Ed Gerck wrote:
>  To subscribe to trust-ref, you can use the form available at:
>    http://www.mcg.org.br/cgi-bin/lwg-mcg/TRUST-REF/subscribe.html
>  or, send an e-mail with only
>    subscribe
>  in the body to majordomo@...

The email message needs to read

	 subscribe trust-ref

instead of simply

	 subscribe

or an error is returned from Majordomo (unknown list "").

Look forward to reading.


  :: Jim
  :: www.Softscape.com

==original-message-reads=========================

List:

Without trust, no one could ever use cryptography for security or
privacy [1]. Even in face-to-face communication one needs to trust
the other party in several aspects. Trust seems to be fundamental to
our social and cyber interactions, commerce and e-commerce alike.

And yet, what is trust? How different people evaluate trust? Can
trust be represented in an Internet protocol? In e-commerce, as it is
in age-old commerce? What is the interplay between trust and power,
assurance, confidence, belief, risk, accuracy, reliance, privacy,
security?

The very nature of these questions begs for a wide discussion forum,
with open participation. However, such discussions have been too
limited in scope and reach, so far. The list trust-ref is a new open
forum for discussions on trust -- which intends to discuss not only
our current questions of how to bind a system of trust to the design
of security systems but also all other aspects of trust, such as:

- trust, what is trust and how it can be defined socially,
   on the Internet and in-between

- trust modelling: objective, intersubjective and subjective
   stances

- using trust to provide qualified reliance on received
   information

- international legal aspects of reliance and derived
   commitments and liabilites

- expressing trust: certificate semantics, new certification
   standards, authorization and delegation, cerimonies,
   non-repudiation and repudiation, etc.

- applications of trust: X.509, PKIX, PGP, MCs, CA CPS, etc.

- other matters related to trust and trust modelling



To subscribe to trust-ref, you can use the form available at:

http://www.mcg.org.br/cgi-bin/lwg-mcg/TRUST-REF/subscribe.html

or, send an e-mail with only

  subscribe

in the body to majordomo@...

The list trust-ref also actively doubles as an HTML searchable
repository (hence the name ref). The trust-ref search engine is
available at: http://www.mcg.org.br/search.htm

The list trust-ref is hosted as a free service to the Net community,
available to all interested parties and inviting discussions on the
broad aspects of trust.


Thank you!


Ed Gerck

============================================
[1] Some open questions are: Is that key from the actual sender? Is
the key valid at this very moment and for the purpose I want to use
it? Is the sender's private-key known to others, witttingly or not to
the sender? Can someone else have access to my messages after
decryption? Who else may influence the contents of messages sent to
me?

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@...
http://novaware.cps.softex.br

==end-original-message=========================

List:

Without trust, no one could ever use cryptography for security or
privacy [1]. Even in face-to-face communication one needs to trust
the other party in several aspects. Trust seems to be fundamental to
our social and cyber interactions, commerce and e-commerce alike.

And yet, what is trust? How different people evaluate trust? Can
trust be represented in an Internet protocol? In e-commerce, as it is
in age-old commerce? What is the interplay between trust and power,
assurance, confidence, belief, risk, accuracy, reliance, privacy,
security?

The very nature of these questions begs for a wide discussion forum,
with open participation. However, such discussions have been too
limited in scope and reach, so far. The list trust-ref is a new open
forum for discussions on trust -- which intends to discuss not only
our current questions of how to bind a system of trust to the design
of security systems but also all other aspects of trust, such as:

- trust, what is trust and how it can be defined socially,
   on the Internet and in-between

- trust modelling: objective, intersubjective and subjective
   stances

- using trust to provide qualified reliance on received
   information

- international legal aspects of reliance and derived
   commitments and liabilites

- expressing trust: certificate semantics, new certification
   standards, authorization and delegation, cerimonies,
   non-repudiation and repudiation, etc.

- applications of trust: X.509, PKIX, PGP, MCs, CA CPS, etc.

- other matters related to trust and trust modelling



To subscribe to trust-ref, you can use the form available at:

http://www.mcg.org.br/cgi-bin/lwg-mcg/TRUST-REF/subscribe.html

or, send an e-mail with only

  subscribe

in the body to majordomo@...

The list trust-ref also actively doubles as an HTML searchable
repository (hence the name ref). The trust-ref search engine is
available at: http://www.mcg.org.br/search.htm

The list trust-ref is hosted as a free service to the Net community,
available to all interested parties and inviting discussions on the
broad aspects of trust.


Thank you!


Ed Gerck

============================================
[1] Some open questions are: Is that key from the actual sender? Is
the key valid at this very moment and for the purpose I want to use
it? Is the sender's private-key known to others, witttingly or not to
the sender? Can someone else have access to my messages after
decryption? Who else may influence the contents of messages sent to
me?

