Re: [9fans] spam rejection after reception does have limits

[Lucio De Re <lucio@proxima.alt.za>]

On Sun, Sep 28, 2003 at 01:05:19PM +0200, boyd, rounin wrote:
>
> > Between you and Choate, you're getting irritating: "You don't
> > understand..."  Maybe you can explain, if you're so fucking clever!
>
> you need a root CA or some other CA you trust.  this depends on
> the DNS, which can be spoofed, hence possiblty giving you a false
> public key.
>
That was the point I was trying to make.  I'll issue you a certificate
(a tiny one, without all the stupid frills).  Not only, I'll issue you
a CA certificate, so you can in turn certify your ISP or your pretty
cousin that acts as your SMTP gateway.  I'll accept their certificates
as being your agent.  I probably won't accept them as proof of their
identity, however.  That's an interesting aside not to be indulged
here.

> key revocation never worked.
>
I accept that.  It doesn't look like it could conceivably be taken
seriously by anyone.  We've had our banks (we have only a few here as
the entrance qualifications are absurdly steep) fall foul of expiry.
But why I should trust Veristupid (sic) in preference to a bank that's
more or less managed my overdraft for the past 25 years, I fail to
understand.  Yet everyone jumped in horror when MSIE raised the alarm.

More of that lack of communication between tech and non-tech.  Even
within one's brain, seemingly, as the only squawkers I heard were
techies.

But when I revoke the certificate I issued to you, I will (hopefully)
know about it.  That type of revocation had better work.

> TLS/SSL is so complex that the bugs kept turning up.  someone at the
> labs even had a theoretical [impractical, but possible] an attack on it.
>
That was addressed and fixed.  I assume that real cryptographers know
what they are doing, the maths is too convoluted (life is too short)
for me to do it myself.  But I'm prepared to respect the experts with
a reputation (Steve Bellovin come to mind, but there are plenty
others).

If there is a preferable approach, it hasn't made any dent in my
awareness.  And I accept I'm not on the coal face, nor does "good"
imply "successful", nor do all clever schemes get published for the
health of the Internet (think NSA), still, if SSL could migrate to
TLS against entropy, maybe further migration towards greater entropy
is possible.

> that's why we don't use 2DES, 'cos there is theoretical attack where
> you meet in the the middle.  sure, it's costly, but the solution is to go
> to 3DES.  DES 'died' back in the early '90s (unless you were the NSA,
> where it probably died well before that).
>
DES has yet to be shown not to be intentionally back-doored.  But
respected encryption algorithms are ten-a-penny, to the great
confusion of those who have to make decisions and cannot possibly be
expected to know everything cryptographic.

I thought TLS used blowfish and that rijndael had been picked as the
final word in international trusted encryption schemes?

> once you had encrypted the 'crack' dictionary [~50k 'words'] with all
> the 4096 salts busting a password file with a shell script and took
> seconds.  generating the dictionary back then took a month.
>
Cracking the Unix security to read /etc/shadow or /etc/master.passwd
takes a different approach.  As you suggest, the solution should
be less expensive than the problem.  You forget that the price you
pay has little in common with the gains of your enemy.  That is
also an important factor.  I'm upgrading a site of some two hundred
users right now, with the option to change from DES to RC5 for
login passwords.  The trauma involved in the migration is going to
offset any possible security gain by orders of magnitude, specially
as the sharing of passwords seems more the norm than the exception
around here.  Why bother?

++L