GSM eavesdropping

Paul Wouters paul at xelerance.com
Mon Aug 2 16:19:38 EDT 2010


On Mon, 2 Aug 2010, Nicolas Williams wrote:

>> If that was a major issue, then SSL would have been much more successful
>> then it has been.
>
> How should we measure success?

"The default mode for any internet communication is encrypted"

> By that measure TLS has been so much more successful than IPsec as to
> prove the point.

I never claimed IPsec was more successful....It was not.

> Of course, TLS hasn't been successful in the sense that we care about
> most.  TLS has had no impact on how users authenticate (we still send
> usernames and passwords) to servers, and the way TLS authenticates
> servers to users turns out to be very weak (because of the plethora of
> CAs, and because transitive trust isn't all that strong).

Let's first focus on foiling the grand scale of things by protecting
against passive attacks of large scale monitoring. Then let's worry
about protecting against active targetted attacks.

> But note that the one bit you're talking about is necessarily a part of
> a resolver API, thus proving my point :)

Yes, but in some the API is pretty much done. If you trust your (local)
resolver, the one bit is the only thing you need to check. You let the
resolver do most of the bootstrap crypto. One you have that, your app
can rip out most of the X.509 nonsense and use the public key obtained
from DNS for its further crypto needs.

> ...but we grow technologies organically, therefore we'll never have a
> situation where the necessary infrastructure gets deployed in a secure
> mode from the get-go.  This necessarily means that applications need
> APIs by which to cause and/or determine whether secure modes are in
> effect.

But by now, upgrades happen more automatic and more quickly. Adding something
new to DNS won't take 10 years to get deployed. We've come a long way. It's
time to reap the benefits from our new infrastructure.

Paul

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list