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@...
http://novaware.cps.softex.br

List:

New documents on Security, Internet and Cryptography are available at
the MCG website, at http://www.mcg.org.br/new.htm. The website has
received more than 319,000 hits since May/97 and provides an open
international forum for discussions with the mcg-talk list, with
participants from more than 26 countries. For a current list of the
top 10 documents being visited at the site, please see
http://www.mcg.org.br/top10.htm


Thanks,

Ed Gerck

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@...
http://novaware.cps.softex.br

What would be the address of the mailing list? ssl-talk@...?

Suresh Natarajan
Thomson Consumer Electronics
(317) 587 4006
natarajans@...

> -----Original Message-----
> From: Alicia da Conceicao [SMTP:alicia@...]
> Sent: Wednesday, November 11, 1998 11:51 AM
> To: Nelson B. Bolyard; ssl-talk@...
> Subject: Reminder: replacement ssl-talk mailing list available!
>
> Nelson B. Bolyard wrote:
> > This is a reminder that Netscape's ssl-talk mailing list is going away
> > this Sunday, November 15.
> > It has been replaced by a newsgroup named netscape.dev.ssl which started
> > several weeks ago.
>
> This is also a reminder that the replacement SSL mailing list is up and
> running at engine.ca.  To subscribe simply send e-mail to:
>
>  ssl-subscribe@...
>
> or click on the link:
>
>  mailto:ssl-subscribe@...
>
> As with the older SSL-Talk mailing list, the purpose of this mail mailing
> list is to discuss any SSL & TLS related issues.  Mailing lists have many
> advantages over newsgroups, including: posting without fear of spam, the
> easy ability of subscribers to achieve messages, and easier access
> (especially through firewalls).
>
> Yours truly, Alicia. << File: Card for Alicia da Conceicao >>

Thanks, Alicia.

I tried to subscribe to the news group but our internal policy and firewall
forbids any such access to the newsgroups. I have sent my request to subscribe
to the address below.

Thanks,
Michael

------------------------------------------------------------------
Through Truth comes Wisdom and Honor becomes Strength.


                  \||/
                  |  @___oo
        /\  /\   / (__,,,,|  >^>^>^>^>^>
       ) /^\) ^\/)_)  \___  >^>^>^>^>^>^>
       )   /^\/  )_)         >^>^>^>^>^>
       )   _ /  /)_)
   /\  )/\/ ||  | )_)
  <  >      |(,,) )__)         michael_silveus@...
   ||      /    \)___)\        http://www.pairgain.com
   | \____(      )___) )___
    \______(_______;;; __;;;

Chivalry is not dead so long as there are those who wish to keep it alive.


>>> Alicia da Conceicao <alicia@...> 11/11 8:57 AM >>>
Nelson B. Bolyard wrote:
> This is a reminder that Netscape's ssl-talk mailing list is going away
> this Sunday, November 15.
> It has been replaced by a newsgroup named netscape.dev.ssl which started
> several weeks ago.

This is also a reminder that the replacement SSL mailing list is up and
running at engine.ca.  To subscribe simply send e-mail to:

	 ssl-subscribe@...

or click on the link:

	 mailto:ssl-subscribe@...

As with the older SSL-Talk mailing list, the purpose of this mail mailing
list is to discuss any SSL & TLS related issues.  Mailing lists have many
advantages over newsgroups, including: posting without fear of spam, the
easy ability of subscribers to achieve messages, and easier access
(especially through firewalls).

Yours truly, Alicia.

Nelson B. Bolyard wrote:
> This is a reminder that Netscape's ssl-talk mailing list is going away
> this Sunday, November 15.
> It has been replaced by a newsgroup named netscape.dev.ssl which started
> several weeks ago.

This is also a reminder that the replacement SSL mailing list is up and
running at engine.ca.  To subscribe simply send e-mail to:

	 ssl-subscribe@...

or click on the link:

	 mailto:ssl-subscribe@...

As with the older SSL-Talk mailing list, the purpose of this mail mailing
list is to discuss any SSL & TLS related issues.  Mailing lists have many
advantages over newsgroups, including: posting without fear of spam, the
easy ability of subscribers to achieve messages, and easier access
(especially through firewalls).

Yours truly, Alicia.

Dear ssl-talk readers:

This is a reminder that Netscape's ssl-talk mailing list is going away this
Sunday, November 15.

It has been replaced by a newsgroup named netscape.dev.ssl which started several
weeks ago.

You can access netscape.dev.ssl by several means.

1. With Netscape Communicator, you can read and contribute to this newsgroup via
Netscape's secure
NNTP server, using this URL: snews://secnews.netscape.com/netscape.dev.ssl

2. With any browser, you can read it on the dejanews website, using this URL
(among others):
http://www.dejanews.com/dnquery.xp?QRY=%7Eg+netscape.dev.ssl&DBS=1

The dejanews website serves as the archive for this newsgroup.  In addition, you
can contribute to the newsgroup from that web site.  I've been told that you can
even get the dejanews website to email messages from that newsgroup to you as
they arrive, although I've not actually tried that out.

---
Nelson Bolyard - SSL Developer, ssl-talk list admin
Disclaimer:  I speak only for myself, not for Netscape.


