X9.59 mailing list

x959 Postings and Posting Index, next, previous - home



e-signatures in NY
privacy issues
Merchant Comfort Certificates
Updated combined security glossary with RFC2828
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
Merchant Comfort Certificates
misc other DNS
another view of certificates
Domain Name integrity problem
Domain Name integrity problem
BCP 40, RFC 2870 on Root Name Server Operational Requirements
Visa Delicately Gives Hook to SET Standard
Visa Delicately Gives Hook to SET Standard
LB#12 Protection Profiles
RFC 2807 published today XML Signature Requirements
RFC 2807 published today XML Signature Requirements
RFC 2807 published today XML Signature Requirements
VISA 3D-SSL


e-signatures in NY

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: e-signatures in NY
one of the things that we've been looking at for some time for hardware tokens ... having a hardware token signing data indicate whether the (PIN) activation was specifically for the specific signature operation or if the token had been activated and had signed several transactions since the activation (i.e. if there are multiple authentication requirements & methods ... then it is possible that something as simple as the activation mode needs to be included in the data being signed ... contributing to the auditable characteristic of the operation).

It is possible to imagine a PC with a smartcard reader ... and some number of transactions just want to verify that the correct hardware token has been activated and is resident in the reader ... (transient authentication operations ... where there could be whole series) and other transactions with long lived implications ... the signing not only authenticates but possibly carries with it some longer term "authorization" implication (like in the case of an X9.59 transaction).

One of the issues is not to fall into the copy-protection trap from the mid-80s where specific floppy disks were required to be in the floppy reader in order for specific applications to operate ... and it was possible to have tens of such floppy disks and the possibility of continuous shuffling of different disks into & out of the reader every few minutes (or seconds) .... aka 50 or 60 smartcards each with different mode & function ... some requiring simple PIN-activation and others requiring PIN-authorization for each use ... and person having to find the specific smartcard for the specific function and swap the appropriate cards (and of course, power on/off alwas forces an activation operation).

If there was sufficient card swapping going on ... then might as well give up on the idea of multiple signing per activation ... since the probability of a card being continuously powered from one use to the next can drop significantly. While it is still possible to have open, interoperability between hardware token authentication requirements like
financial transactions
document signing
ISP login/connection
Website access


the mechanics of a single reader and potentially hundreds of different cards with different authentication modes & requirements gets lost. Even going to two readers, one for multiple signings per activation and one for single signing per activation is problamentical if the user still has to shuffle thru tens or hundreds of different cards.

Typically these things need to be looked at from the standpoint of several different vectors or you wait until deployment and start to discover many of these issues after the fact.

Ben Wright <:Ben_Wright@XXXXXXXX> on 03/30/2000 10:27:15 PM
Take a look at New York's new regulations on electronic signatrues at
http://www.oft.state.ny.us/esra/esra.htm
They feature a new twist.

As we've seen in numerous other states (California, Texas, Colorado, Nebraska and more), New York said an e-signature needs to be unique to the signer, under his sole control, verifiable and revealing of alteration. But notice that New York goes on to make explicit a critical element that has not been so explicit before. New York says the signature must also be "intended by the party using it to have the same force and effect as the use of a signature affixed by hand."

The extra step is important, especially when dealing with unsophisticated signatories like consumers. A secure identifier like a key or a token -- regardless of how good it is at identifying you -- should not be legally effective if you did not intend it to be your signature in a way that you understand a handwritten signature to be effective.

I (ever so humbly) believe there is a practical implication in this for companies who want good e-signatures from unsophisticated parties. The implication is that workable e-signatures are about more than just collecting proof that a security device (PIN, private crypto key, biometric identifier or what have you) was invoked. Workable e-signatures are also about collecting and archiving information about the environment in which the document was presented, the prompts that were displayed to ask for the signature and the cues that were given to inform the signer what the signature's purpose was and which document was the object of attention. As a practical matter, the final record of the signed document needs all this contextual information just as much as it needs the security device.

In other words, when the alleged signer is unsophisticated, a PKI digital signature bound to a document is not worth much by itself. To be worth anything, it needs to be bound with a rich audit trail.

But I'd be interested to hear what others think.

--Ben

Benjamin Wright
Attorney & Author of The Law of Electronic Commerce
Dallas, Texas
tel 214-403-6642
ben_wright@xxxxxxxx

http://pki.bigstep.com


privacy issues

From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: privacy issues
AADS addresses these same privacy issues. In the discussion regarding open vis-a-vis closed systems ... one could make the claim that identity certificates are only a closed-sysetm solution because of the privacy issues.

http://www.zdnet.com/zdnn/stories/news/0,4586,2523596,00.html

misc. other refs.

http://www.garlic.com/~lynn/aepay2.htm#aadspriv
http://www.garlic.com/~lynn/98.html#4
http://www.garlic.com/~lynn/aadsmail.htm#mfraud
http://www.garlic.com/~lynn/aadsmail.htm#comfort
http://www.garlic.com/~lynn/aadsm2.htm#keylength
http://www.garlic.com/~lynn/aadsm2.htm#privacy
http://www.garlic.com/~lynn/ansiepay.htm#privacy
http://www.garlic.com/~lynn/aepay2.htm#privrules
http://www.garlic.com/~lynn/aepay2.htm#morepriv

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: Merchant Comfort Certificates
attached from recent CERT Advisory CA-2000-10

there was some related discussion about merchant comfort certificates at

http://www.garlic.com/~lynn/aadsm2.htm#scale
I. Description

Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One very common use of digital certificates is to secure electronic commerce transactions through SSL (Secure Socket Layer). The kind of certificates used in e-commerce transactions are called X.509 certificates. The X.509 certificates help a web browser and the user ensure that sensitive information transmitted over the Internet is readable only by the intended recipient. This requires verifying the recipient's identity and encrypting data so that only the recipient can decrypt it.

The "padlock" icon used by Internet Explorer (as well as Netscape and other browsers) is an indication that an SSL-secured transaction has been established to someone. It does not necessarily indicate to whom the connection has been established. Internet Explorer (and other browsers) take steps to warn users when DNS-based information conflicts with the strongly authenticated information contained in the X.509 certificates used in SSL transactions. These warnings are supplemental information to help users decide if they're connecting to whom they think they are connecting. These steps and warnings are designed to protect against attacks on the DNS information.

Descriptions of the problems provided by Microsoft are shown below.

IE fails to validate certificates in images or frames

When a connection to a secure server is made via either an image or a frame, IE only verifies that the server's SSL certificate was issued by a trusted root - it does not verify the server name or the expiration date. When a connection is made via any other means, all expected validation is performed.

IE fails to revalidate certificates within the same session

Even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is establish with the same server during the same IE session.

We encourage you to read Microsoft Security Bulletin MS-039 for additional details provided by Microsoft. This document is available at

http://www.microsoft.com/technet/security/bulletin/ms00-039.asp

II. Impact

Attackers can trick users into disclosing information (such as credit card numbers, personal data, or other sensitive information) intended for a legitimate web site.

III. Solution

General Recommendations When Using SSL

DNS information is fundamentally insecure, and there are a variety of means by which an attacker can provide false or misleading DNS information, even in the absence of any vulnerabilities in a DNS server. Browsers attempt to compensate for this insecurity by providing warning messages when the strongly authenticated certificate information does not match the DNS information. While we strongly recommend that you stay up to date with respect to patches and workarounds provided by your browser vendor, we also encourage you to take the following steps, particularly for sensitive transactions.

Check Certificates

The CERT/CC recommends that prior to providing any sensitive information over SSL, you check the name recorded in the certificate to be sure that it matches the name of the site to which you think you are connecting. For example, in Internet Explorer 5 (for Windows), double click on the "padlock" icon to engage the "Certificate" dialog box. Click on the "Details" tab to see information about the certificate, including the thumbprint. Click on the "Certification Path" tab for information about the certificate authority that signed the certificate. If you do not trust the certificate authority or if the name of the server does not match the site to which you think you're connecting, be suspicious.

