> Not in the PKI sense
PKI only works when there is trust.
If you think "Rather a matter of apples and oranges, in my view." you
are very blind to the trust element and its importance. I know you would
even trust the Soviet Union.
Haren writes:
> It is factor that contributes to building trust.
Not in the PKI sense. Rather a matter of apples and oranges, in my view.
>Antitrust refers to prevention of abuse of monopolistic dominance of a
>market; it has nothing to do with trust in the sense
It is factor that contributes to building trust.
>Antitrust refers to prevention of abuse of monopolistic dominance of a
>market; it has nothing to do with trust in the sense
It is factor that contributes to building trust.
John writes:
> This appears to be relatively new.
The policies on shipping certificates with the product or making them
available via MS updates may be recent. The mechanism of handling them in
software has been around for a long time. You can see the certificates in
the Internet options in MSI
Haren writes:
> There was a flaw in IE, although it has been fixed ...
Since it has been fixed, where's the problem?
> How can trust IE, it there is some very serious
> flaws like this one?
There are very serious flaws in just about all software; I have not
encountered any exceptions outside th
> Which one?
According to Al Arsenault:
> a number of the entities behind those trusted roots go out of
business, or become somebody else, or... A quick quiz, > based on the
root certs from IEv6 (yes, I know the answer to these questions, but
I've been working in the PKI area > for over 15 year
> Why are keystore components written by Microsoft peculiarly unworthy
of
> trust?
There was a flaw in IE, although it has been fixed, the flaw allows the
attackers to delete certificates from the keystore without any user
notification.
How can trust IE, it there is some very serious flaws like t
Anthony,
I asked Christian for a reason. This appears to be relatively
new. It isn't clear, from either the article or his note, how
much of it is deployed already.It is linked, the article
says, to Win XP and not to IE -- there are different procedures,
it says, for IE under Win 2000, M
John writes:
> Now, if I read this correctly, there is no
> more choice ...
You read incorrectly. Default behavior is not mandatory behavior.
> Conversely, if I'm part of an enterprise that
> issues its own certs for internal purposes, it
> doesn't look as if I can make those certs usable
> in
--On Tuesday, 10 June, 2003 09:12 -0700 Christian Huitema
<[EMAIL PROTECTED]> wrote:
The procedures used to determine the list of certification
authorities in Windows XP, Internet Explorer and other
Microsoft products are documented at:
http://www.microsoft.com/technet/treeview/default.asp?url=
Haren writes:
> Some CA has sold their private key to get out
> of bankruptcy.
Which one?
> > I can not simply, they could be fake, and there
> > is no establishment of trust, especially if the
> > keystore component is written by Microsoft.
>
> Why are keystore components written by Microsoft peculiarly unworthy
of
> trust?
The procedures used to determine the list of certification a
Haren writes:
> I can not simply, they could be fake, and there
> is no establishment of trust, especially if the
> keystore component is written by Microsoft.
Why are keystore components written by Microsoft peculiarly unworthy of
trust?
Christian Huitema wrote:
> The PKI and the PGP model both have risks, just different risks. The
PGP
> model only involves the two parties; it brings the risk that the two
> parties misidentify each other. The PKI model involves a third party,
> supposedly trusted by both players; it brings the ris
>You have more control. More control does not
>mean less risk.
Control is needed in risk management.
>You have more control. More control does not
> mean less risk.
You can not gain trust by someone showing me a certificate.
Trust is something that has to be controlled by the user and not trust
chains in the certificate.
The risk is reduced by starting with an empty keystore, when I have
enough trust in the person then I added the person. When the trust is
comprised, I remove the person. And before using my private key, I must
enter a pass phrase as the private key is encrypted with this pass
phrase.
In X.509, it
n 09 20:38:27 2003
>To:Hallam-Baker, Phillip
>Cc:[EMAIL PROTECTED]
>Subject: RE: Certificate / CPS issues
>
>Seems to me that if it is a chain (?) ...