HotBot - Search smarter.
http://www.hotbot.com

On Sun, 08 Nov 1998 15:07:30   Christian Bretting wrote:

> Can anybody tell me where to find the old SSL 2.0
> Specification?
> Thanks.

http://home.netscape.com/eng/security/

is the page with links to all the SSL standards.

---
Nelson Bolyard - SSL Developer, ssl-talk list admin
Disclaimer:  I speak only for myself, not for Netscape.




HotBot - Search smarter.
http://www.hotbot.com

>Thank you for your help. I have got those tools. Thanks.
>I know little about SSL and certificate, now i have some questions:
>
>I parsed a certificate like this: but i don't know what's the meaning of "30
>82" and "31", can you help me.

You can use dumpasn1, http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c and
dumpasn1.cfg to display certificates (and anything else) in a variety of
formats.

Peter.

I have rich knowledge of what is present regarding SECURITY ISSUES where on the net.

With Loving Regards
Sree

http://www.netscape.com/newsref/std/SSL_old.html
http://www.cs.bris.ac.uk/~bradley/publish/SSLP/Appendix/SSL_old.html

Hello Bretting,

Here are some links to the Old SSL i.e. before v3.0
Does this serve your purpose.

I am newly joined into this mail list.  I am interesting in mastering
Security Concepts.
I am a Biomedical Engineer with PostGraduate Diploma in Computer
Application and
in software field for the past 3 1/2 years.  My past experience includes
Assembly Language
(intel 80x86), BASIC, C, C++.  For the last one year I am working in
Java. Presently,
for Javasoft, Sun Microsystems from India.
May you please help me where to START TO MASTER security concepts,
methodologies, etc.,?

I am also including the above referred .html file.

With Loving Regards
Sree

Thank you for your help. I have got those tools. Thanks.
I know little about SSL and certificate, now i have some questions:

I parsed a certificate like this:
30 82 01 5a
      30 82 01 04
     ...
      30 2c
           31 0b

but i don't know what's the meaning of "30 82" and "31", can you help
me.

Best regards and thanks.

Zheng

Can anybody tell me where to find the old SSL 2.0 Specification?

Thanks.

--

Christian Bretting
-----------------------------------------------
bretting@...
bretting@...
-----------------------------------------------
10, Alexander Straat
Stellenbosch 7600
South Africa
-----------------------------------------------
We do not attempt things because they are easy,
but because they are hard,
and in that way we achieve greatness.       JFK
 

Dear  Friends:
I'm student from Ecuador (South America )
I ' ve been searching information all around the web, but i didn't find
it, i need
your help inmediately, because of this depends my Engineering degree.

I  need to bill a safe  inscription  system  for my university, so that
the payment will be with the us of a credit card.

  somebody can give me a great idea  with respect to this subject.
What do i need:
     plattform
      hardware
      software
      etc

I don't know if i have to bill  SSL, SET  in my web page, or if there is
a software can handle it .
Does anybody knows the answer ?

Please, send me any information , that i  need with sum urgency

Thanks

Rene Carvajal

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

I have been working on getting the SSL3 client working using the Netscape
SSLREF_300 code.  I have made progress but still no success.  The current
problem occurs after receiving the certificate from the server.  The call
stack is:

SSLHandshake
SSLHandshakeProceed
SSLProcessProtocolMessage
SSLProcessHandshakeRecord
SSLProcessHandshakeMessage
SSLProcessCertificate
X509VerifyCertChain
X509VerifySignature
X509CompareNames

where the code finds that the parent->subject->rdNameCount is not equal to
child->issuer->rdNameCount!  At this depth, I have no idea why they are
different.  Any ideas, anyone?

TIA

Charlie Matheny

Sorry for my mistake!

You are right. It's a SECRET key which is generated by client and send
to server
with PUBLIC key server encapsulation!!!!
See changes in my previous explanation here after:


> attila@... wrote:
> >
> > W.r.t. http://home.netscape.com/eng/ssl3/index.html, I'm unclear as to
> when
> > RSA public/private key encryption is used versus when symmetric keys,
> and
> > when they are not.
> >
> > In the following exchange between client and server during the
> handshake
> > (negotiation) phase of the protocol, is each exchange encrypted via
> RSA
> > public key at the source and decrypted via RSA private key at the
> > destination?
> >
> > For example, when the client sends the ClientHello message, is it
> encrypted
> > with the server's public key? Subsequently in the server's response
> > messages, are the ServerHello, Certificate, ServerKeyExchange, etc.
> > messages collected into one record, encrypted with the client's public
> key
> > and forwarded to the client?
> >
>
> Stop!
> The client hello is a clear message without any encryption. It contains
> the cipher
> suite preference the client want to use. The server analyses it and
> sends its own
> cipher suite preference choosen between client propositions, in the
> server hello message,
> which is a clear message too.
> In case of server autentication which is mandatory in SSL, the server
> sends its
> certificate which contains its public key, and server hello done.
>
> Then, the client knows now :
>         - which ciphers the server accepts
>         - the server certificate

/**************** Changes:

So it generates a (false:PRIVATE) secret KEY encapsulated with the
PUBLIC KEY of server
> issued
> from server certificate. It can be RSA PUBLIC KEY or other according to
> server
> preference.
The server receives the (false:PRIVATE) secret KEY generated by client
for the session
> and used
for data encryption, after HANDSHAKE PART. This (false:PRIVATE) secret
KEY is encrypted
> with its
own PUBLIC KEY so the server uses its correspondant PRIVATE KEY (here
it's the good word!!!)to
> decrypt it.
Then the (false:private) secret key exchange is done securely.