Validate Certificates Independently

Web browsers come configured to trust a variety of certificate authorities. If you delete the certificates of all the certificate authorities in your browser, then whenever you encounter a new SSL certificate, you will be prompted to validate the certificate yourself. You can do this by validating the fingerprint on the certificate through an alternate means, such as the telephone. That is, the same dialog box mentioned above also lists a fingerprint for the certificate. If you wish to validate the certificate yourself, call the organization for which the certificate was issued and ask them to confirm the fingerprint on the certificate.

Deleting the certificates of the certificate authorities in your browser will cause the browser to prompt you for validation whenever you encounter a new site certificate. This may be inconvenient and cumbersome, but it provides you with greater control over which certificates you accept.

It is also important to note that this sort of verification is only effective if you have an independent means through which to validate the certificate. This sort of validation is called out-of-band validation. For example, calling a phone number provided on the same web page as the certificate does not provide any additional security.

The CERT/CC encourages all organizations engaging in electronic commerce to train help desk or customer support personnel to answer questions about certificate fingerprints/thumbprints.

Note: Microsoft Internet Explorer 5, Macintosh Edition, does not provide any means by which users can validate certificates by checking the fingerprint/thumbprint. Our conversations with Microsoft indicate that the Macintosh version of Internet Explorer is not affected by these specific problems, however, because of the fundamentally insecure nature of DNS, we recommend using a browser that does allow users to validate certificates on whatever platform they use, including MacOS


Updated combined security glossary with RFC2828

From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: Updated combined security glossary with RFC2828
I recently updated the combined security glossary with RFC2828 (internet security glossary) at:

http://www.garlic.com/~lynn/secure.htm

In march, I had also updated the combined payment glossary with changes found at FRB Chicago:

http://www.garlic.com/~lynn/payment.htm

which is also reflected in the combined financial glossary:

http://www.garlic.com/~lynn/financial.htm

glossaries & other references:

http://www.garlic.com/~lynn/

RFC2828.txt at:

http://tools.ietf.org/html/rfc2828.txt

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
one of the issues with integrity problems with SSL and merchant comfort certificates is various security problems with DNS.

part of a roadmap for turning DNS into more secure facility is the (out-of-band?) registering of public keys in DNS database. Registering public keys in DNS database starts to turn it into an account authority digital signature operation. With public keys in the DNS database, there could be the option of returning the public key as part of doing the host->ip address resolution. Getting the public key as part of the host->ip address resolution then makes the transmission of a public key in an appended (merchant comfort) certificate, redundant and superfluous (as part of SSL handshake).

misc. url refs:

http://www.garlic.com/~lynn/aadsm2.htm#mcomfort
http://www.garlic.com/~lynn/aadsmail.htm#comfort
http://www.garlic.com/~lynn/aadsover.htm

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
at issue are (at least) the integrity of the DNS service, the integrity of the DNS operation, and the integrity of the DNS information. the existing SSL infrastructure is currently based on an assumption of integrity of DNS information & matching some level of that information with some information in a certificate.

Improving the integrity of the DNS service, the DNS operation, and the DNS information has included adding public keys as part of the DNS infrastructure (signed/authentcated DNS operations, signed/authenticated DNS access, signed/authenticated DNS updates, etc). Assuming that the DNS information can be made secure ... then there would be higher level of confidence that the information from a certificate that is used to match DNS information is correct (in a SSL operation ... i.e. the host name that I believe I'm talking to for an SSL merchant site ... corresponds to the host name offered in the appended certifcate ... and the internet host names correct operation infrastructure is based on DNS correct operation).

However, achieving that level of integrity also has keys being registered. If the keys are registered ... and if correct DNS operation is (in part) based on having those keys (and if SSL correct operation is based, in part on DNS operating correctly) ... then the merchant comfort certificates (as part of SSL) can be shown to be redundant and superfluous.

Or conversely ... your argument is equally applicable to existing SSL comfort certificates dependent on internet host name conventions which is in turn, dependent on the integrity of correct DNS host name operation (i.e. matching the host name in a certificate with the host name that I used in a call to DNS resolve). If the integrity of DNS operation is out of the question, then DNS resolution of a hostname is out of the question ... then matching the hostname in a certificate against a hostname in a URL provides little security purpose i.e. SSL does two things in checking to see that I'm really talking to the merchant site that I think I'm talking to ...

1) it cross checks the hostname (or possibly a partial hostname with wildcard) that I believe I'm talking to with the hostname provided in the supplied certificate. I've talking to a host because I've talking the supplied URL, parsed the hostname from the supplied URL and called DNS to revolve the hostname to an IP-address. I've then used the DNS supplied IP-address to connect to a merchant web site. the merchant web site then sends me back a certificate ... that includes (among other things) the mrechants hostname and the merchants public key. I take the hostname that I originally passed to DNS for internet address resolution and compare it against the hostname information in the certificate. If they match ... then there is some chance that I'm really talking to the site that I think I'm talking to

2) the passed certificate is validated ... i.e.the signature on the certificate is validated, checked against CA public key, etc. The public key is then extracted and messages encrypted and/or signed by the sending entity are validated using the public key in the signed certificate.

If the integrity of DNS is improved, in part, by out-of-band registeration of public keys ... then there is some improved level of assurance that the site I believe I'm talking to improves (i.e. the hostname to ip-address translation supplied by DNS is correct). If if is possible to start to rely on that information as being correct ... then it is possible that DNS can distribute both correct ip-addresses as well as correct public keys as part of correct internet operation. If DNS can be relied upon as being correct (i.e. certifying the correct operation of the internet) .. then SSL certificates that independently attest to the mapping between public keys and host names becomes redundant and superfluous.

in effect, each DNS resolution (with both a supplied ip-address and public key) can be viewed as a mini-certification (lets not go so far as to say full blown certificate) giving the binding between hostname, ip-address, and public key. For things to operate correctly, there has to be a binding between all three pieces, hostname, ip-address, and public key.

SSL currently uses DNS to provide the binding between hostname and ip-address and a comfort certificate to provide a binding between hostname and public key. Having a reliable DNS ... will allow providing a reliable binding between the triple, hostname, ip-address, and public key (actual network traffic is based on ip-address).

In effect, most PKIs provide valid certificates issued from a known list of valid certification authorities, some external reference information, and a public key.

As mentioned in the CERT notice, browsers (& SSL) have a long list of acceptable certification authorities. Standard browser SSL operation checks for valid, acceptable operation by seeing if the certificate is from any of the acceptable certification authorities and then if the hostname in the certificate corresponds to the hostname passed to DNS for correct resolution.

"Lewis, Tony" on 06/06/2000 01:55:01 PM
My impression is that it is the DNS database itself that is insecure. It seems to me that adding security information to an insecure source will not improve security.

Tony


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
... basically in a manner to (out-of-band) loading acceptable public keys into a browser (for acceptable certification authorities) ... public keys could also be loaded with ip-address for initial DNS setup & configuration.

then incoming DNS hostname -> ip-address resolution for correct internet operation can be validated (not certificates needed ... just the public keys in the dns setup & configuration information).

If DNS then registers public keys as part of program to improve its overall integrity ... then SSL which is looking at the combined binding of hostname, ip-address, and public key is addressed with a single DNS operation.

Now, it is possible for electronic commerce, there is interest in doing some authenticated binding other than the SSL-binding between hostname (& DNS ip-address), and public key ... possibly between public key and merchant operation. In that case, there would need to be some non-SSL code would verify transactions involving information bound between public key and some sort of merchant specification (possibly included in a certificate) and table of acceptable specifications.

The CERT notice sort of implied a way of doing such a thing in a indirect, limited way w/SSL by elminated all acceptable CAs from the browswer CA table ... and inserting a possibly private brand CA. Then only the private brand certificates would be automatically acceptable to the browser. If such a private brand was based on very specific electronic commerce certification practice statement (CPS) ... then it would be possible to achieve a contrived electronic commerce specific bonding (not based on SSL directly ... but based on closed environment allowing only specific kind of certificates).

