invoicing with PKI

[Peter Gutmann]

Hadmut Danisch <hadmut at danisch.de> writes:

>There was an interesting speech held on the Usenix conference by Eric
>Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf, unfortunately I did not
>have the time to visit the conference) about cryptographic (real world)
>protocols and why they failed to improve security. 

It was definitely a "must hear" talk.  If you haven't at least read the slides
(were the invited talks recorded this year?  Any MPEGs available?), do so now.
I'll wait here.

[Pause]

The main point he made was that designers are resorting to "fixing" mostly
irrelevant theoretical problems in protocols because they've run out of other
things to do, while ignoring addressing how to make the stuff they're building
usable, or do what customers want.  My favourite example of this (coming from
the PKI world, not in the talk) is an RFC on adding animations and theme music
to certificates, because that's obviously what's holding PKI deployment back.

>From the logfiles I've visited I'd estimate that more than 97% of SMTP relays
>do not use TLS at all, not even the oportunistic mode without PKI.

I did a talk last year at Usenix Security where I said that all SSL really
needed was anon-DH, because in most deployments that's how certificates are
being used (self-signed, expired, snake-oil CAs, even Verisign's handed-out-
like-confetti certs).  It's no less secure than what's being done now, and
since you can make it completely invisible to the user at least it'll get
used.  If all new MTA releases automatically generated a self-signed cert and
enabled STARTTLS, we'd see opportunistic email encryption adopted at a rate
that tracks MTA software upgrades.

(BTW I was seeing about 15% of mail handled via STARTTLS a year ago, a quick
 check on my current mail shows about 20%).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com