End of changes ****************/


> We must add that all handshake messages are "manipulated" to do a MAC to
> certify
> that nobody substitute a message towards client or server. This MAC is
> sent in Finished
> messages.
>
> I hope this explanation will help you.
>
> >    Client                                                Server
> >
> >    ClientHello                   -------->
> >                                                     ServerHello
> >                                                    Certificate*
> >                                              ServerKeyExchange*
> >                                             CertificateRequest*
> >                                  <--------      ServerHelloDone
> >    Certificate*
> >    ClientKeyExchange
> >    CertificateVerify*
> >    [ChangeCipherSpec]
> >    Finished                      -------->
> >                                              [ChangeCipherSpec]
> >                                  <--------             Finished
> >    Application Data              <------->     Application Data
> >
> > >From all my readings, it is unclear when and where the public/private
> keys
> > are being used? On which messages?
> >
> > I understood that since RSA (public/private) key encryption and
> decryption
> > is so time consuming, it is only used during the exchange of secret
> > information in the handshake phase. During this handshake phase
> sufficient
> > information is exchanged between the client and server so as to
> dynamically
> > generate a symmetric key with which both client and server application
> data
> > is passed back and forth securely, efficiently (ie: more efficiently
> than
> > using RSA key encryption).
> >
> > Thanks for any clarification
>
> --
> ------- Nathalie LE BERRE  ------------BULL SA/SD/CS----------
> Tel: 01 30 80 79 78 (237 7978)     Rue Jean-Jaures
> Fax: 01 30 80 65 40 (237 6540)     78340 Les Clayes-Sous-Bois
> mailto:NATHALIE.LE-BERRE@...  Implantation : FRCL E1-1A-39







--
------- Nathalie LE BERRE  ------------BULL SA/SD/CS----------
Tel: 01 30 80 79 78 (237 7978)     Rue Jean-Jaures
Fax: 01 30 80 65 40 (237 6540)     78340 Les Clayes-Sous-Bois
mailto:NATHALIE.LE-BERRE@...  Implantation : FRCL E1-1A-39

On Wed, 4 Nov 1998, Eric Norman wrote:

>> Identification is often understood as an act of identifying, or of
>> establishing an identity. Identity is usually defined as "the
>> distinguishing character or personality of an individual" [1].
>
>What most people seem to mean by "identifying information" is:
>"Enough information so that we can track you down and prosecute you".

Which can never be guaranteed -- neither who the "you" really is.
Hence, the proposal is to change focus: first deal with
identification (as measured by coherence) and then define identity by
the resulting nexus.

This is just a logical order.

>
>> This essay begins with a suggestion to revisit the concept of
>> identification -- what is identification, that we can identify it?
>
>Here's a (key-centric) suggestion: an "identity" is just a public key;
>nothing more.

A public-key can be revoked, compromised, copied. Identification can
an often times must be more permanent. Further, a public-key has no
binding to a legal person so it is not useful as legal
identification.

However, a public-key can supply connections that can be proved --
hence can be useful to increase coherence. It can be useful in
identification, by itself or in combination.

>
>> What is "to identify"? I posit that "to identify" is to look for
>> connections. Thus, in identification we look for logical or natural
>> connections. For example:
>>
>> Do you, the reader, agree?
>>
>> If you agree you have just identified. If you do not agree, likewise
>> you have identified. The essence of identification is thus to find
>> connections -- where absence of connections also counts.
>
>I will posit that most of the connections that you care about are
>associations between identity and privilege.

Depends on the "you", but please not that privilege is also an
identification per se -- so privilege can also be defined by
measuring coherence.

> In other words, the
>question you really want the answer to is: "Does that entity on
>the other end of the wire have permission to do what it is asking?"
>
>Question: Does "identity" really mean anything more that a set
>of privileges?  E.g. is there really any difference between what
>are known as identity-based certificates and role-based certificates?

The second part of the paper, at
http://www.mcg.org.br/coherence2.txt answers that by defining what
"identity" is. "Identity" is described as a concept *derived* from
identification:

  we can now deal with Reference, Sense and Entity as derived
  predicates of identification and not as "ad hoc" attributes of an
  "identity" we could not previously define.

So, "Identity" can be either Reference, Sense or Entity -- or all the
the three if you so desire.

>
>> A further benefit of the work is that it allows clear definitions for
>> a large number of new anonymous identification types, sorely needed
>> on the Internet and for e-commerce. Thus, identification can be
>> understood not only in the sense of an identity connection, but in
>> the wider sense of any connection.
>
>I absolutely agree that folks need to pay lots more attention
>to the concept of anonymity.
>

To fix terms, let us consider "anonymous" to be defined as an
identification for which one could not find a persona (ie, person or
corporation with legal capacities and liabilities) that could be
found or disclosed in its privacy.