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
a SSL certificate with the DNS name is dependent on DNS to take the DNS name and resolve to an IP address.

In the case of identity theft, there have been instances where licenses have been issued to a name ... where the name didn't actually belong to the person getting the license.

There are various kinds of activities to improve the integrity of the DNS process as well as various naming/licensing process.

"Lewis, Tony" on 06/06/2000 02:34:19 PM
It is as useful as seeing a driver's license for "John Doe".

Tony

> ----------
> From:   Donald E. Eastlake 3rd[SMTP:dee3@xxxxxxxx]
> Sent:   Tuesday, June 06, 2000 2:12 PM
> To:     ansi-epay
> Subject:     Re: Merchant comfort certificates
>
>
> Just adding keys to DNS doesn't help much but there is a proposed
> standard for securing DNS info with signatures (RFC 2535, etc.).  When
> it will be generally deployed is unclear.  When it is, people will
> have much more confidence in the DNS-name <-> DNS-info binding, where
> DNS info can be network addresses, keys, ets.  But it will not help
> you know whether united.com is United Airlines, or United Moving, or
> United Parcel Service, or ...  You will just be really confident that
> you have the right IP address and perhaps key and other data for
> www.united.com or whatever.  Then again, does "John Doe" in a
> certificate always tell you who it was issued to issued to in a useful
> way?
>
> Donald


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
some opportunity to create a consistent authentication infrastructure with an AADS radius (using radius for both ISP authentication, VPN authentication, and webserver access authentication) along with authenticated DNS information distribution (bindings between hostnames, ip-address, keys, and other types of information). A backend key server could provide a common authentication infrastructure within the structure that majority of the existing internet currently operates (and is dependent on that correct operation)

"Donald E. Eastlake 3rd" on 06/06/2000 02:12:41 PM
Just adding keys to DNS doesn't help much but there is a proposed standard for securing DNS info with signatures (RFC 2535, etc.). When it will be generally deployed is unclear. When it is, people will have much more confidence in the DNS-name <-> DNS-info binding, where DNS info can be network addresses, keys, ets. But it will not help you know whether united.com is United Airlines, or United Moving, or United Parcel Service, or ... You will just be really confident that you have the right IP address and perhaps key and other data for www.united.com or whatever. Then again, does "John Doe" in a certificate always tell you who it was issued to issued to in a useful way?

Donald


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
note the statement is about dominent internet authentication & information distribution infrastructures (RADIUS & DNS) working better &/or more reliably ... since the majority of the basic internet infrastructure is dependent on them for the current operation.

with regard to SSL ... there is a 3-way binding going on ... DNS hostname, DNS returned IP-address,, and public key. Trusted DNS (something that is desirable for general internet operation in any circumstance) can handle hostname, ip-addresses, and public key ... within the domain of things that are bound to DNS hostname & ip-addresses.

That doesn't preclude other types of trusted bindings & information distribution from being deployed (that are independent of DNS related attribute information). Since a trusted DNS is desirable, in any case, ... and the existing SSL/TLS implementation is associated with trusted binding related to DNS operation (hostnames) ... then a more effective solution would to directly have trusted DNS operation (which subsumes having orthongonal operations attest to integrity of DNS related information).

As mention in prior post ... that wouldn't preclude other infrastructures from being developed based on trusted bindings of other types of information ... but it seems to be relatively clearcut that it is desirable for Internet to have a trusted infrastructure, trusted DNS infrastructure & trusted DNS information ... rather than have an independent trusted information binding (possibly) untrusted DNS-related information.

It even makes more sense since the application would be calling hostname resolve ... in order to get back the mapping from dns-related hostname to ip-address mapping ... if that response could not only be relied on ... but also might return any additional integrity information that was available (something that is straight-forward within the existing DNS infrastructure).

general internet standards reference:

http://www.garlic.com/~lynn/rfcietff.htm

or references:

http://www.rfc-editor.org/rfc.html
http://www.dns.net/dnsrd/docs/id.html
http://www.dns.net/dnsrd/
http://whatis.com/radius.htm
http://www.livingston.com/marketing/products/radius.html
http://www.alliancedatacom.com/bay-networks-baysecure-firewall-1.htm
http://www.routerware.com/wan_dl/radius.htm
http://msdn.microsoft.com/workshop/server/feature/vpnovw.asp

Bill_Poletti@xxxxxxxx on 06/07/2000 12:54:54 PM
So do I hear that its your idea to change the entire infrastructure to support this idea rather than come up with a method of authentication that integrates into the existing infrastructure?

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
not at all, there is existing IETF work to incrementally improve the integrity of DNS ... on which much of the Internet is currently based ... and some of those incremental improvements include the use of public keys in DNS.

It isn't my idea at all ... as already mentioned there are RFCs as well as drafts covering the area.

... it is, in fact, method of authentication that incrementally upgrades & integrates into the existing infrastruture

Bill_Poletti@xxxxxxxx on 06/07/2000 04:45:41 PM
So what you are saying is that even though this proposed method does not exist today, its not precluded. So, your idea to IS change the entire infrastructure to support this idea rather than come up with a method of authentication that integrates into the existing infrastructure?

That IS what you're saying.


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
... in point of fact, my observation was just that if the DNS incremental integrity improvements were performend ... then the common practice of SSL/TLS with certificates containing the binding of DNS hostname information to public keys becomes redundant and superfluous. A reliable & trusted DNS infrastructure would directly attest to the validity of the DNS information ... subsuming the necessity of having a trusted third party certify any binding between DNS hostname information and public keys (especially if there are problems with existing DNS infrastructure which could call into the question the basic information).

Then if follows, given that a reliable & high integrity DNS infrastructure was being used for the internet ... and such reliable & trusted DNS infrastructure subsumed the necessity for having a trusted third party certify any binding between DNS hostname information and public keys then the certificates issued by such trusted third parties would be redundant and superfluous.

That isn't to say that trusted third parties might not be useful for providing certified binding between other types of information and public keys ... but given a reliable & high integrity DNS using public keys ... sort of makes it redundant and superfluous for having trusted third parties also certify bindings between DNS hostname information and public keys. Especially since the DNS operation is an online infrastructure and is used repeatedly by all forms of internet communication to establish connections.

The issue isn't whether or not there is an existing authentication infrastructure or not. The issue is that existing SSL certificates invovlve the binding of DNS hostname & public keys ... and that if proposed DNS enhancements for integrity and reliability (for the benefit of all internet operations ... not just SSL operation) ... then certificates that provide trusted bindings for DNS hostname information & public keys become redundant and superfluous ... since by definition ... the reliable and trusted DNS operation would subsume the necessity of needing trusted third party certification of binding between DNS hostname information and public key.

Trusted third party certificates that certify the binding of other types of information might be of benefit ... if there isn't an online, trusted reliable operation that provided the same information already as part of every internet connection setup. However, trusted third party certificates that just certified the binding between DNS hostname information and public key seems to be redundant and superfluous if there was a reliable and trusted DNS infrastructure ... that provided trusted & reliable DNS hostname and public key as part of the standard DNS operation.

No idea to change the entire infrastructure ... just the observation that if some of the proposed changes for reliable and trusted DNS would make the use of SSL certificates from trusted third parties (involving binding of DNS hostname information to public keys) ... redundant and superfluous.

There wasn't even the statement that you must stop using redundant and superfluous SSL certificates (binding DNS hostname information to public keys) ... if you didn't want to ... even tho a reliable and trusted DNS would improve all internet transactions .... not just SSL transactions (besides making such SSL certificates redundant and superfluous).

