A secure Internet requires a secure network protocol
Alex Alten
alex at alten.org
Sat Jun 23 01:59:35 EDT 2007
Lynne or Anne,
At 10:30 AM 6/22/2007 -0600, Anne & Lynn Wheeler wrote:
>A secure Internet requires a secure network protocol
>http://www.infoworld.com/article/07/06/22/25OPsecadvise_1.html
>
Actually I think we need a shadow Internet that is used only for security
purposes (and is
fully encrypted). It is sort of like the old SS7 signaling infrastructure
of the phone network.
It doesn't need the same bandwidth, maybe 1/1000 or 1/10,000 as much. It
would use
strictly cryptographic protocols for identity & authentication and key
management, etc..
>one of the things seen in various of the SSL (authentication) vulnerabilities
SSL seems to be hanging by a thread, mainly the name to public key mapping
depends on how thorough the checking is done in to SSL vs application layers
inside of the web browser. If this is hosed then unrestricted MITM is in
the cards
sometime in the near future.
- Alex
--
Alex Alten
alex at alten.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list