Home page logo
/

interesting-people logo Interesting People mailing list archives

simple scenario ... Authenticating Hosts Via Self-Signed Certificates (New CMU Tool)
From: David Farber <dave () farber net>
Date: Fri, 15 Aug 2008 10:00:37 -0400



Begin forwarded message:

From: Scott Moskowitz <scott () bluespike com>
Date: August 15, 2008 9:21:32 AM EDT
To: David Farber <dave () farber net>, Lauren Weinstein <lauren () vortex com>
Subject: simple scenario ... [IP] Authenticating Hosts Via Self- Signed Certificates (New CMU Tool)

Lauren:

Thank you for pointing this out.

A simple scenario - what would be the consequence of using a self- signed certificate to pay your ISP it's monthly bill ... No need for third party verification, per se (so long as your bank does not stop payment, I suppose), but *defining* a "network" using self-signed payment certificates vis-a-vis how the ISP is interpreting your use of *the* "network" would seem to give further granularity to what we pay for when we consume bandwidth & the related issue - how is bandwidth best measured?

I'll assume the scalability here is similar to other distributed trust models such as PGP ... Is that a fair assumption?

We created basic bandwidth certificates to work with bandwidth securitization instruments (X.509 with bandwidth reservation/diffQoS) as a mechanism to purchase "network" bandwidth - under the assumption that some bits are more valuable to the user or provider than others. The related issues is matching infrastructure cost to the packet flow. At one time the processing was too costly - 1996 - but this is a great example of how users can balance their network access & use with the ISP's interpretation of what constitutes the user's network access & use.

Sincerely,
Scott Moskowitz
http://www.bluespike.com/

On Aug 15, 2008, at 3:22 AM, David Farber wrote:



Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: August 15, 2008 2:50:33 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Authenticating Hosts Via Self-Signed Certificates (New CMU Tool)


      Authenticating Hosts Via Self-Signed Certificates (New CMU Tool)

                 http://lauren.vortex.com/archive/000414.html


Greetings.  I have strongly argued for the expanded use of
self-signed security certificates, and against the multiple alarming
hoops that Firefox 3 now puts in the way of their use
( http://lauren.vortex.com/archive/000402.html ).  I consider
self-signed certificates to be an extremely valuable mechanism
toward the deployment of pervasive Internet encryption, despite
their native inability to provide host authentication in the manner
of (usually commercial) certificates signed by traditional external
authentication entities.

So I'm especially pleased to learn of a new tool -- "Perspectives" --
from CMU, that may offer a means to provide a very useful level of
host authentication while still permitting the use of free
self-signed certificates ( http://www.cs.cmu.edu/~perspectives ).

If you're interested in security and the wider adoption of
encryption as a default state on the Net, you might wish to explore
this development.  I'd be interested in hearing your opinions
regarding the techniques described, both pro and con.  Thanks.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
 - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
 - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
  • simple scenario ... Authenticating Hosts Via Self-Signed Certificates (New CMU Tool) David Farber (Aug 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]