>Then it is only as strong as its weakest link, which ever link it might
>be...\Stef
>
>At 20:11 -0700 6/9/03, Halla
2003
To: Hallam-Baker, Phillip
Cc: [EMAIL PROTECTED]
Subject:RE: Certificate / CPS issues
Seems to me that if it is a chain (?) ...
Then it is only as strong as its weakest link, which ever link it might
be...\Stef
At 20:11 -0700 6/9/03, Hallam-Baker, Phillip wrote:
>Number of st
t matters.
>
>Strength comes from discipline and process.
>
>The surest way to create insecurity is to fear everything you cannot control
>
>
>
> -Original Message-
>From: Christian Huitema
>Sent: Mon Jun 09 17:32:51 2003
>To:Hallam-Baker, Phillip; [EMAIL
Sent: Mon Jun 09 17:32:51 2003
To: Hallam-Baker, Phillip; [EMAIL PROTECTED]
Subject:RE: Certificate / CPS issues
> I dispute the lower risk claim. You have more control. More control
does
> not mean less risk.
The PKI and the PGP model both have risks, just different risks. T
> I dispute the lower risk claim. You have more control. More control
does
> not mean less risk.
The PKI and the PGP model both have risks, just different risks. The PGP
model only involves the two parties; it brings the risk that the two
parties misidentify each other. The PKI model involves a t
illip'; [EMAIL PROTECTED]
Subject: RE: Certificate / CPS issues
> serious problems with the PGP model.
PGP model offers a lower risk, since I can choose to trust the claimed
person or not.
I know PGP, may not scale globally.
> serious problems with the PGP model.
PGP model offers a lower risk, since I can choose to trust the claimed
person or not.
I know PGP, may not scale globally.
ECTED]
Subject: Re: Certificate / CPS issues
*> From [EMAIL PROTECTED] Sun Jun 8 18:27:12 2003
*> From: "Hallam-Baker, Phillip" <[EMAIL PROTECTED]>
*> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
*> Subject: Re: Certificate / CPS i
*> From [EMAIL PROTECTED] Sun Jun 8 18:27:12 2003
*> From: "Hallam-Baker, Phillip" <[EMAIL PROTECTED]>
*> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
*> Subject: Re: Certificate / CPS issues
*> Date: Sun, 8 Jun 2003 18:16:3
> Yes, I'm sure those guidelines are all well and good and
> clearly thought out.
> The problem is that what actually gets *LEGISLATED* may be a
> totally different
> story
Well why not go and find out rather than raising a theoretical
problem that probably does not exist?
Most of the digital
On Sun, 08 Jun 2003 18:16:32 PDT, "Hallam-Baker, Phillip" <[EMAIL PROTECTED]> said:
> According to the ABA digital signature guidelines a digital signature should
> create a REBUTTABLE presumption of validity. That is exactly the same as the
> standard for a written signature, it is assumed to be
Lets try a thought experiment. Imagine for a moment someone came to this
forum in 1990 proposing say lossy packet routing could never possibly work
because nobody could rely on such a system, pointing out that the Internet
was minute compared to the telephone system and that therefore the Internet
On Sun, 08 Jun 2003 11:34:20 BST, you said:
> > a digital signature *could* be binding even if it's invalid
>
> If it is legal binding, when if the CA signs my certificate would also
> be a legal blinding act? Since a certificate is a document that has a
> digital signature.
>
> False certificati
On Sun, 08 Jun 2003 11:11:28 BST, you said:
> You are telling if someone else was given a certificate in my name and
> signed a virus code and distributed it. I would go to jail for it
> because it was signed in my name.
Check with a lawyer - and note that the spammers are *already* using things
I suggested a few month ago that the PKI to become gPKI should be supported by the DNS system by using special DNS records and an ldap naming scheme.
In short (go in the archive and look for GLOBAL PKI on DNS), I want to send you an e-mail so I query the DNS with the domain bbn.com and it repl
> a digital signature *could* be binding even if it's invalid
If it is legal binding, when if the CA signs my certificate would also
be a legal blinding act? Since a certificate is a document that has a
digital signature.