Bill_Poletti@xxxxxxxx on 06/07/2000 04:45:41 PM
So what you are saying is that even though this proposed method does not exist today, its not precluded. So, your idea to IS change the entire infrastructure to support this idea rather than come up with a method of authentication that integrates into the existing infrastructure?

That IS what you're saying.


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
Hopefully this can be made clearer.

every internet connection tends to make a call to revolve a hostname ... a large majority of those tend to involve DNS in one way or another.

a SSL certificate tends to be some form of such a dns hostname bound to a public key.

SSL session setup tends to start by cross-checking the DNS information in the certificate with the DNS hostname that was used to establish the connection (i.e. call DNS with the hostname to get back an ip-address that was actually used to establish the session). SSL is suppose to barf if the DNS information in the certificate and the DNS hostname used for the session doesn't match.

If the DNS hostname information in the certificate and the DNS information used to establish the connection are the same, then the public key in the certificate can be used to validate some information used as part of establishing the session.

Now part of proposals to incrementally improve the integrity and reliability of the Internet's DNS infrastructure involves public keys.

DNS is already capable of returning information of general kinds on calls to DNS ... not just ip-addresses ... and might include any available public key

The combination of public keys for reliably and trusted DNS and the availability of those public keys ... makes the binding of DNS information to public keys by trusted third parties redundant and superfluous. Not to say you have to stop doing it ... just that it is redundant and superfluous to have trusted third parties providing trusted bindings between DNS information and public keys when a reliable and trusted DNS is providing trusted binding between DNS information and public keys.

Getting back a trusted public key along with ip-address on every DNS hostname could open all sorts of possibilities. This isn't my suggestion for totally changing the authentication of the internet ... this is my observation about the implications of a reliable and trusted DNS involving public keys.

There would be no necessity for connection setup code to get a certificate and check the DNS hostname information with the DNS hostname information in the certificate. Implicit in the DNS hostname resolution operation is the returning of reliable & trusted information regarding the IP-address and potentially a public key associated with that DNS hostname (implicit in the DNS internet operation is that it is getting back useful information ... i.e. the ip-address & possibly other information ... that is bound to a DNS hostname ... for purposes of setting up an internet connection). That is just how the internet & DNS works.

If a public key was also returned as part of standard trusted & reliable DNS ... it would seem to be pretty clear that a certificate from a trusted third party that also did a certified binding between some DNS hostname information and a public key ... is redundant and superfluous ... given that a trusted & reliable DNS is providing the information in real time.

There is no observations about certificates that involve other types of information binding and/or about authentication operations involving attributes other than the DNS hostname information attributes. Other types of certificate authentication operations with other (non-DNS hostname information attribute) types of certificates would not seem to become redundant and superfluous with a reliable and trusted DNS ... just some of the internet initial connection setup operations that involve DNS (where a reliable and trusted DNS can provide the public key information).

Bill_Poletti@xxxxxxxx on 06/07/2000 04:45:41 PM
So what you are saying is that even though this proposed method does not exist today, its not precluded. So, your idea to IS change the entire infrastructure to support this idea rather than come up with a method of authentication that integrates into the existing infrastructure?

That IS what you're saying.


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
to re-interate observations regarding public keys involved in any trusted and reliable DNS

certificates tend to provide binding of some information to public key by trusted third parties that can be used by relying parties (when the information isn't otherwise directly &/or immediately available in a trusted form).

SSL certificates & operations typically involve DNS hostname information

There are proposals and/or work on reliable & trusted DNS for the internet ... part of which would involve public keys.

a reliable and trusted DNS with public keys doesn't create a new authentication infrastructure for the internet and/or obsolute SSL.

a reliable and trusted DNS with public keys would appear to make SSL certificates from trusted third parties (involving DNS hostname information) redundant and superfluous. SSL could make use of the trusted & reliable DNS information directly (including public keys) w/o having to first have it pass thru a trusted third party and turned into trusted third party certificates.

Bill_Poletti@xxxxxxxx on 06/07/2000 04:45:41 PM
So what you are saying is that even though this proposed method does not exist today, its not precluded. So, your idea to IS change the entire infrastructure to support this idea rather than come up with a method of authentication that integrates into the existing infrastructure?

That IS what you're saying.


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
there is nothing in the SSL protocol that says that it is a merchant certificate or a credit card certificate. A DNS hostname SSL certificate issued by any Certificate Authority in a browswers list of CA public keys will satisfactorily create a SSL connection (and turn on the padlock).

a merchant certification to a higher standard level (as mentioned in a previous post) might be contrived by having browsers eliminate all CA private keys in their acceptable list ... and then the end-user only activates CA private keys that have associated CPS that conform to the higher credit card merchant certification program. this is similar to the CERT advisory (in the original post of this thread) that suggests the end user examine the content of every supplied certificate.

the other possibility is having some other protocol or process ... besides SSL perform additional authentication operations associated with the certification ... to achieve some higher level of authentication that straight DNS hostname information. That process might be doing something with a SSL certificate based on (out-of-band) knowledge associated with the CPS of the issuing certification authority.

I wouldn't consider that additional process to be the existing SSL DNS hostname information related authentication. A trusted & reliable DNS infrastructure would still make the existing SSL DNS hostname information authenticated process redundant and superfluous.

Some other (non-SSL) authentication process based on unique attributes of the issuing CA (for instance possibly out-of-band knowledge of the issuing CA's CPS) having little or nothing to do with trusted and reliable DNS information is surely possible. Such a process (say as part of a credit card transaction) wouldn't even need to perform a DNS hostname validation ... it would only need to validate that it is a (possibly generic) merchant credit card transaction certificate ... and the public key, does in fact, validate information supplied by the merchant (and actually conforms to specific standards associated with merchant credit card process ... independent of anything to do with valid DNS hostname information). Such a process need have nothing to do with valid SSL operation and/or valid DNS hostname information validation.

Eric Murray on 06/07/2000 07:25:09 PM
I don't think so.

Authenticated DNS authenticates the mapping between IP address and name. SSL certificates authenticate that an entity is part of one trusted cert hierarchy, presumeably trusted enough to participate in SSL connections. For the typical credit-card over SSL case, that SSL cert is really certifying the server as a reputable merchant. That's a much higher level of certification than just name to IP addr.

I agree that authenticated DNS will make SSL certs better though.

-- Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5


Merchant Comfort Certificates

Refed: **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
... standard DNS typically provides mapping between hostname and other information ... not stricly limited to single ip-address. trusted & reliable DNS easily provides authenticated mapping between hostname and whatever DNS information has available for trusted and reliable operation. trusted & reliable DNS operating with public keys as part of its trusted & reliable operations ... makes any information available that is part of its trusted & reliable operation ... including public keys.

... trusted third parties manufactur SSL certificates that provide binding between hostname & public key. SSL protocol validates that hostname information.

for existing browsers to enforce some other standard of authentication & integrity as part of the SSL operation ... there has to be some sort of out-of-band convention as to what are acceptable certificates to the browsers ... based on something other than matching of DNS hostname information and valid public key operations. the other test that a browser makes in connection with SSL operation and SSL certificates is whether the issuing certificate authority is in the browswer acceptable certification authority list.

higher standard merchant certificates can be contrived with electronic commerce browsers that only contain "merchant certifying" CA public keys in the browsers acceptable certification authority list. These would still only explicitly bind DNS hostname information to public keys ... but there would be hidden, implicit binding of other information (not explicit in the certificate) as to the practices and policies followed by these merchant certifying CAs (aka the information that they are certifying has little or nothing to do with the information in the certificate).

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
my (netscape) browser as delivered has the following "acceptable" signers (see appended list).

In principle any DNS hostname information SSL certificate issued by any certiciation authority in the attached list will be acceptable by my browswer for creation of a SSL "locked" session w/o raising any issue or alarm.

In practice, in the current environment there seems to be little or no practice for SSL certificates to be anything but DNS hostname validated information.

