Re: WYTM?

2003-10-19 Thread Thor Lancelot Simon 
On Sun, Oct 19, 2003 at 01:42:34AM -0600, Damien Miller wrote:
> On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote:
> 
> > >What was the motive for adding lip service into the document?
> > 
> > So that it's possible to claim PGP and X.509 support if anyone's interested in
> > it.  It's (I guess) something driven mostly by marketing so you can answer
> > "Yes" to any question of "Do you support ".  You can find quite a number of
> > these things present in various security specs, it's not just an SSH thing.
> 
> I think that you are misrepresenting the problem a little. At 
> least one vendor (ssh.com) has a product that supports both X.509 
> and PGP, so the inclusion of these in the I-D is not just marketing 
> overriding reality - just a lack of will on part of the the draft's
> authors. 

I believe the VanDyke implementation also supports X.509, and interoperates
with the ssh.com code.  It was also my perception that, at the time, the
VanDyke guy was basically shouted down when trying to discuss the utility
of X.509 for this purpose and put his marbles back in his cloth sack and
went home.

I see lack of any chained trust mechanism as _the_ major weakness of the
SSH protocol.  X.509 is not exactly pleasant, but it is what has emerged as
the standard for identity certificates and it is functional for that
purpose, and there are many implementations available; there are even
multiple implementations available for the SSH protocol.  I have to regard
the lack of certificate/chain-of-trust support in the SSH protocol as a
highly negative result of a knee-jerk reaction to the very _mention_ of
an X.500 series standard on the working group mailing list, by people who
did not offer any functional alternative seemingly because they thought
the laughable status quo ante -- with *no* way to validate the certificate
presented by a given peer on initial contact -- was fine.  It's a shame
that dsniff and the other toolkits for attacking that protocol weakness
did not exist at the time.

Thor

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: WYTM?

2003-10-19 Thread Damien Miller 
On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote:

> >What was the motive for adding lip service into the document?
> 
> So that it's possible to claim PGP and X.509 support if anyone's interested in
> it.  It's (I guess) something driven mostly by marketing so you can answer
> "Yes" to any question of "Do you support ".  You can find quite a number of
> these things present in various security specs, it's not just an SSH thing.

I think that you are misrepresenting the problem a little. At 
least one vendor (ssh.com) has a product that supports both X.509 
and PGP, so the inclusion of these in the I-D is not just marketing 
overriding reality - just a lack of will on part of the the draft's
authors. 

I have seen little involvement on the secsh wg mailing list by 
the ssh.com people since the public spat about trademark rights 
over "ssh" a few years back. Since noone else implements these two 
public key methods, the work has never been done. IIRC The wg 
decided to punt the issue to a separate draft if it ever arose
again. It hasn't in two years. 

In the meantime, everyone involved seems to have become deathly 
afraid of touching the draft so as not to impede its glacial 
progress through the IETF on its way to RFC-hood.

Whether a sizeable number of customers acutally use certificates 
for ssh is another matter. IMO The only real use for certs in ssh 
is the issue of initial server authentication. 

If one wants to use certificates to facilitate this process, they 
can already - just publish the server keys on a https server 
somewhere and/or sign them with PGP :)

-d


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: WYTM?

2003-10-19 Thread Peter Gutmann 
Ian Grigg <[EMAIL PROTECTED]> writes:

>So, in reality, the spec does not specify, even if it uses the words?  OK, so
>there is no surprise if there is no takeup.  

Actually I think the main reason was that there's virtually no interest in this.

>What was the motive for adding lip service into the document?

So that it's possible to claim PGP and X.509 support if anyone's interested in
it.  It's (I guess) something driven mostly by marketing so you can answer
"Yes" to any question of "Do you support ".  You can find quite a number of
these things present in various security specs, it's not just an SSH thing.

To give an example from the home court (and avoid picking on other people's
designs :-), I've been advertising ECC support in my code for years.  After
three years of the code being present and a total of zero requests for its
use, I removed it because it was a pain to maintain (I also changed the text
at that point to say that it was optional/available on request).  It's now
been another three years and I'm still waiting for someone to say they
actually want to use it.  There has been the odd inquiry about potential
availability where I was able to say that it's available as an option, at that
point the user can fill in the appropriate checkbox in the RFP and forget
about it.

