--- begin forwarded text Date: Wed, 30 Sep 1998 13:28:45 -0400 From: Richard Lethin <lethin@reservoir.com> Organization: Reservoir Labs, Inc. MIME-Version: 1.0 To: dcsb@ai.mit.edu Subject: [Fwd: EECS Colloquium Monday Oct 5] Sender: bounce-dcsb@ai.mit.edu Precedence: bulk Reply-To: Richard Lethin <lethin@reservoir.com> Status: U Return-Path: <elias@theory.lcs.mit.edu> Received: from LCS.MIT.EDU (mintaka.lcs.mit.edu [18.26.0.36]) by deer-park.reservoir.com (8.8.5/8.8.5) with SMTP id LAA16438 for <lethin@etcons.com>; Wed, 30 Sep 1998 11:34:14 -0400 (EDT) Received: from theory.lcs.mit.edu by MINTAKA.LCS.MIT.EDU id aa29635; 30 Sep 98 11:30 EDT Received: from osprey.lcs.mit.edu by theory.lcs.mit.edu (5.65c/TOC-1.2S) id AA03777; Wed, 30 Sep 98 11:29:45 EDT From: elias@theory.lcs.mit.edu (Peter Elias) Received: by osprey.lcs.mit.edu (5.65c/TOC-1.2C) id AA00821; Wed, 30 Sep 98 11:29:47 EDT Date: Wed, 30 Sep 98 11:29:47 EDT Message-Id: <199809301529.AA00821@osprey.lcs.mit.edu> To: eecsfaculty@eecs.mit.edu, seminars@lcs.mit.edu, ai-tech-sq@ai.mit.edu, joanne@theory.lcs.mit.edu, sgreen@ll.mit.edu, jsweeney@draper.com, kaths@lids.mit.edu, jc@cs.brandeis.edu, texasgal@mit.edu, bru@media.mit.edu, arthurs@mit.edu, dougross@mit.edu, finn@lids.mit.edu, roger@ipswitch.com Subject: EECS Colloquium Monday Oct 5 Appended is the notice of an EECS Colloquium by Radia Perleman, on Monday Oct. 5. Please post and/or forward as appropriate. Peter Elias ---------------------------------------------------------------------- MIT-EECS 1998 Fall Semester Colloquium Series How to Misuse Good Cryptography And Create Insecure Network Protocols Radia Perlman Boston Center for Networking SUN Microsystems ABSTRACT A common misconception is that security flaws involve abstruse mathematical weaknesses in cryptographic algorithms. While it is possible to have weak cryptographic algorithms, the world does not need insecure cryptographic systems in order to design, build, and deploy insecure network protocols. This talk discusses example mistakes people have made when designing or implementing network protocols. Examples include an e-mail standard that allowed forging of signatures, a public key scheme less secure than a secret key scheme, a system that thought encryption implied integrity protection, and public key chain rules that are unworkable in practice. October 5, 1998 4-5 pm Edgerton Hall, 34-101 (50 Vassar St) Refreshments at 3:45 ---------------------------------------------------------------------- --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'