In principle, everybody could be ask to delete all the Certification Authorities in their browsers signing list ... and then only add back in certification authorities that are guaranteed to follow some certification practice policy that meets some "higher" (possibly merchant practices) standard for the issuing of certificates ... haivng little or nothing to do with the validating & binding of DNS hostname information.

==================================================================

current browser certificate "signing" list
American Express Global CA
BBN Certificate Services CA Root 1
BelSign Class 1 CA
BelSign Class 2 CA
BelSign Class 3 CA
BelSign Object Pbulishing CA
BelSign Secure Server CA
Canada Post Corporation CA
CertiSIgn BR
Deutsche Telekom AG Root CA
Digital SIgnature Trust Co. Global CA 1
thru
Digital Signature Trust Co. Globa. CA 4
E-Certify COmmerce ID
E-Certify Internet ID
Entrust Worldwide by DST
Entrust.net Premium 2048 Secure Server CA
Entrust.net Secure Personal CA
Entrust.net Secure Server CA
Equifax Premium CA
Equifax Secure CA
GTE CyberTrust Global Root
GTE CyberTrust Japan Root CA
GTE CyberTrust Japan Secure Server CA
GTE CyberTrust Root 2
thru
GTE CyberTrust Root 5
GTE CyberTrust Root CA
GTE CyberTrust Secure Server CA
GTIS/PWGSC, Canada Gov. Secure CA
GTIS/PWGSC, Canada Gov. Web CA
GlobalSign Class 1 CA
GlobalSign Partners CA
GlobalSign Primary Class 1 CA
GlobalSign Primary Class 2 CA
GlobalSign Primary Class 3 CA
GLobalSign Root CA
IBM World Registry CA
Integrion CA
KEYWITNESS, Canada CA
MCI Mail CA
National Retail Federaion by DST
TC TrustCenter, Germany, Class 0 CA
thru
TC TrustCenter, Germany, Class 4 CA
Thawte Peronal Basic CA
Thawte Personal Freemail CA
Thawte Personal Premium CA
Thawte Premium Sever CA
Thawte Serrver CA
Thawte Server CA
Thawte Universal CA Root
UPS Document Exchange by DST
United States Postal Service CA
Uptime Group Plc. Class 1 CA
thru
Uptime Group PlC, Class 4 CA
ValiCert Class 1 VA
  thru
ValiCert Class 3 VA
Verisign Class 1 CA - Individual Subscriber - VeriSign, Inc
VeriSign Class 1 Primary CA
thru
VeriSign Class 4 Primary CA
VeriSign Class 1 Public Primary Certification Authority - G2
thru
VeriSign Class 4 Public Primary Certification Authority - G2
VeriSign Class 1 Public Primary Certification Authority - G3
thru
VeriSign Class 4 Public Primary Certification Authority - G3
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA


===================================================

Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
from a slightly different standpoint

=============================================================

from TLS RFC226

This document and the TLS protocol itself are based on the SSL 3.0 Protocol Specification as published by Netscape. The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to SSL 3.0). This document is intended primarily for readers who will be implementing the protocol and those doing cryptographic analysis of it. The specification has been written with this in mind, and it is intended to reflect the needs of those two groups. For that reason, many of the algorithm-dependent data structures and rules are included in the body of the text (as opposed to in an appendix), providing easier access to them.


==============================================================

The observation is that proposed incremental enhancements (including the use of public keys) to create a reliable and trusted DNS can be leveraged by TLS (and SSL) to achieve the protocol implementation ... making the use of DNS hostname certificates redundant and superfluous (they could still be used ... they would just be redundant and superfluous for this purpose).

That such a reliable and trusted DNS would be providing the necessary information directly & in real time , making it redundant and superfluous for a trusted third party to also provide a service which certifies and binds the same DNS hostanme related information in a manufactured certificate (it could still do so, it would just be redundant and superfluous).

==============================================================

from TLS RFC2246

The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (e.g., TCP[TCP]), is the TLS Record Protocol. The TLS Record Protocol provides connection security that has two basic properties:

- The connection is private. Symmetric cryptography is used for data encryption (e.g., DES [DES], RC4 [RC4], etc.) The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol (such as the TLS Handshake Protocol). The Record Protocol can also be used without encryption.

- The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations. The Record Protocol can operate without a MAC, but is generally only used in this mode while another protocol is using the Record Protocol as a transport for negotiating security parameters.


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
note as mentioned before manufactured certificates are certified copies of original information ... that is provided mostly for infrastructures that have no access to the original, online information. these manufactured certificates do have the attributed that they lay around and can get stale with respect to the original copies of the information that they certify.

in order to help with the problem of cleaning up stale, static certificates that have been laying around with stale, static information for a long time, most certificates have some sort of expiration date (chosen in the hopes that the information being certified isn't getting stale faster than the certificates expire date).

if my browser receives a certificate signed by any (non-expired) public key in the browser's signing list ... it will be accepted as a valid binding between the certified DNS hostname information and the supplied public key. The SSL code then will verify that the certified DNS hostname information (from the certificate) is in some way related to the DNS hostname used to setup the current session.

DNS currently has the ability for registering one or more ip-address for a hostname, room numbers, address, latitude/longitude, phone numbers, etc ... and supplying that information in conjunction with the hostname.

As part of proposals for reliable and trusted DNS, public keys would be added to that information (along with public key operations).

DNS does has the advantage of being an online information distribution paradigm (as opposed to the offline, stale, static information copy paradigm used by certificates) and the online operation is being used as part of setting up an SSL session.

The observation then is ... whether the original online DNS information from a reliable and trusted DNS operation that is being performed as part of setting up online Internet sessions ... might be better than stale DNS information from a manufactured certificate that has been certified sometime in the past by some trusted third party (for the moment ignoring custom, closed environment where conventions have been set-up that the stale, static manufactured certificate really represents implicit certification of attributes other than those specified in an SSL DNS hostname certificate ... implicit certification conventions which may or may not be supported by all the CAs currently in my browswer's acceptable signers list)

Netscape actually supports: SSL/network session, e-mail, and software apps. The valid signing list are qualified as to network stie (aka DNS hostname information) certification, email address certification, and software develpment certification. As part of the SSL session setup, a "network site" certified certificate would presumably be signed by an acceptable certification authority qualified for certifying network stie information.

For email operation & verifying email addresses, the signer's certification would have to be valid for email address.

For loading software applets, the signer's certification would have to be valid for software development.

Some of the certification authorities in the valid signer's list are authorized for all three (network site certification, email address certification, & software development certification).