However, this concept is not "one size fits all". We should be able
to distinguish some subtle but yet relevant distinctions in the
concept of anonymity -- where some may be more or less susceptible to
search and discovery, some may have less cost, some may offer limited
disclosure to a group, etc. This may greatly enhance the usefulness
of the concept of an untraceable identity, specially for e-commerce.

Further, we currently live the paradox of either forfeiting our
privacy (by giving away our private data in certificates) or our
security (by not giving/receiving verifiable private data). IMO, this
paradox can only be solved by revisiting the concept of anonymous
identification as the presented coherence model of identification
allows.

>> This work shows that not identity but coherence is the general metric
>> for identification. More coherence and more coherence modes mean
>> stronger identification, even if anonymous.
>
>I wouldn't describe it as more modes; I would describe the problem
>as understanding the mathematical structure of privilege, roles, etc.
>For instance, if we define identity as just a public key, then identity
>has only the mathematical structure of a set.  However, it's pretty
>easy to imagine that privileges may have a structure like a partial
>order or semilattice.

A privilege must be a measured attribute, otherwise how could you be
sure it is correct? Thus, a privilege must be identified -- not
simply assumed. Perhaps this explains the disconnect, where you did
not see that privileges must also be described by a coherence mode --
as one of the four main given types (D,A,O,F).

This is apparent when you affirm "I would describe the problem as
understanding the mathematical structure of privilege, roles, etc."
-- with which I 100% agree and that is exactly what the coherence
modes are, degrees of understanding. Please see the second part of
the paper, ibid.

Cheers,

Ed Gerck

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@...
http://novaware.cps.softex.br

I am trying to implement SSL on a Java Web Server 1.1.   I am having
trouble getting the server to recognize the CA root as an authority. This
is the message I am getting.

Trying PEM format
javax.security.cert.CertificateException: InvocationTargetException:
javax.security.cert.CertificateException:
Unable to initialize, java.io.IOException: DerInput.getLength(),
unsupported [ 127 ]
         at java.lang.Throwable.<init>(Compiled Code)
         at java.lang.Exception.<init>(Compiled Code)
         at javax.security.cert.CertificateException.<init>(Compiled Code)
         at javax.security.cert.X509Certificate.getInst(Compiled Code)
         at javax.security.cert.X509Certificate.getInstance(Compiled Code)
         at com.sun.server.admin.security.AuthStore.kimportCA2(Compiled
Code)
         at com.sun.server.admin.security.AuthStore.action(Compiled Code)
         at java.awt.Component.handleEvent(Compiled Code)
         at java.awt.Component.postEvent(Compiled Code)
         at java.awt.Component.postEvent(Compiled Code)
         at java.awt.Component.postEvent(Compiled Code)
         at java.awt.Component.postEvent(Compiled Code)
         at java.awt.Component.dispatchEventImpl(Compiled Code)
         at java.awt.Component.dispatchEvent(Compiled Code)
         at java.awt.EventDispatchThread.run(Compiled Code)

Any help would be greatly appreciated.


Thanks!

JC

> Identification is often understood as an act of identifying, or of
> establishing an identity. Identity is usually defined as "the
> distinguishing character or personality of an individual" [1].

What most people seem to mean by "identifying information" is:
"Enough information so that we can track you down and prosecute you".

> This essay begins with a suggestion to revisit the concept of
> identification -- what is identification, that we can identify it?

Here's a (key-centric) suggestion: an "identity" is just a public key;
nothing more.

> What is "to identify"? I posit that "to identify" is to look for
> connections. Thus, in identification we look for logical or natural
> connections. For example:
>
> Do you, the reader, agree?
>
> If you agree you have just identified. If you do not agree, likewise
> you have identified. The essence of identification is thus to find
> connections -- where absence of connections also counts.

I will posit that most of the connections that you care about are
associations between identity and privilege.  In other words, the
question you really want the answer to is: "Does that entity on
the other end of the wire have permission to do what it is asking?"

Question: Does "identity" really mean anything more that a set
of privileges?  E.g. is there really any difference between what
are known as identity-based certificates and role-based certificates?

> A further benefit of the work is that it allows clear definitions for
> a large number of new anonymous identification types, sorely needed
> on the Internet and for e-commerce. Thus, identification can be
> understood not only in the sense of an identity connection, but in
> the wider sense of any connection.

I absolutely agree that folks need to pay lots more attention
to the concept of anonymity.

> This work shows that not identity but coherence is the general metric
> for identification. More coherence and more coherence modes mean
> stronger identification, even if anonymous.

I wouldn't describe it as more modes; I would describe the problem
as understanding the mathematical structure of privilege, roles, etc.
For instance, if we define identity as just a public key, then identity
has only the mathematical structure of a set.  However, it's pretty
easy to imagine that privileges may have a structure like a partial
order or semilattice.

