"Steven M. Bellovin" wrote:

In message <iluof0gh7vy.fsf@latte.josefsson.org>, Simon Josefsson writes:

...

Of course, everything fails if you ALSO get your DNSSEC root key from the DHCP server, but in this case you shouldn't expect to be secure. I wouldn't be surprised if some people suggest pushing the DNSSEC root key via DHCP though, because alas, getting the right key into the laptop in the first place is a difficult problem.

I can pretty much guarantee that the IETF will never standardize that, except possibly in conjunction with authenticated dhcp.

Would this be the DHCP working group that on at least 2 occasions when I was there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't supposed to require "configuration"? And all I was proposing at the time was username, challenge, MD5-hash response (very CHAP-like). They can configure ARP addresses for "security", but having both the user and administrator configure a per host secret was apparently out of the question. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

On Monday 30 June 2003 20:59, Morlock Elloi wrote:

There is no such thing as "automatic security." That's an oxymoron.

Any system that is "secure" without the ongoing burn of end-user brain cycles is subject to more-or-less easy subversion [a corollary of this is that "masses" will never be in situation to be both (1) end users and (2) secure. One can be a product and secure at the same time without effort, though.]

Another corollary of your statements is that we can't have an AI monitoring Joe User's system to maintain security. No matter how smart a consumer-grade AI is, you have to assume the attackers will have AIs at least as smart, and dedicated to tricking the defensive AIs. The same applies to human users, of course, but humans are more unpredicable than a security AI is likely to be, and can be held responsible if they're tricked; if the security AI is tricked, the vendor might be held liable. Too bad; I've about come to the conclusion that Joe User is too dumb (ignorant, inattentive, careless; in a word, dumb) to secure his systems, and doesn't think it worth paying someone to do it for him. That's a bummer because no one is going to trust an electronic wallet on a machine which has a 50% chance of being 0wn3d any given month. I'd been thinking that programs might soon get smart enough to handle Joe's security work, but as a result of your message I'm less confident than I was. SRF -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman