[18307] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Aaron Whitehouse)
Sat Aug 27 09:46:50 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 27 Aug 2005 12:24:24 +1200
From: Aaron Whitehouse <lists@whitehouse.org.nz>
To: cryptography@metzdowd.com
In-Reply-To: <430E302A.2060008@systemics.com>
This is a cryptographically signed message in MIME format.
--------------ms060100030805020403080605
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Ian G wrote:
> Using SSL is the wrong tool
> for the job. It's a chat message - it should be
> encrypted end to end, using either OpenPGP or
> something like OTR. And even then, you've only
> covered about 10% of the threat model - the
> server.
>
> But, if people do use the wrong tool for the
> job, they will strike these issues...
Wasn't this the reason that Silc (http://www.silcnet.org) was born?
Because the attempts to add security as an overlay onto existing IM was
the wrong way to approach the problem?
Personally I use Silc for my secure conversations; I wouldn't feel much
safer at all if my connection to the Microsoft server was the only part
of my message encrypted.
Aaron
--------------ms060100030805020403080605
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJSzCC
AwAwggJpoAMCAQICAw0yMzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQxMDA4MjIwOTQxWhcNMDUxMDA4MjIwOTQx
WjBuMRMwEQYDVQQEEwpXaGl0ZWhvdXNlMREwDwYDVQQqEwhBYXJvbiBBLjEcMBoGA1UEAxMT
QWFyb24gQS4gV2hpdGVob3VzZTEmMCQGCSqGSIb3DQEJARYXbGlzdHNAd2hpdGVob3VzZS5v
cmcubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzHwQUPO7baDtopk6SPNXQ
xQGf6leNCJJC3uSdjB+sPSMkSN0ehdkP/enr+4vl/G72I6lq94ZhC0fStsgtLJXbd7p7nbB0
rp/+TvZ4bXpZO94C+47Mxi8K+R3yPjPDpZB3kPGuiV8I5jSUH5OYZ8cyme5xjNKoqTojLRaI
U7QLqhet/TEl2+i26yvvslLmjKsZbW3wQibvNPqgXkibrTGWUbXBqtGKyNYQvJaaDLCVEDaJ
zebprD0C5hSSjp0e8tF0ZrlXNwgWsvxostn7WBi4Onw7hRu+cP8b6mQY9MRXyeZOItVP02Ii
UTcKPmxwMC6Su0IZMP8hFt5je5cLZTbHAgMBAAGjNDAyMCIGA1UdEQQbMBmBF2xpc3RzQHdo
aXRlaG91c2Uub3JnLm56MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEALUgi+5m5
a29m/N90jFGq2MhTPTagybpkmfLOJLltkkEQXTkjb/CzZDsb08Kh3yslifQpVECY/CfWgpqC
MUVGxNicG8BeH1jlKS/xc6mt5mBAP6HOpIV5d/dYUNvZxBT0ufLAgvA6bzhC8zyUB+a7J17H
NXOC+4XX40V9Uu8M9towggMAMIICaaADAgECAgMNMjMwDQYJKoZIhvcNAQEEBQAwYjELMAkG
A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV
BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MTAwODIyMDk0
MVoXDTA1MTAwODIyMDk0MVowbjETMBEGA1UEBBMKV2hpdGVob3VzZTERMA8GA1UEKhMIQWFy
b24gQS4xHDAaBgNVBAMTE0Fhcm9uIEEuIFdoaXRlaG91c2UxJjAkBgkqhkiG9w0BCQEWF2xp
c3RzQHdoaXRlaG91c2Uub3JnLm56MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sx8EFDzu22g7aKZOkjzV0MUBn+pXjQiSQt7knYwfrD0jJEjdHoXZD/3p6/uL5fxu9iOpaveG
YQtH0rbILSyV23e6e52wdK6f/k72eG16WTveAvuOzMYvCvkd8j4zw6WQd5DxrolfCOY0lB+T
mGfHMpnucYzSqKk6Iy0WiFO0C6oXrf0xJdvotusr77JS5oyrGW1t8EIm7zT6oF5Im60xllG1
warRisjWELyWmgywlRA2ic3m6aw9AuYUko6dHvLRdGa5VzcIFrL8aLLZ+1gYuDp8O4UbvnD/
G+pkGPTEV8nmTiLVT9NiIlE3Cj5scDAukrtCGTD/IRbeY3uXC2U2xwIDAQABozQwMjAiBgNV
HREEGzAZgRdsaXN0c0B3aGl0ZWhvdXNlLm9yZy5uejAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
DQEBBAUAA4GBAC1IIvuZuWtvZvzfdIxRqtjIUz02oMm6ZJnyziS5bZJBEF05I2/ws2Q7G9PC
od8rJYn0KVRAmPwn1oKagjFFRsTYnBvAXh9Y5Skv8XOpreZgQD+hzqSFeXf3WFDb2cQU9Lny
wILwOm84QvM8lAfmuydexzVzgvuF1+NFfVLvDPbaMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG
9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UE
BxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2Vy
dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
Y29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAj
BgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1os
iRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XR
xSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAw
QwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFs
RnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQ
cml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+
whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfb
J3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9l
TzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0
aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1
aW5nIENBAgMNMjMwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDUwODI3MDAyNDI0WjAjBgkqhkiG9w0BCQQxFgQUeNC08XpXMGuL
gn2nNTZJGMh8yvwwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC
AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAE
MWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw0y
MzB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMNMjMwDQYJKoZIhvcNAQEBBQAEggEAI1fns69UHv02HhkDKP6ll1o/
8k6uS4N8faCmDvCOpUmK5DchN147aW7E7DSw+8IMk5tJVSHRM5PNGlRKejJIHdQS6fSUQ4eN
78y0glw4AntK+kCwr+kxnn0qhWgaPRNowjuYalYJOdwt5uNrkxsDO8+BsIVuwcteCXQkpH3H
p5ptVpxf0T2rfURadzI0YEFA0/05iOKrXBuspVxEGu5Y2LpILMKlvSDMc6wrYXuzqBjgG1up
644eC51PSP3rB4xdnG/pUOD7Shfn8vfZsU2JOJCbFvgvDTBY8TfotZTNdyP5XKh355Rg5b83
ghtlXvF9zr/1TvPmg12BnU+cothHXAAAAAAAAA==
--------------ms060100030805020403080605--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