Eric Norman

Nathalie,

This is a good explanation, but I was at first confused by the
terminology.  We use the word "secret" for symmetric keys and use
"private" for the private part of a key in a public key cipher.

Roger

-----Original Message-----
From: Nathalie Le Berre [mailto:NATHALIE.LE-BERRE@...]
Sent: Tuesday, November 03, 1998 9:12 AM
To: attila@...
Cc: ssl-talk@...
Subject: Re: when are public/private keys used during the handshake
phase?


attila@... wrote:
>
> W.r.t. http://home.netscape.com/eng/ssl3/index.html, I'm unclear as to
when
> RSA public/private key encryption is used versus when symmetric keys,
and
> when they are not.
>
> In the following exchange between client and server during the
handshake
> (negotiation) phase of the protocol, is each exchange encrypted via
RSA
> public key at the source and decrypted via RSA private key at the
> destination?
>
> For example, when the client sends the ClientHello message, is it
encrypted
> with the server's public key? Subsequently in the server's response
> messages, are the ServerHello, Certificate, ServerKeyExchange, etc.
> messages collected into one record, encrypted with the client's public
key
> and forwarded to the client?
>


Stop!
The client hello is a clear message without any encryption. It contains
the cipher
suite preference the client want to use. The server analyses it and
sends its own
cipher suite preference choosen between client propositions, in the
server hello message,
which is a clear message too.
In case of server autentication which is mandatory in SSL, the server
sends its
certificate which contains its public key, and server hello done.

Then, the client knows now :
	 - which ciphers the server accepts
	 - the server certificate
So it generates a PRIVATE KEY encapsulated with the PUBLIC KEY of server
issued
from server certificate. It can be RSA PUBLIC KEY or other according to
server
preference.
The server receives the PRIVATE KEY generated by client for the session
and used
for data encryption, after HANDSHAKE PART. This PRIVATE KEY is encrypted
with its
own PUBLIC KEY so the server uses its correspondant PRIVATE KEY to
decrypt it.
Then the private key exchange is done securely.
We must add that all handshake messages are "manipulated" to do a MAC to
certify
that nobody substitute a message towards client or server. This MAC is
sent in Finished
messages.

I hope this explanation will help you.


>    Client                                                Server
>
>    ClientHello                   -------->
>                                                     ServerHello
>                                                    Certificate*
>                                              ServerKeyExchange*
>                                             CertificateRequest*
>                                  <--------      ServerHelloDone
>    Certificate*
>    ClientKeyExchange
>    CertificateVerify*
>    [ChangeCipherSpec]
>    Finished                      -------->
>                                              [ChangeCipherSpec]
>                                  <--------             Finished
>    Application Data              <------->     Application Data
>
> >From all my readings, it is unclear when and where the public/private
keys
> are being used? On which messages?
>
> I understood that since RSA (public/private) key encryption and
decryption
> is so time consuming, it is only used during the exchange of secret
> information in the handshake phase. During this handshake phase
sufficient
> information is exchanged between the client and server so as to
dynamically
> generate a symmetric key with which both client and server application
data
> is passed back and forth securely, efficiently (ie: more efficiently
than
> using RSA key encryption).
>
> Thanks for any clarification

--
------- Nathalie LE BERRE  ------------BULL SA/SD/CS----------
Tel: 01 30 80 79 78 (237 7978)     Rue Jean-Jaures
Fax: 01 30 80 65 40 (237 6540)     78340 Les Clayes-Sous-Bois
mailto:NATHALIE.LE-BERRE@...  Implantation : FRCL E1-1A-39

List:

Identity and identification issues are certainly relevant to SSL and
thus I submit this message to request comments into the approach.

However, if you think the subject is more appropriate off-list, I
would likewise appreciate the feed-back into this timely issue.

There is a further consequence of this in cryptography, as
cryptography can be understood (under this approach) as a way to
reduce perceived lexical coherence. The work also suggests the
existence of many new types of anonymity and cryptographic techniques
in general -- since the approach shows that there are so many
different ways to reduce coherence.

Cheers -- Ed Gerck

=============================================================

  A proposal to define identification


Identification is often understood as an act of identifying, or of
establishing an identity. Identity is usually defined as "the
distinguishing character or personality of an individual" [1].

Of course, such definitions cannot be applied on the Internet. Any
mention to "identity" or "identity authentication" on the Internet is
a mere tag for something else, such as an individual's purported
attribute. Certainly, without any physical contact with an individual
or even without any way to directly verify it.

It is simply not possible to speak of "identity" or "identification"
as a dictionary defines it, over the Internet. All legal and
technical studies that call for or depend on such equivalence are
misleading. Any such "identity" or "identification" can be faked,
repudiated or are unwarranted to relying-parties (e.g. by CAs) over
the Internet.

Though not so extensive, this is also an unsolved problem in the
3D-world, outside the Internet. On 15th April 1997, The Daily
Telegraph, a UK quality newspaper, reported on Alan Reeve [2] -- a
convicted criminal and triple killer who was described as "friendly,
caring, dependable and loving" by his fiancée when he was arrested
under false identity in Ireland.

