Clarification of my remarks about Netscape

Perry E. Metzger perry at imsi.com
Mon Dec 12 14:43:55 PST 1994



"Kipp E.B. Hickman" says:
> First of all, lets start with "not wanting to secure the transport
> layer". Right now email, passwords, etc. can be read off of the
> internet in the clear providing no measure of privacy at all. I
> believe the SSL protocol solves this problem.

First of all, Mr. Hickman, you might notice that I said that
encryption is needed for privacy. However, transport layer security is
far from sufficient for the web because it DOES NOT SECURE THE
DOCUMENTS. The fact that you mention email and SSL in the same
paragraph demonstrates an ignorance of this topic. Because email is
store and forward transport layer encryption mechanisms are worthless
-- they only say that no one could read the last hop and in no way do
they secure the documents themselves. Thats why PEM was
developed. There is now a merger of PEM and MIME that is soon going to
be a proposed internet standard following the last IETF meeting.

Indeed, Mr Hickman, had you and your friends at Netscape been paying
attention instead of rolling your own, you might have noticed that
IPSP prototypes are around TODAY and that transport layer mechanisms
are going to become rapidly obsolete for securing the communications
themselves. You can find a version of swIPe, which is not quite IPSP
but is fairly similar (and which is being hacked on so that it will
conform) on ftp.csua.berkeley.edu; its even modloadable on Suns. Thats
available TODAY.

> In some future land where IPNG or it's cousin's appear, then maybe
> SSL will be unnecessary.

Even were transport layer security needed, there are many other
protocols for doing the exact same thing -- your solution is hardly
new or interesting. Why not use an existing one instead of rolling Yet
Another One? Of course, as I've repeatedly mentioned, network layer
security is being used by many people today and will be standardised
very soon -- probably before SSL.

> Finally, the system is perfectly usable in a proxy environment.

Sheer ignorance. In your system I must trust each and every hop
between myself and the document, and I must also trust all the
servers. With public key signatures on the documents themselves, as
Amanda Walker mentioned, you then need trust nothing at all in order
to know that documents are authentic.

> Secondly, SSL is not an end, but a beginning. Instead of waiting 10
> more years before the standards process gets around to inventing
> some old technology and codifying it, we have put something out.

I'm afraid that your technology is the old one, and as for "putting
something out", as I mentioned network layer solutions are available
for ftp TODAY. In source form. Immediately. Oh, and by the way, they
don't incorporate such useless abortions as 40 bit RC4 keys.

> We have made the protocol public instead of propreitary

IPSP is also public. So what?

> > > >	It is also
> > > >     tied directly to the RSA certification hierarchy.
> >
> > I'll point out that X.509 is widely loathed in the internet community
> > -- its X.509 that caused PEM to fall flat on its face and die.
> 
> Loathed for what reason? Because it's a standard?

We also loathe CLNP. Do you propose to do all your network layer
communications over CLNP because it, too, is an ISO standard? ISO
standards are universally loathed in the internet community -- and for
good reasons. Lets take X.509 as one example.

X.509 is tied into X.500 distinguished names. They are

1) Bulky
2) Do not map into DNS names
3) Cannot be mapped into the DNS.
4) Do not support the web of trust model.
5) Are difficult to build parsers for
6) Require bulky and often expensive X.500 directory systems to use
   effectively.

> You are whining.

No, I am correct. You are ignorant of the community you are working with.

> > Well, TCP/IP is available for free, but thats a horse of a different
> > color. I don't particularly like your security model, but I don't
> > object that strenuously to your use of TIPEM qua TIPEM. I do strongly
> > object to X.509, which is based on technologies entirely alien to the
> > internet. How do I look up an X.509 certificate in the DNS? Now, given
> > the Eastlake and Kaufman DNS security system, you can put keys in the
> > DNS if you use DNS names, but X.509 uses abortive ISO distinguished
> > names which are utterly unmappable into the DNS.
> 
> Now this is a good point. This is the kind of space that the
> internet is heading into. How does authentication work in the larger
> scheme? We at Netscape have tackled a small piece of the problem
> space. But the larger picture remains unsolved.

I'm afraid the larger picture has been solved -- you just haven't been
the ones solving it and you haven't been paying attention to the
other people doing work in this area.

> Discussions about how to do this are welcome. Using DNS style
> technology sounds like a good place to start.

Perhaps if you guys had bothered to attend some of the security area
meetings at an IETF or two and read up on existing art you would have
already known about this topic.

> In addtion, discussing how to solve the "DNS" problem would be
> profitable for all.

The solution is easy -- don't use X.509 certificates.

Perry






More information about the cypherpunks-legacy mailing list