Jeff Williams | 1 Jul 12:19 2005
Picon

Re: Fwd: Notification re UTR #36, Security Issues

Ben and all,

  It may be advisable that the FTC and other EU equivalents should be
notified of this so as to get at least a warning more broadly decimated...

Ben Laurie wrote:

> Paul Hoffman wrote:
> >> Due to computer security issues, a set of guidelines is being
> >> drafted that can impact the use of future International Domain
> >> Names (i.e., http://m¸ller.de/ ) and identifiers. The computer
> >> security issues that have arisen involve spoofing of letters or
> >> numbers (e.g., in a recent case, unsuspecting users were sending
> >> credit card information to "PayPal.com" which was spelled with a
> >> capital "I" in place of lowercase "L", because the two are not
> >> visibly distinct in some fonts). Similarly Cyrillic or Greek
> >> letters could be used in lieu of similar looking Latin letters in
> >> domain names.
>
> I'd note that this first issue is _not_ an IDN issue, but applies to
> traditional domain names. This would appear to have rather serious
> impact on the DNS, if we decide to take this report seriously (I'm
> assuming it includes recommendations that related to I vs. l, since I
> have not been able to actually reach the site since I saw this post).
>
> Of course, what this is really pointing to is what we all surely know:
> the domain name is a really stupid place to base trust. Is there any
> interest in fixing this fundamental issue?
>
> Cheers,
(Continue reading)

james hughes | 9 Jul 00:28 2005

3rd International IEEE Security in Storage Workshop

3rd International IEEE Security in Storage Workshop
December 13, 2005
Golden Gate Holiday Inn, San Francisco, California USA

Sponsored by the IEEE Computer Society
Task Force on Information Assurance (TFIA)
Part of the IEEE Information Assurance Activities (IEEEIA)

Held In Cooperation and Co-Located With the
4th USENIX Conference on File and Storage Technologies (FAST05)
December 14-16, 2005, San Francisco, CA, USA

In Cooperation with the
IEEE Mass Storage Systems Technical Committee (MSSTC)

Description

Meeting the challenge to protect stored information critical to  
individuals, corporations, and governments is made more difficult by  
the continually changing uses of storage and the exposure of storage  
media to adverse conditions.

Example uses include employment of large shared storage systems for  
cost reduction and, for convenience, wide use of transiently- 
connected storage devices offering significant capacities and  
manifested in many forms, often embedded in mobile devices.

Protecting intellectual property, privacy, health records, and  
military secrets when media or devices are lost, stolen, or captured  
is critical to information owners.
(Continue reading)

Pekka Savola | 11 Jul 18:35 2005
Picon

Re: I-D ACTION:draft-ietf-v6ops-ipsec-tunnels-00.txt (fwd)

FYI,

Looks from the security and IPsec perspective in particular would be 
welcome, so that we got the details right.

Please send feedback to v6ops <at> ops.ietf.org or to me (acting as the 
editor right now).

Thanks!

---------- Forwarded message ----------
Date: Mon, 11 Jul 2005 19:24:07 +0300 (EEST)
From: Pekka Savola <pekkas <at> netcore.fi>
To: v6ops <at> ops.ietf.org
Subject: Re: I-D ACTION:draft-ietf-v6ops-ipsec-tunnels-00.txt

On Mon, 11 Jul 2005 Internet-Drafts <at> ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the IPv6 Operations Working Group of the IETF.
> 
> 	Title		: Using IPsec to Secure IPv6-in-IPv4 Tunnels
> 	Author(s)	: P. Savola, et al.
> 	Filename	: draft-ietf-v6ops-ipsec-tunnels-00.txt
> 	Pages		: 21
> 	Date		: 2005-7-11
> 
>   This document gives guidance on securing manually configured IPv6-in-
>   IPv4 tunnels using IPsec.  No additional protocol extensions are
>   described beyond those available with the IPsec framework.
(Continue reading)

Masaki SHIMAOKA | 12 Jul 03:38 2005
Picon

Asking to review multi-domain PKI interoperability I-D

Hi all,

Nelson and I are developing a memorandum, as an individual I-D, that
tries to capture the necessary issues for the deployment of multi-domain
PKIs. We would like to ask the SAAG ML to review the I-D as an initial
step towards publishing the I-D as an informational RFC or BCP.

This I-D appears to be out of scope for the PKIX WG because most of the
issues are not technical but operational. However to achieve
interoperability across different PKIs, a consensus of the operational
issues for multi-domain PKIs that should be considered is needed.

This I-D has been developed based on knowledge derived from various PKI
interoperability experiences such as Japanese Government PKI and US
Federal PKI. Therefore, we hope to publish as an informational RFC or
BCP, and when multi-domain PKI interoperability issues crop up the
document can provide some advice and guidance.