attached is some additional information on the entries in my browsers valid signers list: (expired certificates are marked with a "minus").
ABAecom (sub, Am. Bankers Assn) Root CA
ANX Network CA by DST
- AT&T Certificate Services
AT&T Directory Services
  American Express CA
American Express Global CA
- BBN Certificate Services CA Root 1
- BelSign Class 1 CA
- BelSign Class 2 CA
- BelSign Class 3 CA
  BelSign Object Pbulishing CA
(two certificates, one 97-98, the other 97-2007)
BelSign Secure Server CA
(two certificates, one 97-98, the other 97-2007)
  Canada Post Corporation CA
- CertiSIgn BR
  Deutsche Telekom AG Root CA
Digital SIgnature Trust Co. Global CA 1
thru
Digital Signature Trust Co. Globa. CA 4
  E-Certify COmmerce ID
E-Certify Internet ID
  Entrust Worldwide by DST
Entrust.net Premium 2048 Secure Server CA
Entrust.net Secure Personal CA
Entrust.net Secure Server CA
  Equifax Premium CA
Equifax Secure CA
  GTE CyberTrust Global Root
GTE CyberTrust Japan Root CA
GTE CyberTrust Japan Secure Server CA
GTE CyberTrust Root 2
    thru
GTE CyberTrust Root 5
  GTE CyberTrust Root CA
two certificates (96-99 and 96-2006)
- GTE CyberTrust Secure Server CA
GTIS/PWGSC, Canada Gov. Secure CA
  GTIS/PWGSC, Canada Gov. Web CA
GlobalSign Class 1 CA
  GlobalSign Partners CA
(two certificates, 99-2009, 98-2013)
GlobalSign Primary Class 1 CA
GlobalSign Primary Class 2 CA
  GlobalSign Primary Class 3 CA
GLobalSign Root CA
  IBM World Registry CA
Integrion CA
- KEYWITNESS, Canada CA
- MCI Mail CA
  National Retail Federaion by DST
TC TrustCenter, Germany, Class 0 CA
    thru
TC TrustCenter, Germany, Class 4 CA
Thawte Peronal Basic CA
Thawte Personal Freemail CA
  Thawte Personal Premium CA
Thawte Premium Sever CA
  Thawte Serrver CA
Thawte Server CA
Thawte Universal CA Root
UPS Document Exchange by DST
- United States Postal Service CA
Uptime Group Plc. Class 1 CA
    thru
Uptime Group PlC, Class 4 CA
ValiCert Class 1 VA
thru
  ValiCert Class 3 VA
- Verisign Class 1 CA - Individual Subscriber - VeriSign, Inc
  VeriSign Class 1 Primary CA
(three certificates, 96-99, 96-2020, 96-2028)
VeriSign Class 2 Primary Ca
(three certificates, 96-99, 96-2004, 96-2028)
  VeriSign Class 3 Primary Ca
(three certificates, 96-99, 96-2004, 96-2028)
- VeriSign Class 4 Primary CA
VeriSign Class 1 Public Primary Certification Authority - G2
thru
VeriSign Class 4 Public Primary Certification Authority - G2
  VeriSign Class 1 Public Primary Certification Authority - G3
thru
  VeriSign Class 4 Public Primary Certification Authority - G3
- Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA
(two certificates, 94-99, 94-2010)


Merchant Comfort Certificates

Refed: **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Merchant Comfort Certificates
... also some misc. other information regarding DNS.

For ip-address associated with the hostname ... the records are "address" or a-records.

nominal tcp/ip programming examples (whether for straight tcp session or an SSL over TCP session) ... the browser effectively calls DNS with the hostname and gets back the DNS A-record data. it then uses the data from the a-roecord (i.e. ip-address) to contact the desired host.

there are lots of other types of records that DNS can return (as mentioned previously).

DNS also has supports multiple a-records per hostname ... and if there are more than one, actually returns the whole list of all a-records.

as part of helping get all this browser and webserver started for doing things like credit card transactions ... i got the netscape server people to support multiple DNS "A-records" as part of the (tcp/ssl) connection sequence when the merchant server is contacting a payment gateway.

A simple configuration has a tcp/ip host attached to the internet via a single ip address. However, for availability and/or thruput reasons, a host may actually have multiple independent connections to the internet ... each with their own unique ip address. In a multiple A-record scenerio, if there is a connection failure for the first ip-address in a A-record list, then the code is suppose to retry connections for the other addresses in the list (until succesful).

As mentioned earlier, I was easily succesful in getting the Netscape merchant server people to implement multiple A-record support when they were putting in the original electronic commerce support (which happened to be SSL thru a TCP connection).

The short-coming was that it took me over a year to get the Netscape browser people to implement multiple DNS A-record support (just like a payment gateway might wish to improve availability and thruput with multiple internet attachments, some of the larger merchant servers also have an interest in improving availability and thruput with multiple internet attaches).

The "initial" response from the netscape browser people was that multiple DNS A-record support was too advanced (this is independent of whether a standard HTTP TCP session is being initiated or a HTTPS/SSL TCP sessions is being initiated). They were just taking the first A-record off the list ... and if the connection failed they initially gave up.

I was even able to pull examples of multiple A-record support out of old archived TCP source libraries (for things like telnet, ftp, etc clients). My only thot was that multiple A-record support examples didn't show up in the standard TCP college text books.

misc. refs:

http://www.garlic.com/~lynn/99.html#16
http://www.garlic.com/~lynn/99.html#158
http://www.garlic.com/~lynn/99.html#159
http://www.garlic.com/~lynn/99.html#164
http://www.garlic.com/~lynn/aadsmore.htm#dctriv

misc. other DNS

Refed: **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: misc. other DNS
The original Netscape e-store was connected to the internet via the netscape corporate T3 link ... into the sprint hierarchy (netscape had a backup T1 link). The original pilot payment gateway was a pair of clustered machines with a pair of firewalls, one firewall went into the uunet hierarchy ... and the other an internet service provided by a company called pagesat.

pagesat had co-lo facility at the MCI hayward location ... 48volt equipment, etc, i had done some work with pagesat earlier ... they offered a usenet satellite feed to a 2' R/O dish, i had got it working (modifying a generic driver to work on both unix and DOS) and co-authored an article on the implementation that appeared in Boardwatch mag. ... misc. ref:

http://www.garlic.com/~lynn/2000.html#38

In any case, one number that might be of interest ... was the average payment authorization round-trip time ... from the Netscape e-store, thru the internet (tracert showed eight router hops from netscape e-store, up thru sprint hiearchby down thru mci or uunet hierarchy to the payment gateway), thru the payment gateway, to merchant acquiring, to issueing authorization credit card transaction ... and back thru the infrastructure to the Netscape e-store ... of under .35 seconds. Of course, there was sporadic internet congestion which could drive specific elapsed round-trip time up.

One of the issues with internet technology is very little of it is telco provisioned and (at least in the early & mid 90s) it was common for ISPs to take equipment (aka routers) offline on sunday for service. one of the large internet merchants using the service did a lot of e-commerce related to sporting events and advertised on sunday afternoon football games (when they would get a lot of traffic). This particular merchant started out only having a single internet connection into a single internet service provider ... which would commonly take their router out of service about one sunday a month during the merchant's prime time usage. It was eventually realized that they needed at least two internet attachments going to two different internet service providers (and the two different internet service providers needed to have totally different equipment servicing patterns).

However, having multiple connections to different ISPs ... with multiple addresses/a-records mapping to the same hostname ... wouldn't do a lot of good ... if the browsers didn't have multiple A-record support.

The payment gateway did have a weekend outage. It turned out the replicated telco links (to different ISPs) ... at one point were both going thru the same conduit ... and one weekend the telephone company took the conduit out to reroute it around some railroad construction.

for list of DNS related RFC ... go to

http://www.garlic.com/~lynn/rfcietff.htm

select Term (term->RFC#)

& then select

DNS from list of acronyms.

... some archived multiple a-record support

from "tn" in module commands.c (dated Oct, 11, 1988) in directory tahoe43/telnet/source (i.e. part of telnet client from bsd tahoe 4.3 distribution) ... example of trying all ip-addresses in a-record list until succesful connection (or end of list).
    printf("Trying...\n");
do {
net = socket(AF_INET, SOCK_STREAM, 0);
if (net < 0) {
         perror("telnet: socket");
return 0;
     }
if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
perror("setsockopt (SO_DEBUG)");
}

if (connect(net, (struct sockaddr *)&sin, sizeof (sin)) < 0) {
#if  defined(h_addr)          /* In 4.3, this is a #define */
if (host && host->h_addr_list[1]) {
int oerrno = errno;
extern char *inet_ntoa();

fprintf(stderr, "telnet: connect to address %s: ",
                              inet_ntoa(sin.sin_addr));
errno = oerrno;
perror((char *)0);
host->h_addr_list++;
          memcpy((caddr_t)&sin.sin_addr,
host->h_addr_list[0], host->h_length);
          fprintf(stderr, "Trying %s...\n",
inet_ntoa(sin.sin_addr));
(void) NetClose(net);
continue;
         }
#endif    /* defined(h_addr) */
         perror("telnet: Unable to connect to remote host");
return 0;
}
connected++;
    } while (connected == 0);

}


another view of certificates

From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: another view of certificates
for another view of certificates

http://www.DGA.co.uk/customer/publicdo.nsf/public/WP-HERESY

Domain Name integrity problem

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: Domain Name integrity problem
reference regarding maintaining integrity of domain name infrastructure, hijecting reference in attached even affect RSA.


http://news.cnet.com/news/0-1003-200-2093731.html?tag=st.ne.1002.thed.ni

By Stephen Shankland
Staff Writer, CNET News.com
June 16, 2000, 5:25 p.m. PT

Register.com, the second-largest domain name registrar, has acknowledged a security problem that could have allowed people to hijack others' Web sites.