False certification would make CA in trouble regardless of their
disclaimer
>Also, remember that a signature merely proves the signed data and the
>public key were accessible to a computational device at the same time.
>This is a LONG stretch from actually meaning you signed it
intentionally.
>See Schneier's "Secrets and Lies", there's a whole chapter on this
point,
>or ju
On Sat, 07 Jun 2003 08:30:34 BST, Haren Visavadia <[EMAIL PROTECTED]> said:
> The CA holds no warranty, making the certificate invalid in legal terms,
> since they can not prove the certificate is yours.
IANAL, but you better check with a lawyer on that one. Depending where you
live, a digital s
Valdis writes:
> ... the biggest question is which spammer (if any)
> is willing to risk the lawsuit to find out.
There might be quite a few. It might be easy to have Habeas' claims
invalidated, and it would be worthwhile to spammers to get that out of the
way. Additionally, some organizations
> I hereby request the list management to remove
> Anthony's email address from the subscriber list,
> so as to not expose the IETF to liability.
Too late ... my incredibly valuable service mark has already been
distributed to the list many times in the headers of my messages. Clearly
this dilute
>OK, so what happens when someone else uses my address, perhaps using
> my passport, captured from some mail sent by me to someone?
> I think the term of art is "being Joe Jobbed".
> Every now and then, I get a bounced report that claims something I
sent
> is being returned, but it was not se
On Sat, 07 Jun 2003 00:39:37 EDT, "Michael Froomkin - U.Miami School of Law" said:
> You cannot get trademark protection for anything "functional". To the
> extent that the Habeus magic words are used functionally, I do not think
> they are eligible for trademark protection.
I stand corrected. :
You cannot get trademark protection for anything "functional". To the
extent that the Habeus magic words are used functionally, I do not think
they are eligible for trademark protection.
Ditto copyright: "Works that may not be protectable by copyright include:
short phrases and slogans, fami
On Sat, 07 Jun 2003 00:45:37 +0200, Anthony Atkielski <[EMAIL PROTECTED]> said:
> Incidentally, the name of my domain is a service mark, and so any e-mail
> coming to me from Habeas is an infringement on my service mark, since it
> will contain the name of my domain. You can't argue with this, s
Dan writes:
> Regarding a "passport" mechanism, have you
> taken a look at www.habeas.com?
Habeas represents one of the most egregious perversions of trademark and
copyright law that I've ever encountered. Their copyright and trademark
claims are invalid prima facie, and they hope to get their w
At 12:40 06/06/03 -0700, Einar Stefferud wrote:
OK, so what happens when someone else uses my address, perhaps using
my passport, captured from some mail sent by me to someone?
I think the term of art is "being Joe Jobbed".
Every now and then, I get a bounced report that claims something I sent
i
Al Arsenault:
> SPAM passes your tests/filters until you
> figure out how to remove the cert from the list of trusted ones.
A filter could be set to filter out all e-mail containing a certain
certificate, regardless of the trust chain.
The trust chain will include the root cert, which is self-signed.
This means you would have to somehow trust the root cert. And that might
be difficult:
> Only a fool would accept a self-signed certificate
On Fri, 6 Jun 2003, Haren Visavadia wrote:
> Dave wrote:
> > Only a fool would accept a self-signed certificate
>
> CA certificate is self-signed.
>
> Are you suggesting CA should cross sign each others certificates?
>
If a root certificate is installed by a process you choose to trust, it is
n
OK, so what happens when someone else uses my address, perhaps using
my passport, captured from some mail sent by me to someone?
I think the term of art is "being Joe Jobbed".
Every now and then, I get a bounced report that claims something I sent
is being returned, but it was not sent by me.
Dave wrote:
> Only a fool would accept a self-signed certificate
CA certificate is self-signed.
Are you suggesting CA should cross sign each others certificates?
how to remove the cert from the list of trusted ones. Not
something that my mother will easily know how to do.
