Re: N$ SSL vs M$ PCT

• To: www-security@ns2.rutgers.edu
• Subject: Re: N$ SSL vs M$ PCT
• From: maracchini_dave <a-davem@ac.tandem.com>
• Date: Thu, 12 Oct 1995 14:03:44 -0700
• Cc: a-davem@ac.tandem.com

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
--------
>    ----- Transcript of session follows -----
> 421 Host mailhost.tandem.com not found for mailer tcp.
> 550 <adam@bwh.harvard.edu>,<www-security@ns2.Rutgers.EDU>,<langford_susan@tandem.com>... Host unknown
> 
>    ----- Unsent message follows -----
> Received: by aladdin.ac.tandem.com (4.1/6main.931028)
> 	id AA10501; Thu, 12 Oct 95 13:55:26 PDT
> Message-Id: <9510122055.AA10501@aladdin.ac.tandem.com>
> X-Mailer: exmh version 1.6.1 5/23/95
> To: adam@bwh.harvard.edu
> Cc: www-security@ns2.rutgers.edu, langford_susan@tandem.com
> Subject: Re: N$ SSL vs M$ PCT
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Date: Thu, 12 Oct 1995 13:55:25 -0700
> From: maracchini_dave <a-davem@ac.tandem.com>
> 
> 
> ------- Forwarded Message
> 
> Return-Path: daemon
> Received: by aladdin.ac.tandem.com (4.1/6main.931028)
> 	id AA09859; Thu, 12 Oct 95 13:28:51 PDT
> Date: Thu, 12 Oct 95 13:28:51 PDT
> From: Mailer-Daemon@ac.tandem.com (Mail Delivery Subsystem)
> Subject: Returned mail: Host unknown
> Message-Id: <9510122028.AA09859@aladdin.ac.tandem.com>
> To: <a-davem@ac.tandem.com>
> 
>    ----- Transcript of session follows -----
> 421 Host mailhost.tandem.com not found for mailer tcp.
> 550 <adam@bwh.harvard.edu>,<www-security@ns2.Rutgers.EDU>
> ,<langford_susan@tandem.com>... Host unknown
> 
>    ----- Unsent message follows -----
> Received: by aladdin.ac.tandem.com (4.1/6main.931028)
> 	id AA09856; Thu, 12 Oct 95 13:28:51 PDT
> Message-Id: <9510122028.AA09856@aladdin.ac.tandem.com>
> X-Mailer: exmh version 1.6.1 5/23/95
> To: Adam Shostack <adam@bwh.harvard.edu>
> Cc: www-security@ns2.rutgers.edu, langford_susan@tandem.com
> Subject: Re: N$ SSL vs M$ PCT 
> In-Reply-To: Your message of "Tue, 10 Oct 1995 12:36:04 EDT."
>              <199510101636.MAA11844@leonardo.bwh.harvard.edu> 
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Date: Thu, 12 Oct 1995 13:28:26 -0700
> From: maracchini_dave <a-davem@ac.tandem.com>
> 
> > Bennet Yee writes:
> > 
> > | So, you're right, but the point that you're making is well known.
> > | All protocols, including PCT, cannot stand if their cryptographic
> > | keys are carelessly reused in other protocols.  However, I don't
> > | think that you should be pointing your finger at all these protocols
> > | and declaring that there is a fundamental failure; perhaps the
> > | problem is really more of a lack of communication between
> > | cryptographic protocol designers and non-cryptographers such as
> > | yourself.  Crypto people assume that the implementers won't do the
> > | wrong thing (e.g., use good, cryptographically secure pseudo-random
> > | number generators that are seeded properly with a seed of sufficient
> > | length whenever appropriate, not dump core when given unexpected
> > | inputs, etc) when their protocols are cast into code; sometimes
> > | that's an invalid assumption.
> >
> > Your response:
> > 
> > 	The failure of a protocol to specify important facts known to
> > its designers is a specifications failure.  The lack of communication
> > you refer to needs to be addressed in the documents that implementors
> > are most likely to read, ie, the specifications. As Ross Anderson
> > points out in his 'Why Cryptosystems Fail' paper, the assumption by
> > cryptographers that the programmers will know how to write security
> > code does not hold up in the real world.
> > 
> > 	Until and unless there is a body of knowledge out there in the
> > general programing community, it behooves the designers of secure
> > protocols to specify (possibly by reference) as much as possible.
> > 
> > Adam
> > 
> > -- 
> > "It is seldom that liberty of any kind is lost all at once."
> > 					               -Hume
> > 
> 
> 
> Well stated, Adam.  It's one of the points re my "holes big enough to
> drive a truck through" comment. But, as I said earlier, and so as not to
> have an "out of context" comment re this thread, I'll defer any further
> comment to a future posting.
> 
> Dave 
> 
> David J. Maracchini -- Atalla Corporation (division of Tandem Computers Inc)
> a-davem@ac.tandem.com
> 
> 
> 
> ------- End of Forwarded Message
> 
> 
> 
> David J. Maracchini -- Atalla Corporation (division of Tandem Computers Inc)
> a-davem@ac.tandem.com
> 
> 


David J. Maracchini -- Atalla Corporation (division of Tandem Computers Inc)
a-davem@ac.tandem.com

• Previous: Re: NY Times Article
• Next: Re: New York Times article
• Index(es):
  • Index
  • Thread