The problem allowed unauthorized access to the security software Register.com and its business partners use to manage Internet site information, such as a customer's contact information or the numerical address associated with a domain name. Spokeswoman Shonna Keogan said the security vulnerability was fixed today.

The security hole could have allowed someone to hijack any Web site that had been registered through Register.com, said Dan Nijs, a Register.com customer. Nijs, a Web site administrator, discovered the security hole.

Hijacking, in which visitors to a Web site are redirected to another of an attacker's choosing, has plagued sites such as Internet.com and RSA Security.

"We're really glad we were able to find out about the hole before any serious damage was done to anybody's domain information," Keogan said.

Nijs found to his dismay this week that he could get access to this privileged software just by copying a Web site out of records that catalog who visits a site. The information was contained in standard "refer" logs that record previously browsed Web addresses. One entry in the log was for Register.com's Web-based administration tool, Nijs said, which came complete with authentication information, or the equivalent of a password.

"If I was the only one who knew about it, it would be no problem," Nijs said. But the vulnerability isn't that hard to take advantage of, he added. "Anyone who knew about this could have shut down a million Web sites."

Nijs found he could get access to Register.com's own domain name information. He said that he also successfully changed his own Internet site's information.

Register.com has registered about 1.5 million Internet addresses; the largest Net name registrar is Network Solutions.

Elias Levy, a security expert who runs the Bugtraq mailing list where Nijs described the problem today, said the bug was a result of sloppy programming on Register.com's part. "They didn't take the security aspect of refers into account," he said.

But Register.com isn't the first to suffer from the dangerous combination of refers and Web-based services that record authentication information in their Web addresses. Web-based email providers also have suffered from overly descriptive Web addresses that allow unauthorized access.

Nijs said a more devious but difficult exploitation of the Register.com vulnerability could have allowed a person to change email routing information. By doing so, a person could intercept all the email a company received, gather information, and then forward the emails to the company. This would make it harder for the company to know someone was snooping around their communications.

Domain Name integrity problem

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Domain Name integrity problem
Note that nominally where somebody applies to a certification authority for a network/SSL domain name certificate ... one would expect that the certification authority would contact the Domain Name authority to validate the Domain name information. That creates an integrity dependancy on the Domain Name infrastructure for network/SSL certificates (i.e. hijack a domain name at the Domain Name authority, and then apply for a certificate ... relative confident that a network/SSL certificate would be issued for that hijacked domain name)

As postulated in prior message, improving the integrity of the domain name infrastructure with public keys ... also makes it possible for the domain name infrastructure to reliably distribute such public keys ... which in turn, makes network/SSL domain name certificates redundant and superfluous.

As the subject of the news article indicates, another statement might be made concerning if the integrity of the Domain Name infrastructure is not improved ... could result in compromises in network/SSL domain name certificates; lack of such integrity could lead to hijacking a domain name at a Domain Name authority ... and under the assumption that a certification authority might rely on the Domain Name authority for validating the information in a request for a network/SSL domain name certificate ... then a certificate could be issued based on hijacked information.

BCP 40, RFC 2870 on Root Name Server Operational Requirements

From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: BCP 40, RFC 2870 on Root Name Server Operational Requirements

fyi ...

Subject: BCP 40, RFC 2870 on Root Name Server Operational Requirements
Date: Wed, 21 Jun 2000 08:59:23 -0700
From: RFC Editor <rfc-ed@xxxxxxxx>

A new Request for Comments is now available in online RFC libraries.
BCP 40
        RFC 2870

Title:     Root Name Server Operational Requirements
Author(s):  R. Bush, D. Karrenberg, M. Kosters, R. Plzak
        Status:     Best Current Practice
Date:       June 2000
        Mailbox:    randy@xxxxxxxx, daniel.karrenberg@xxxxxxxx,
markk@xxxxxxxx, plzakr@xxxxxxxx
Pages:      10
Characters: 21133
        Obsoletes:  2010

        I-D Tag:    draft-ietf-dnsop-root-opreq-05.txt

URL:        ftp://ftp.isi.edu/in-notes/rfc2870.txt
As the internet becomes increasingly critical to the world's social and economic infrastructure, attention has rightly focused on the correct, safe, reliable, and secure operation of the internet infrastructure itself. The root domain name servers are seen as a crucial part of that technical infrastructure. The primary focus of this document is to provide guidelines for operation of the root name servers. Other major zone server operators (gTLDs, ccTLDs, major zones) may also find it useful. These guidelines are intended to meet the perceived societal needs without overly prescribing technical details.

Visa Delicately Gives Hook to SET Standard

Refed: **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: Visa Delicately Gives Hook to SET Standard
Visa Delicately Gives Hook to SET Standard
Wednesday, June 21, 2000
By Jennifer Kingson Bloom

Amid the hubbub of the Visa-MasterCard antitrust trial, the world paid little or no attention to the fact that Visa on Monday officially gave up trying to implement SET, the Secure Electronic Transaction specification for Internet payments, in the United States.

......

see American Banker for rest of article

Visa Delicately Gives Hook to SET Standard

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: Visa Delicately Gives Hook to SET Standard
one way of looking at a transaction involving a number of distributed components is a set of serialized sequential steps with some location acting as a synchronization point or distributed (some of this has been more thoroughly investigated in distributed database arena)..

Since the earliest days of X9.59-related activity (with mapping to 8583 transactions, some of this going back nearly five years) there is a sequence of sequential steps with the issuing bank acting as the "sync" point where both authentication & authorization of the payment is performed by the same business entity at one point. As has been discussed before ... separation of the business responsibilities for authentication & authorization creates gap where fraud & failures can creep in. The wider the separation between authentication & authorization ... the wider gap, the larger the fraud & failure opportunity.

The other scenario for distributed transactions involves things like two-phase commit ... effectively some trusted sync. point where possibly one bank does a debit and another bank does a credit and two-phase commit guarantees the appearance of an atomic operation (both credit&debit either occurs or neither occurs). The sequential process can usually be shown to have the lowest fraud and failure modes ... but there are situations (like different banks possibly needing atomic credit and corresponding debit).

random refs:

http://www.garlic.com/~lynn/aadsmail.htm#mfraud
http://www.garlic.com/~lynn/aepay2.htm#cadis
http://www.garlic.com/~lynn/aadsm3.htm#cstech6
http://www.garlic.com/~lynn/aadsm3.htm#cstech7
http://www.garlic.com/~lynn/aadsm3.htm#kiss10
http://www.garlic.com/~lynn/8583flow.htm
http://www.tpc.org/faq_TPCD.html#anchor1139088
http://www.tpc.org/articles/HA.html
http://www.subrahmanyam.com/articles/transactions/NutsAndBoltsOfTP.html
http://cryptome.org/iwdmain.htm
http://www.sei.cmu.edu/str/descriptions/dtpc.html
http://www.glue.umd.edu/~pwalczak/introduction_to_survivable_syste.htm
Anders Rundgren on 07/02/2000 03:13:56 PM
Original SET was a bad idea
New EU-SET will prosper as it can use current Interner-banking authentication
systems instead of requiring local SET certificates/keys and SW.