Thanks,
-- shima

Masaki SHIMAOKA | 12 Jul 03:41 2005
Picon

Re: Asking to review multi-domain PKI interoperability I-D

Sorry, you can get our I-D from below:
http://www.ietf.org/internet-drafts/draft-shimaoka-multidomain-pki-05.txt

On Tue, 12 Jul 2005 10:38:33 +0900
Masaki SHIMAOKA <shimaoka <at> secom.ne.jp> wrote:

> Hi all,
> 
> Nelson and I are developing a memorandum, as an individual I-D, that
> tries to capture the necessary issues for the deployment of multi-domain
> PKIs. We would like to ask the SAAG ML to review the I-D as an initial
> step towards publishing the I-D as an informational RFC or BCP.
> 
> This I-D appears to be out of scope for the PKIX WG because most of the
> issues are not technical but operational. However to achieve
> interoperability across different PKIs, a consensus of the operational
> issues for multi-domain PKIs that should be considered is needed.
> 
> This I-D has been developed based on knowledge derived from various PKI
> interoperability experiences such as Japanese Government PKI and US
> Federal PKI. Therefore, we hope to publish as an informational RFC or
> BCP, and when multi-domain PKI interoperability issues crop up the
> document can provide some advice and guidance.
> 
> Thanks,
> -- shima

--

-- 
Masaki SHIMAOKA <shimaoka <at> secom.ne.jp>
SECOM IS Lab.
(Continue reading)

Jeff Williams | 12 Jul 09:43 2005
Picon

Re: Re: Asking to review multi-domain PKI interoperability I-D

Masaki and all,

  A couple of questions for now.  I will likely have others later...

  What is the criterion for a definition of "Distinguished Names"
as referred to below?

  Is there any consideration for other interoperability for other
in use and trusted PKI certs that are not X.509 based?

Masaki SHIMAOKA wrote:

> Sorry, you can get our I-D from below:
> http://www.ietf.org/internet-drafts/draft-shimaoka-multidomain-pki-05.txt
>
> On Tue, 12 Jul 2005 10:38:33 +0900
> Masaki SHIMAOKA <shimaoka <at> secom.ne.jp> wrote:
>
> > Hi all,
> >
> > Nelson and I are developing a memorandum, as an individual I-D, that
> > tries to capture the necessary issues for the deployment of multi-domain
> > PKIs. We would like to ask the SAAG ML to review the I-D as an initial
> > step towards publishing the I-D as an informational RFC or BCP.
> >
> > This I-D appears to be out of scope for the PKIX WG because most of the
> > issues are not technical but operational. However to achieve
> > interoperability across different PKIs, a consensus of the operational
> > issues for multi-domain PKIs that should be considered is needed.
> >
(Continue reading)

Masaki SHIMAOKA | 12 Jul 17:43 2005
Picon

Re[2]: Re: Asking to review multi-domain PKI interoperability I-D

Jeff,

Thanks for your interesting.

Basically we focus on only PKI certs based on X.509 and RFC 3280,
because our focused issues are caused by some certificate extensions on
X.509 certs.

That is, 
>   What is the criterion for a definition of "Distinguished Names"
> as referred to below?

We have been working under the assumption of X.509 certificate and DN as
defined in X.509.

And,
>   Is there any consideration for other interoperability for other
> in use and trusted PKI certs that are not X.509 based?
Currently there is no consideration for other PKI certs that are not
X.509 based.
But if we should have considerations for other interoperability issues
with other technology, please show us your concerns.
If necessary, we may have to consider other interoperability with other
PKI certs that are not X.509 based.

Anyway, we must clear way firstly for the interoperability between X.509
based PKIs.

Thanks,
-- shima
(Continue reading)

Jeff Williams | 13 Jul 04:29 2005
Picon

Re: Re: Asking to review multi-domain PKI interoperability I-D

Masaki sama and all,

  The best way for me to respond would be for me to invite you to
view this webcast:
 http://itw.itworld.com/GoNow/a15565a131456a75352868a0
It should give you at least some insight as to bridging the PKI
gap.

Masaki SHIMAOKA wrote:

> Jeff,
>
> Thanks for your interesting.
>
> Basically we focus on only PKI certs based on X.509 and RFC 3280,
> because our focused issues are caused by some certificate extensions on
> X.509 certs.
>
> That is,
> >   What is the criterion for a definition of "Distinguished Names"
> > as referred to below?
>
> We have been working under the assumption of X.509 certificate and DN as
> defined in X.509.
>
> And,
> >   Is there any consideration for other interoperability for other
> > in use and trusted PKI certs that are not X.509 based?
> Currently there is no consideration for other PKI certs that are not
> X.509 based.
(Continue reading)

Masaki SHIMAOKA | 14 Jul 09:44 2005
Picon

Re[2]: Re: Asking to review multi-domain PKI interoperability I-D

Jeff,

Thank you for valuable information from another point of view.

I guess that you probably want to suggest introducing several
technology other than PKI.  I can understand such suggestion.

Of course I know there are many technologies other than PKI in the world. 
And I do not contradict them, we should be able to choose several
technologies.

But, as the same as one of them, PKI also should be improved to enhance
our convenience.  So we propose to make a consensus for multi-domain PKI
interoperability, as PKI engineer.  It is just same as an improvement
for other technologies.

The focus of the I-D is to help PKI engineers trying to implement/deploy
multi-domain PKI.  The I-D should keep to focus on helping PKI engineers,
though I do not contradict other alternative technologies.

Thanks,
-- shima

On Tue, 12 Jul 2005 19:29:06 -0700
Jeff Williams <jwkckid1 <at> ix.netcom.com> wrote:

> Masaki sama and all,
> 
>   The best way for me to respond would be for me to invite you to
> view this webcast:
(Continue reading)


Gmane