(Just to add a note here before people leap in with "But XYZ uses ECC
 crypto!", it's only really used in vertical-market apps.  To use it in
 general you need to know how to get it into a cert (data formats, parameters,
 and so on), find a CA to issue you the cert, figure out how to use it with
 SSL or PGP or whatever, find some other implementation that agrees with what
 your implementation is doing, etc etc etc.  This is why there's so little
 interest, not because of some conspiracy to supress ECCs.  For a more general
 discussion of this problem, see "Final Thoughts" in the Crypto Gardening
 Guide).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Young codebreakers get ready to take on UK National Cipher Challenge

2003-10-19 Thread R. A. Hettinga 
In Wessex, at least, they use "ci", instead of "cy"...

:-)

Cheers,
RAH
--


The Wessex Scene Online

Young codebreakers get ready to take on National Cipher Challenge
Date: Saturday, October 18 @ 22:05:26 BST
Topic: Computers

For the second year running the University of Southampton is challenging
young people across the UK to try their hand at cracking codes with its
National Cipher Challenge , sponsored by the EPSRC, IBM, Bletchley Park and
EducationGuardian.co.uk.


Over five hundred teams from across the UK had already registered to take
part in this year's competition before it was launched, with a total of 500
young codebreakers ready to test their skills. With the first encrypted
message now posted on the competition website, the organizers are expecting
many more to follow suit.

The competition is designed to capture the enthusiasm of young people and
to demonstrate the excitement of mathematics and computing. It is open to
entries from schools, teams and individuals from around the country and
last year attracted over 2,000 entries from more than 250 schools.

The prize fund is worth £5,000 and overall winners will be invited to a
public prize-giving at Bletchley Park, where British codebreakers broke the
German Enigma code in the Second World War.

The organiser of this year's competition is Dr Graham Niblo of the
University of Southampton's Department of Mathematics. He comments: 'It was
said by Niels Ferguson, one of the leading cryptographers of his
generation, that cryptography was "just about the most fun you can have
with mathematics". We agree with that sentiment and hope that the Cipher
Challenge will help to counter the frequent bad news about the decline in
popularity of school mathematics.'

The competition comprises a series of eight enciphered messages, forming
part of the Journal belonging to the famous (and fictional) archaeologist
Agatha Highfield, telling of her adventures as she tried to obtain the
Babylon Stone, a legendary, and possibly cursed, tablet inscribed with
Babylonian mathematics.

Frustrated by rivals and pursued by mysterious foreign agents she follows
the only clue she has, recording her adventures in her (encrypted) diary.
The first encrypted message is now on the competition website and further
episodes will be released in the period leading up to Christmas. As the
story unfolds the ciphers get harder to crack and the prizes get bigger.

Competitors will win prizes for fast and accurate decryptions of the pages
of the Journal, and will be assisted throughout the adventure by Harry
Schulz Vandiver, mathematician and private investigator, who will act as
guide and mentor through the competition website. Competitors will also
receive email feedback if they get stuck, helping them to find and correct
their own mistakes.

Simon Singh, author of The Code Book, believes that the Cipher Challenge
can inspire young people: 'It shows how maths can be applied in the real
world and generates a real excitement around the subject. The challenge
also highlights how maths and cryptography is all around us, from Internet
security to encrypting mobile phone calls,' he says.

Last year's competition grabbed the attention of the participants with its
unusual blend of adventure and mathematics, to the point where some
participants found it hard to let go. As one participant's mother remarked:
'Great competition-we even had to visit a New Forest pub to get Internet
access during our half-term holiday!'š

The competition web site can be found at www.maths.soton.ac.uk/cipher , and
there is a teachers' pack which can be downloaded in pdf format at
www.maths.soton.ac.uk/cipher/teacherspack.pdf , consisting of three lesson
plans and a brief guide to codebreaking.




-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]