IRC log of security-ws on 2006-03-16

Timestamps are in UTC.

02:44:39 [peter]
peter has joined #security-ws
04:37:23 [jose-lap]
jose-lap has joined #security-ws
09:39:56 [herman]
herman has joined #security-ws
09:40:44 [herman]
herman has left #security-ws
11:34:57 [peter]
peter has joined #security-ws
11:59:58 [pecorra_]
pecorra_ has joined #security-ws
12:47:05 [pecorra_]
pecorra_ has joined #security-ws
13:35:02 [beltzner]
morning, y'all
13:36:27 [djweitzner]
djweitzner has joined #security-ws
13:37:31 [Robert_Capps]
Robert_Capps has joined #security-ws
13:37:41 [chaals]
chaals has joined #security-ws
13:37:55 [peter]
peter has joined #security-ws
13:38:08 [chaals]
Meeting: Transparent and Usable Security Workshop
13:38:08 [chaals]
Scribe: Chaals
13:38:15 [chaals]
scribenick: chaals
13:38:26 [chaals]
chair: Thomas Roessler
13:38:42 [chaals]
Topic: story about connection
13:39:29 [chaals]
This room had no power or network. Yesterday they pulled a whole lot of cables up from a lot of floors below. Today Cisco installed a satellite system to provide the networking
13:40:17 [chaals]
It was set up last night in about half an hour (mostly involving taking the things out of the boxes on the roof with the great view)
13:42:14 [beltzner]
800ms ping times; awesome!
13:43:08 [pecorraOffice]
pecorraOffice has joined #security-ws
13:44:51 [beltzner]
[so, I guess I shouldn't pull from trunk, eh?]
13:45:57 [chaals]
[various discussion about the satellite and how it works... ]
13:47:30 [chaals]
Topic: A Confidence Model of Web Browsing - Y!
13:47:45 [chaals]
Prasanta Behera and Naveen Agarwi
13:48:18 [chaals]
PB: we are in login / identity group...
13:48:44 [chaals]
... we are talking about an idea we hav been kicking around for a couple of months. Haven't prototyped it yet - will obviously need work.
13:49:25 [chaals]
slide 1: Problem.
13:49:55 [chaals]
PB: most of this has been discussed. Authentication is just one part - once a user has authenticated the whole interaction needs to be safe.
13:50:04 [chaals]
13:50:06 [plipp]
plipp has joined #security-ws
13:51:04 [chaals]
NA: Main querstion - how does a company with multiple domains assert that they are all the same organisation
13:51:17 [chaals]
PB: SSL-only won't do the job
13:51:30 [chaals]
... pricing, deployment problems
13:52:02 [chaals]
... multiple domains - Yahoo, flickr, ...
13:52:13 [chaals]
Q: Just management, not SSL performance?
13:52:29 [chaals]
NA: Performance is also a problem - makes a big difference in content stuff like flickr
13:53:21 [chaals]
... for banking it is important, but for general browsing it has too big a hit on servers and transfers.
13:53:33 [chaals]
PB: There is a lot of content that doesn't need to be secured.
13:54:13 [chaals]
... there is a model where you can decide on sites you want to trust - put a URI into a list. Kind of works, but you have to select each URI
13:54:22 [chaals]
... only works for HTTPS.
13:54:32 [chaals]
... so not scalable for large deployment case
13:54:57 [Mez]
Mez has joined #security-ws
13:55:01 [chaals]
Q: You want the user to know they are on teh authenticated site, but concerned about the overhead of SSL?
13:55:30 [chaals]
NA: Those are some of the problems. Also SSL only says transmission is secure - doesn't let you assert that you are dealing with the same company over a collection of domains
13:55:45 [chaals]
[/me likes that Yahoo does the right thing and not shift URIs when they buy existing services]
13:56:24 [chaals]
PB: Some solutions were discussed yesterday. Hashing some content...
13:57:40 [chaals]
NA: This is in addition to what a client can do - we are trying to find soething servers can do to help the client.
13:57:46 [chaals]
slide: approach
13:58:28 [chaals]
NA: You get a token based on a browser saying they trust a service, like a shared secret
13:58:38 [chaals]
[/me thinks "or digital signature?"]
13:58:42 [chaals]
slide: flow model
13:59:11 [beltzner]
[this requires that the user identify a site every time they start a session, right?]
13:59:17 [Alan]
Alan has joined #security-ws
13:59:28 [chaals]
Q: What if you don't get a response from an SSL request
13:59:33 [chaals]
NA: Well, you don't mark it as trusted
14:00:15 [chaals]
Q: ??? The content and hash can be swapped?
14:00:49 [beltzner]
Q: With multiple requests, I could send one request and get a MiM/malicious response
14:00:58 [beltzner]
A: What would the hacker gain from that?
14:01:08 [beltzner]
chair then asked to hold questions until the end
14:01:11 [chaals]
slide: sample metadata
14:01:19 [chaals]
[thanks beltzner]
14:01:53 [chaals]
PB: There are companies trying to spoof Yahoo. So we want to capture the information of what really is yahoo.
14:02:22 [chaals]
NA: So you can say and are part of the same group, using metadata - you get the same token from each domain.