Clearly, the indeterminacy of "identity" on the 3D-world is itself a
reason to doubt any extension of such credentials to the Internet
[3]. Moreover, on the Internet, we also need to identify hosts,
routing, software, etc. -- not just humans.

What is the solution, if any?

This essay begins with a suggestion to revisit the concept of
identification -- what is identification, that we can identify it?

What is "to identify"? I posit that "to identify" is to look for
connections. Thus, in identification we look for logical or natural
connections. For example:

- between a fingerprint and the person that has it,

- between a name and the person that answers by that name,

- between an Internet host and a URL that connects to it,

- between an idea and the way we can represent it in words,

- conversely, between words and the ideas they represent,

- etc.

Do you, the reader, agree?

If you agree you have just identified. If you do not agree, likewise
you have identified. The essence of identification is thus to find
connections -- where absence of connections also counts.

....

   For the full text, please visit http://www.mcg.org.br/coherence.txt
   and also the second part at http://www.mcg.org.br/coherence2.txt

....

A further benefit of the work is that it allows clear definitions for
a large number of new anonymous identification types, sorely needed
on the Internet and for e-commerce. Thus, identification can be
understood not only in the sense of an identity connection, but in
the wider sense of any connection.

This work shows that not identity but coherence is the general metric
for identification. More coherence and more coherence modes mean
stronger identification, even if anonymous.


Cheers,

Ed Gerck


============================================
References:

[1] Merriam-Webster Dictionary

[2] http://www.mcg.org.br/auth_b1.htm

[3] http://www.mcg.org.br/certover.pdf

______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@...
http://novaware.cps.softex.br

Hi All,
i have the following problem:
I have installed ssleay 0.8.1 under WinNT. I was able to create a CA,
and the CA Certificate and so on.
I was also able to generate a certificate request for a server
certificate and sign it with x509 -reg command. Then I saw lots of
dokumentations and they all talk of signing requests with the ca
command. Now i get some probems using the command.
I wrote the following lines:

ca -policy policy_anything -out c:\..\demoCA\newcerts\moncert2.pem
-outdir c:\...\demoCA\newcerts -config c:\....\lib\ssleay.cnf
-keyfile c:\...\private\cakey.pem -cert c:\...\demoCA\cacert.pem

and I get the following error message:
that the system is not able to open the index.txt, though it is in the
right directory, and the line
database = $dir\index.txt # database index file just piont
to the right position.
Please, please help me.
Can I use x509 -req as well as ca to sign certificate requests, what am
I doing wrong.
I am thankfull for every reply.
Nilofer Popal

Is there any way to access Netscape's security information using JAVA,
JAVASCRIPT, LiveConnect or Plug-ins?
I would like to get certificates and private-keys from my browser using
these tecnologies. Is it possible?

Thank´s

Luciano

niewiadomskis@... wrote:
>
> I need to export root CA certificate from netscape certificate server
> into DER format
> how can I do that?

Copy and paste to file base64 encoded CA cert.

Then you can use for example such a command:

decb64 -i base64.cer -o der.cert

Output would be cert in DER format.

This program can be find at:

http://developer.netscape.com/tech/security/certs/certs.html

rolis

I need to export root CA certificate from netscape certificate server
into DER format
how can I do that?

Hi All,
i have the following problem:
I have installed ssleay 0.8.1 under WinNT. I was able to create a CA,
and the CA Certificate and so on.
I was also able to generate a certificate request for a server
certificate and sign it with x509 -reg command. Then I saw lots of
dokumentations and they all talk of signing requests with the ca
command. Now i get some probems using the command.
I wrote the following lines:

ca -policy policy_anything -out c:\..\demoCA\newcerts\moncert2.pem
-outdir c:\...\demoCA\newcerts -config c:\....\lib\ssleay.cnf
-keyfile c:\...\private\cakey.pem -cert c:\...\demoCA\cacert.pem

and I get the following error message:
that the system is not able to open the index.txt, though it is in the
right directory, and the line
database = $dir\index.txt # database index file just piont
to the right position.
Please, please help me.
Can I use x509 -req as well as ca to sign certificate requests, what am
I doing wrong.
I am thankfull for every reply.
Nilofer Popal

attila@... wrote:
>
> W.r.t. http://home.netscape.com/eng/ssl3/index.html, I'm unclear as to when
> RSA public/private key encryption is used versus when symmetric keys, and
> when they are not.
>
> In the following exchange between client and server during the handshake
> (negotiation) phase of the protocol, is each exchange encrypted via RSA
> public key at the source and decrypted via RSA private key at the
> destination?
>
> For example, when the client sends the ClientHello message, is it encrypted
> with the server's public key? Subsequently in the server's response
> messages, are the ServerHello, Certificate, ServerKeyExchange, etc.
> messages collected into one record, encrypted with the client's public key
> and forwarded to the client?
>


Stop!
The client hello is a clear message without any encryption. It contains
the cipher
suite preference the client want to use. The server analyses it and
sends its own
cipher suite preference choosen between client propositions, in the
server hello message,
which is a clear message too.
In case of server autentication which is mandatory in SSL, the server
sends its
certificate which contains its public key, and server hello done.

