Re: [TLS] [certid] fyi: paper on compelled, certificate creation attack and applicable appliance

ArkanoiD <ark@eltex.net> Fri, 26 March 2010 12:08 UTC

Return-Path: <ark@eltex.net>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A59BD3A6A4C for <tls@core3.amsl.com>; Fri, 26 Mar 2010 05:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.03
X-Spam-Level: **
X-Spam-Status: No, score=2.03 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_05=-1.11, DNS_FROM_OPENWHOIS=1.13, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2SdI9899IhFt for <tls@core3.amsl.com>; Fri, 26 Mar 2010 05:08:13 -0700 (PDT)
Received: from lebedev-225.itcwin.com (unknown [88.201.200.225]) by core3.amsl.com (Postfix) with ESMTP id 394D43A6A64 for <tls@ietf.org>; Fri, 26 Mar 2010 05:07:59 -0700 (PDT)
Received: from lebedev-225.itcwin.com (ark@localhost.my.domain [127.0.0.1]) by lebedev-225.itcwin.com (8.14.3/8.14.3) with ESMTP id o2QC8Is3014312; Fri, 26 Mar 2010 15:08:18 +0300 (MSK)
Received: (from ark@localhost) by lebedev-225.itcwin.com (8.14.3/8.14.3/Submit) id o2QC8FUk006040; Fri, 26 Mar 2010 15:08:15 +0300 (MSK)
X-Authentication-Warning: lebedev-225.itcwin.com: ark set sender to ark@eltex.net using -f
Date: Fri, 26 Mar 2010 15:08:15 +0300
From: ArkanoiD <ark@eltex.net>
To: Story Henry <henry.story@bblfish.net>
Message-ID: <20100326120815.GA16604@eltex.net>
References: <4BAA7F31.5050706@KingsMountain.com> <20100325041402.GA6222@eltex.net> <4BABA01E.7080808@extendedsubset.com> <4BABBA93.40207@fifthhorseman.net> <FFD148C4-640F-4A52-BA4F-3BE7DA614636@bblfish.net> <C8B24695-7C42-4FAC-87AD-A3FC990CE189@bblfish.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <C8B24695-7C42-4FAC-87AD-A3FC990CE189@bblfish.net>
User-Agent: Mutt/1.4.2.3i
Cc: foaf-protocols@lists.foaf-project.org, Dan Kaminsky <Dan.Kaminsky@ioactive.com>, tls@ietf.org, =JeffH <Jeff.Hodges@KingsMountain.com>
Subject: Re: [TLS] [certid] fyi: paper on compelled, certificate creation attack and applicable appliance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2010 12:08:14 -0000

Well, i guess i should investigate if FOAF is applicable to my thingie:

http://milliways.chance.ru/~ark/benevolent-ssl-mitm.pdf

anyways, issuing warnings on *any* certificate changes (it is done for
self-signed certificates only at the moment) is easy..

On Fri, Mar 26, 2010 at 01:41:49AM +0100, Story Henry wrote:
> 
> On 25 Mar 2010, at 21:58, Story Henry wrote:
> 
> > 
> > To prove this one would just need to adapt the proof presented in 
> > "FOAF+SSL: Creating a Web of Trust without Key Signing Parties" 
> > 
> > http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf
> 
> Sorry, I meant the proof presented in 
> "FOAF+SSL: RESTful Authentication for the Social Web"
> 
> http://bblfish.net/tmp/2009/05/spot2009_submission_15.pdf
> 
> Henry
> 
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com 
> 
>