Re: SSL and certificates

• To: "Jordyn A. Buchanan" <jordyn@bestweb.net>
• Subject: Re: SSL and certificates
• From: Michael Brennen <mbrennen@fni.com>
• Date: Thu, 29 Aug 1996 00:08:03 -0500 (CDT)
• cc: Jim Ratliff <jim@virtualperfection.com>, Www-Security@ns2.rutgers.edu
• In-Reply-To: <v03007802ae4ac37557f6@[208.197.0.24]>

On Wed, 28 Aug 1996, Jordyn A. Buchanan wrote:

> >>With a well designed system, including proper PGP key and passphrase
> >>management training to the client, the risks involved can be very greatly
> >>reduced so that the risks are almost certainly lower than any other use of
> >>CCs.
> >
> >I realize that this is a weak link (getting the CC# from server to
> >merchant), but are there well-established alternatives?
> >
> >E.g. are there versions of PGP that an ISP can install on a UNIX box in a
> >simple fashion?
> 
> Yes.  PGP has compiled out-of-the-box on all the systems I've tried it on.
> There are other alternatives as well:  you could set up a secret key with
> the merchant, for example, and simply use triple DES or IDEA on all the
> messages you sent them.

For a commercial application you will need to use ViaCrypt PGP.  There are
versions for Windows, Mac and many different flavors of Unix.  They don't
give out source; all distributions are binary. 

http://www.viacrypt.com/

One major reason for using PGP is the simplicity of key management.  In
DES or IDEA you need a secure channel to exchange keys.  With PGP, key
management becomes much simpler. 


> >And then what? Do you write as part of the order-taking form-processing cgi
> >a call to PGP before SENDMAIL?
> 
> That would work fine.  There is also at least one sendmail wrapper
> (pgpsendmail) that you could send the message to *instead* of sendmail,
> which would also invoke PGP before actually sending the message off.
> 
> PGP also works in a pipe mode so it would be possible to simply pipe the
> message through PGP on the way to sendmail.

I pipe it through PGP on the way to sendmail; pgpsendmail would also work. 


> As a sidenote, though, I'm not sure why Mr. Brennen considers e-mail on a
> disk to be more vulnerable to hacking than e-mail in transit.  If diskspace

1) Relative time of static exposure in a mailbox vs. transit time on a
link.  2) Mailboxes are known targets; they might as well have bullseyes
painted on them.

Sniffing and filtering a high speed link in the middle can certainly be
done.  The relative amount of data that has to be caught and filtered to
do so compared to breaking into a mail server would seem to me to send
most efforts down the path of least resistance. 


> is so easy to break into, presumably the hacker can simply modify the CGI
> application so they get a copy of all the credit card information.
> Obviously, administrative accounts are usually somewhat better defended
> than user accounts, but persumably its possible to put some protection on
> the merchant's accounts.

Perhaps true enough if they can get an account with sufficient priviledge. 
If the CGI is a large compiled binary and the source is not online it is
much harder to do this (admittedly not impossible).  CGI should not fall
under merchant protections.

   -- Michael

• Re: SSL and certificates
• From: "Jordyn A. Buchanan" <jordyn@bestweb.net>

• Previous: Re: SSL and certificates
• Next: Re: SSL and certificates
• Index(es):
  • Index
  • Thread