http://www.visa.de/df/presse/pressetexte/000619_001.htm Is that he HOOK you refer to? Apparently the new SET system speaks German, but I guess I can live with that :-) Anders Lynn.Wheeler@xxxxxxxx <Lynn.Wheeler@xxxxxxxx> >Visa Delicately Gives Hook to SET Standard >Wednesday, June 21, 2000 >By Jennifer Kingson Bloom > >Amid the hubbub of the Visa-MasterCard antitrust trial, the world paid >little or no attention to the fact that Visa on Monday officially gave up >trying to implement SET, the Secure Electronic Transaction specification >for Internet payments, in the United States. > >...... > >see American Banker for rest of article


LB#12 Protection Profiles

Refed: **, - **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: LB#12 Protection Profilesre:
... possible of some interest to the x9a10 mailing list also (originally distributed in a x9f group) ...
==================================================

Please find attached the FDR comments returned with their Affirmative ballot response on the NWI for the Protection Profile. We will need to consider their comments in our Protection Profile discussion at next week's meeting in Dallas.
Rick) Richard P. Kastner
Ernst & Young LLP, Security & Technology Solutions
Office: (925) 930-2736   Fax: (925) 977-2996 Pager: (800) 393-4497

-- Forwarded by Richard P. Kastner/NWPacific/AUDIT/EYLLP/US on 07/13/2000 04:31 PM

To: Richard P. Kastner/NWPacific/AUDIT/EYLLP/US@xxxxxxxx
Subject: Re[2]: CLOSED X9/00 - LB #12 , NWI, Protection Profiles for
First Data previously cast a "yes" vote on LB#12 with the following comment:

We would prefer to see the protection profile broken into their independent component business operations and not be totally certificate-centric.

There are some number of other operations where certificates can provide a preliminary sense of trust comfort if there is no other mechanisms available.

For the most part, certificates are stale, static copies of a subset of information normally found in financial account records. They are redundant and superfluous for business transactions that require access to account records.

The financial industry would be better served by protection profiles for their (account-based) financial operations than they would by protection profiles for independent operations that have little or nothing to do with financial transactions.

Ideally the current protection profile proposal could be restructured so that it focused on digital signed transactions, the integrity of recording public keys, the environment that public and private keys operated in, etc. The issue then of whether or not certificates would also be issued within such an infrastructure would become almost incidental.

Note that smartcard specific protection profile has recently gone out on the nist site. Also that spyrus is sponsoring a common criteria and protection profile tutorial at X9F5 meeting on the 17th in Reston. Lynn Wheeler of First Data Corp has some of the related protection profile information available on his web site (garlic.com) where he merged the glossaries from the orange book, common criteria 0.9, common criteria 1.0, common criteria 2.0, NIAP, FIPS and several other sources.


RFC 2807 published today XML Signature Requirements

From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: RFC 2807 published today XML Signature Requirements
A new Request for Comments is now available in online RFC libraries.
RFC 2807

Title:      XML Signature Requirements
Author(s):  J. Reagle
Status:     Informational
Date:       July 2000
Mailbox:    reagle@xxxxxxxx
Pages:      9
Characters: 21973
Updates/Obsoletes/SeeAlso: None

I-D Tag:    draft-ietf-xmldsig-requirements-03.txt

URL:        ftp://ftp.isi.edu/in-notes/rfc2807.txt
This document lists the design principles, scope, and requirements for the XML Digital Signature specification. It includes requirements as they relate to the signature syntax, data model, format, cryptographic processing, and external requirements and coordination.

RFC 2807 published today XML Signature Requirements

Refed: **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: RFC 2807 published today XML Signature Requirements
fyi ..

-- Forwarded by Lynn Wheeler on 07/15/2000 10:38AM ---

Lynn.Wheeler@xxxxxxxx on 07/15/2000 09:50:44 AM

Please respond to Digital Signature discussion

To: DIGSIG@xxxxxxxx
Subject: Re: RFC 2807 published today XML Signature Requirements

while 2807 is currently a "Informational" RFC ... there recently also was a series of RADIUS rfcs (both informational and proposed standard). While nothing in the documents specificantly address digital signature authentication and authoritzation ... in the past, AADS RADIUS implementations have been implemented and demonstrated.

The recent series are RFC 2865, 2866, 2867, 2868, and 2869 The RADIUS HMAC-MD5 message authentication is one place that digital signature could be piggy-backed.

While RADIUS was originally deployed for modem pool routers to authenticate and authorize dial-up connections ... it has seen deployment in other authenticate/authorize scenerios like webserver session authenticate & authorize and even configured connections (leased line, DSL, etc)

some of the RADIUS RFC abstracts

This document describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server.

The RADIUS (Remote Authentication Dial In User Service) document [2] specifies the RADIUS protocol used for Authentication and Authorization. This memo extends the use of the RADIUS protocol to cover delivery of accounting information from the Network Access Server (NAS) to a RADIUS accounting server.


RFC 2807 published today XML Signature Requirements

Refed: **, - **, - **
From: Lynn Wheeler
To: ansi-epay@xxxxxxxx
Subject: re: RFC 2807 published today XML Signature Requirements
... fyi

-- Forwarded by Lynn Wheeler on 07/15/2000 10:38AM -----

"Winchel 'Todd' Vincent, III" on 07/15/2000 10:15:16 AM

Please respond to Digital Signature discussion

To: DIGSIG@xxxxxxxx
Subject: Re: RFC 2807 published today XML Signature Requirements

Lynn:
while 2807 is currently a "Informational" RFC ... there recently also was a series of RADIUS rfcs (both informational and proposed standard).

2807 is "informational" because it is the XML-Signature "requirements" document.

The XML Signature group is a joint IETF/W3C activity. I'm not familiar with the IETF RFC numbers, as I've been looking at the W3C versions.

Importantly, the XML-Signatures "specification" is not informational and is in "last call" as is the canonical XML specification. See

http://www.w3.org/Signature/ (generally)

http://www.w3.org/TR/2000/WD-xmldsig-core-20000711/ (XML-Signatures)

http://www.w3.org/TR/2000/WD-xml-c14n-20000710 (Canonical XML)

These are pretty important specifications, because this is what is going to be implemented in software. These specifications have wide-spread industry support.
The recent series are RFC 2865, 2866, 2867, 2868, and 2869 The RADIUS HMAC-MD5 message authentication is one place that digital signature could be piggy-backed.

I'm not familiar with these RFCs. Thank you very much for pointing them out.

Todd

VISA 3D-SSL

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Lynn Wheeler
Date: 08/24/2000 07:38 AM
To: Anders Rundgren <anders.rundgren@xxxxxxxx>
cc: craigellison@xxxxxxxx, SET-List <set-discuss@xxxxxxxx>,
ansi-epay@xxxxxxxx
Subject: Re: VISA 3D-SSL
your probably saw it ... but there was a discussion on SSL server-side certificates recently in the ietf-pkix mailing list .... similar to previous SSL certificates ansi-epay discussion and whether or not certification authorities relied on DNS for authoritative information in the SSL certificates ... and if there was any dependancy on a trusted DNS infrastructure. The ietf-pkix discussion somewhat started out with the question of whether or not client-side CRL checking of server SSL certificates added any net value.

misc. refs:

http://www.garlic.com/~lynn/aadsmore.htm#client1
http://www.garlic.com/~lynn/aadsmore.htm#client2

part of the previous (ansi-epay) discussion is at

http://www.garlic.com/~lynn/aepay4.htm

&/or


http://lists.commerce.net/archives/ansi-epay/200006/maillist.html

ansi-epay archive at


http://lists.commerce.net/archives/ansi-epay/

ietf-pkix archive at:

http://www.imc.org/ietf-pkix/mail-archive/

Anders Rundgren on 08/15/2000 11:28:34 AM

Craig,

I have (through an undsclosed source) received a PowerPoint of 3D SSL so there exists documentation that should be simple to announce here in this list.

It looks pretty good although the details are very scetchy.

It is defintely the end of fat-client SET and there is no turning back once this infrastructure is in place.

Regards
Anders Rundgren
Senior Internet e-commece Architect


x959 Postings and Posting Index, next, previous - home