Then, the client knows now :
	 - which ciphers the server accepts
	 - the server certificate
So it generates a PRIVATE KEY encapsulated with the PUBLIC KEY of server
issued
from server certificate. It can be RSA PUBLIC KEY or other according to
server
preference.
The server receives the PRIVATE KEY generated by client for the session
and used
for data encryption, after HANDSHAKE PART. This PRIVATE KEY is encrypted
with its
own PUBLIC KEY so the server uses its correspondant PRIVATE KEY to
decrypt it.
Then the private key exchange is done securely.
We must add that all handshake messages are "manipulated" to do a MAC to
certify
that nobody substitute a message towards client or server. This MAC is
sent in Finished
messages.

I hope this explanation will help you.


>    Client                                                Server
>
>    ClientHello                   -------->
>                                                     ServerHello
>                                                    Certificate*
>                                              ServerKeyExchange*
>                                             CertificateRequest*
>                                  <--------      ServerHelloDone
>    Certificate*
>    ClientKeyExchange
>    CertificateVerify*
>    [ChangeCipherSpec]
>    Finished                      -------->
>                                              [ChangeCipherSpec]
>                                  <--------             Finished
>    Application Data              <------->     Application Data
>
> >From all my readings, it is unclear when and where the public/private keys
> are being used? On which messages?
>
> I understood that since RSA (public/private) key encryption and decryption
> is so time consuming, it is only used during the exchange of secret
> information in the handshake phase. During this handshake phase sufficient
> information is exchanged between the client and server so as to dynamically
> generate a symmetric key with which both client and server application data
> is passed back and forth securely, efficiently (ie: more efficiently than
> using RSA key encryption).
>
> Thanks for any clarification

--
------- Nathalie LE BERRE  ------------BULL SA/SD/CS----------
Tel: 01 30 80 79 78 (237 7978)     Rue Jean-Jaures
Fax: 01 30 80 65 40 (237 6540)     78340 Les Clayes-Sous-Bois
mailto:NATHALIE.LE-BERRE@...  Implantation : FRCL E1-1A-39

W.r.t. http://home.netscape.com/eng/ssl3/index.html, I'm unclear as to when
RSA public/private key encryption is used versus when symmetric keys, and
when they are not.

In the following exchange between client and server during the handshake
(negotiation) phase of the protocol, is each exchange encrypted via RSA
public key at the source and decrypted via RSA private key at the
destination?

For example, when the client sends the ClientHello message, is it encrypted
with the server's public key? Subsequently in the server's response
messages, are the ServerHello, Certificate, ServerKeyExchange, etc.
messages collected into one record, encrypted with the client's public key
and forwarded to the client?

    Client                                                Server

    ClientHello                   -------->
                                                     ServerHello
                                                    Certificate*
                                              ServerKeyExchange*
                                             CertificateRequest*
                                  <--------      ServerHelloDone
    Certificate*
    ClientKeyExchange
    CertificateVerify*
    [ChangeCipherSpec]
    Finished                      -------->
                                              [ChangeCipherSpec]
                                  <--------             Finished
    Application Data              <------->     Application Data

From all my readings, it is unclear when and where the public/private keys
are being used? On which messages?

I understood that since RSA (public/private) key encryption and decryption
is so time consuming, it is only used during the exchange of secret
information in the handshake phase. During this handshake phase sufficient
information is exchanged between the client and server so as to dynamically
generate a symmetric key with which both client and server application data
is passed back and forth securely, efficiently (ie: more efficiently than
using RSA key encryption).

Thanks for any clarification

Dear all,

I found that the industry standard of access log specs is called Common
Logfile Format, CLF.  Excellent information could be found in the
following sites,

http://www.w3.org/Daemon/User/Config/Logging.html
http://www.openwebscope.com/help/W3_extended_logfile.html


Best regards and thanks,
Marcus Choy

	 -----Original Message-----
	 From: Choy, Marcus (iMagic) [SMTP:MarcusC@...]
	 Sent: Monday, November 02, 1998 3:54 PM
	 To: ssl-talk@...
	 Subject: Access log specification

	 Dear all,

	 I am now working on a SSL enabled web server driven by Netscape
	 Enterprise Server.  I'd like to generate access log report but I
am not
	 sure whether or not the format of the log data is compliant to
the
	 "world specifications", if any.

	 Could anyone tell me if there is any industry standard for the
	 specifications of access log data, like any other specifications
	 announced by the W3C.  If any, where could I find it?

	 Thank you very much.

	 Best regards and thanks,
	 Marcus Choy

Dear all,

I am now working on a SSL enabled web server driven by Netscape
Enterprise Server.  I'd like to generate access log report but I am not
sure whether or not the format of the log data is compliant to the
"world specifications", if any.

Could anyone tell me if there is any industry standard for the
specifications of access log data, like any other specifications
announced by the W3C.  If any, where could I find it?

Thank you very much.

Best regards and thanks,
Marcus Choy