBfJcWu6LhEdCA3jKteu38m4UuHbykp7xZw@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D5FC685@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <6DD8CB4F-1233-403D-A27E-F3F80310390F@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D5FC79B@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <508A48C5.9070005@comodo.com> <544B0DD62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com> <CAMm+LwjQiJ3aWpAYdy1hxtf09Sf=4g9AO=r-PihSPVkc8PMLkg@mail.gmail.com> <5092B8C4.3070607@cs.tcd.ie>
Date: Thu, 01 Nov 2012 14:13:30 -0400
Message-ID: <CAMm+Lwgn=hLvKkmMmn9r7BExg6P413YNFWp2o0CS9Mx6NLDv7g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="14dae93a113df26af104cd72f953"
Cc: Lucy Lynch <llynch@civil-tongue.net>, "therightkey@ietf.org" <therightkey@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 18:13:31 -0000
Which depended on a subtle mistake in the SSL 3.0 protocol. Specifically, it gave a different report depending on whether the text decrypted or not. Rather ironically here, the specific flaw in SSL 3.0 that made the attack possible was one that the designer of 3.0 had actually played a major part in raising in the civil field. Paul Kocher's other work being exploiting differences in the physical behavior of devices running crypto (timing, behavior in fault situation, radiation). Now if Netscape had not been so chronically mismanaged as to only allow Paul two weeks to review the spec and to only give Knight 10 days to write Javascript, well the history of Web Security might have been rather different. On Thu, Nov 1, 2012 at 2:00 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote: > > > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote: > > Having worked in Web security over 20 years now, I have still to see a > case > > where a system was breached because of a really subtle design flaw. > > Bleichenbacher? > > S. > -- Website: http://hallambaker.com/
- [therightkey] Certrans BoF planning Paul Hoffman
- [therightkey] Call for agenda items for certrans … Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Paul Hoffman
- Re: [therightkey] Call for agenda items for certr… Phillip Hallam-Baker
- [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Erwann Abalea
- Re: [therightkey] Impact on issue processes Rick Andrews
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Phillip Hallam-Baker
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rob Stradling
- Re: [therightkey] Impact on issue processes Paul Hoffman
- Re: [therightkey] Impact on issue processes Rick Andrews
- [therightkey] Other solutions to the problem Paul Hoffman
- Re: [therightkey] Impact on issue processes Chris Palmer
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Chris Palmer
- Re: [therightkey] Other solutions to the problem Yoav Nir
- Re: [therightkey] Other solutions to the problem Rob Stradling
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Impact on issue processes Ben Laurie
- Re: [therightkey] Call for agenda items for certr… Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Leif Johansson
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Rick Andrews
- Re: [therightkey] Other solutions to the problem Stephen Farrell
- Re: [therightkey] Other solutions to the problem Ben Laurie
- Re: [therightkey] Other solutions to the problem Phillip Hallam-Baker
- Re: [therightkey] Other solutions to the problem Ben Laurie
- [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Lucy Lynch
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rick Andrews
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Stephen Farrell
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Nico Williams
- Re: [therightkey] Barely-capable CAs Ben Laurie
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Paul Hoffman
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Rob Stradling
- Re: [therightkey] Barely-capable CAs Martin Rex
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Jon Callas
- Re: [therightkey] Barely-capable CAs Phillip Hallam-Baker