Al Arsenault
- Original Message -
From: "David Morris" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 06, 2003 1:01 PM
Subject: RE:
On 6/6/03 at 9:48 AM -0700, Phillip Hallam-Baker wrote:
Signs keys for people you don't LIKE?
Well, I was referring to people who send spam, or aren't reputable
business folk, or do any of a list of nasty things that I consider
non-trustworthy. I should have put "don't like" in quotes.
In your
Pete wrote:
> No, but if Mary turns out to be someone who signs PGP keys for people
> I don't like.
The job of the CA is NOT based on liking; it is one of authenticating
the subscriber and issuing a certificate.
The authentication of subscriber is defined by the CA's CPS.
> I think the real problem here is that folk are demanding something
that is
> impossible. They want a PKI that is entirely costless, failure free
and
>provides unlimited liability. If you set that as the standard for
existence
> of a global PKI then you are never going to see one.
Folks will pay
>Do you think that folk signing PGP keys are undertaking unlimited
liability
>should the certification turn out to be incorrect?
The biggest difference between PGP and X.509, is that in PGP I can
choose the level of trust.
X.509 is based on doctorial model, where my browser is forced into
trustin
On Fri, 6 Jun 2003, Hallam-Baker, Phillip wrote:
>
> Security is risk control, not risk elimination.
Absolutely!
Extending that thought, managing risk is about the cost of loss vs. the
cost of protection.
Humans make mistakes. Systems fail. Sammy Sousa used the wrong bat. The
suttles failed.
t
the criteria to be set at military security levels. Most people simply won't
pay for that.
Phill
> -Original Message-
> From: Pete Resnick [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 06, 2003 12:10 PM
> To: Hallam-Baker, Phillip
> Cc: '[EMAIL
Dan Kohn wrote:
>Regarding a "passport" mechanism, have you taken a look at
>www.habeas.com? Specifically, they offer such a "this is not spam"
>warrant mark, and the pricing for individuals is free. The trick is
>that they use copyright and trademark law as the enforcement mechanism.
I'm surpr
On 6/6/03 at 7:41 AM -0700, Phillip Hallam-Baker wrote:
Do you think that folk signing PGP keys are undertaking unlimited
liability should the certification turn out to be incorrect?
No, but if Mary turns out to be someone who signs PGP keys for people
I don't like, I can simply say "Don't trust
Regarding a "passport" mechanism, have you taken a look at
www.habeas.com? Specifically, they offer such a "this is not spam"
warrant mark, and the pricing for individuals is free. The trick is
that they use copyright and trademark law as the enforcement mechanism.
(NB: I helped start the compa
Yes, the CPS disclaims all WARANTIES.
You do not want a CA that provides a recourse that depends on finding of
fault. WARANTIES are a specific legal instrument that provides recourse
through the courts under theories of merchantability and negligence. So you
have to PROVE the CA did something wron
At 12:12 05/06/03 -0700, Hallam-Baker, Phillip wrote:
A spam sender could attempt to use disposable certificates in the same way
that IP addresses and dialup accounts are considered disposable. This is
unlikely to work for long, the spam sender can set up lots of shell
companies at the same address
>Furthermore, Verisign already compromised its trust model in the worst
way
>some time ago when it let a complete stranger obtain a Microsoft
signing
>certificate.
The trust model comprised due to failure on the CA's part. The CA had
failed to successfully identify who the person before issuing t
> Verisign's declaimer which is part of the CPS.
> This would the CA simply endorses the subscriber's
> information. How can you trust a CA with a
> disclaimer like this?
You can't.
Furthermore, Verisign already compromised its trust model in the worst way
some time ago when it let a complete str
Verisign's declaimer which is part of the CPS. This would the CA simply
endorses the subscriber's information. How can you trust a CA with a
disclaimer like this?
"VERISIGN DISCLAIMS ANY WARRANTIES WITH RESPECT TO THE SERVICES PROVIDED
BY VERISIGN HEREUNDER INCLUDING WITHOUT LIMITATION ANY AND ALL
64 matches
Mail list logo