14:02:31 [chaals]
slide: confidence browsing
14:03:02 [chaals]
PB: Browser can check that the token is the same as one they got from a trusted source.
14:03:41 [chaals]
slide: what is not addressed
14:05:16 [chaals]
slide: conclusion
14:05:56 [chaals]
Q: Why is binding from organisation to domains browser-specific not global?
14:06:15 [chaals]
PB: Each domain should have unique data from browser, to make the token have the nature of a shared secret
14:07:09 [chaals]
Q: The problem was that I see a website made to appear like someone else's website?
14:07:50 [chaals]
PB: Where you are getting data from a lot of different domains, you want to know that you are dealing with the same overall site/company
14:08:11 [chaals]
Q: So I can fool the user into thinking they are dealing with Yahoo...
14:08:47 [chaals]
NA: This is based on having established a relationship already. If you trusted Yahoo somewhere and selected them, then the bar will show if something is not part of a trusted site
14:09:07 [chaals]
... this could be used to insert personalised recognition token into the page.
14:09:35 [chaals]
... it is hard to make the chrome foolproof - unless you are relying on something personalised to the user
14:09:50 [Alan]
Alan has joined #security-ws
14:10:23 [chaals]
TR: Time please, gentlemen...
14:11:01 [chaals]
Topic: Frederick Hirsch, Nokia, ??? Sun (not here)
14:11:23 [chaals]
FH: looking at some approaches where single sign-on can be brought to bear on a problem
14:11:35 [beltzner]
s/???/Hubert Le Van Gong/
14:11:37 [chaals]
title: appraoches to simplify server authentication
14:12:02 [chaals]
FH: Constrained discussion. Two organisations - Liberty Alliance, OASIS XAML stuff
14:12:32 [chaals]
... Liberty Alliance has been around a while, done the Federation Framework (also a Web Services thing)
14:12:41 [chaals]
14:13:07 [chaals]
... talking loosely to outline an approach, not lay out a completed solution
14:13:21 [chaals]
slide: Motivation
14:13:52 [chaals]
FH: Lot of discussion already. This doesn't direct phishing directly I don't think.
14:14:14 [chaals]
... two approaches - shared secret, and a reverse single sign-on where servers authenticate to clients
14:14:18 [chaals]
slide: Shared secret approach
14:15:02 [chaals]
FH: No CA required... but there are other standardising issues
14:15:16 [chaals]
... discussed in previous talk.
14:15:34 [chaals]
... This brings us back to what kerberos was doing.
14:15:53 [chaals]
slide: simplified server authentication
14:16:24 [chaals]
slide: SSA advantages and issues
14:16:36 [chaals]
FH: you can leverage existing work.
14:17:23 [chaals]
slide: SSA Approaches
14:17:52 [chaals]
FH: Assumes some sort of relationship among the parties
14:18:27 [chaals]
... You can use a proxy for clients that don't handle the whole lifting themselves
14:18:43 [chaals]
slide: IDP secret approach
14:20:06 [chaals]
FH: Use an ID provider to proxy authentication of service
14:21:13 [chaals]
... The client can enforce a requirement that the service provider authenticate too, if required to authenticate to them.
14:21:28 [chaals]
slide: IDP secret approach (second slide)
14:21:38 [chaals]
slide: Flow diagram
14:21:50 [chaals]
FH: Like SAML but added steps for service provider
14:22:03 [chaals]
slide: IDP Accessed as Portal
14:23:13 [chaals]
FH: Then the client doesn't need to go back and forth authenticating if it trusts a portal providing ID...
14:23:22 [chaals]
slide: IDP Portal operation
14:23:36 [chaals]
slide: flow diagram for IDP portal
14:24:01 [chaals]
slide: Enhanced client or proxy
14:24:18 [Alan]
Alan has joined #security-ws
14:24:24 [chaals]
FH: Put something more into the flow
14:24:56 [chaals]
... so you know how to get to the right ID. Bunch of this stuff went into SAML.
14:25:16 [chaals]
slide: flow diagram - enhanced client
14:25:44 [chaals]
slide: summary
14:26:53 [chaals]
Q: clarification. problem is mutual authentication in a single sign-on context?
14:26:58 [chaals]
FH: Yes.
14:27:10 [chaals]
Q...: leveraging a ring of trust?
14:27:14 [chaals]
FH: Right.
14:27:48 [chaals]
Q...: How does this compare to other approaches to site authentication
14:27:56 [chaals]
FH: Didn't think about it :)
14:28:10 [chaals]
... this is a presentation of another idea, but not comparative
14:28:12 [DanC_lap]
DanC_lap has joined #security-ws
14:29:04 [chaals]
... Oh. Hang on. This doesn't assume an authentication mechanism per se. There are various techniques that could be plugged into this approach.
14:29:25 [chaals]
Q: Trying to understand difference between this and static authentication.
14:29:59 [chaals]
... what are benefits?
14:30:11 [chaals]
FH: Client doesn't need to do a lot of crypto/PKI
14:30:27 [chaals]
... underlying is still the authentication infrastructure
14:31:00 [chaals]
Q: Under enhanced client / proxy you assume there are no requirements for changing client. that is if it knows about the IDP, right?
14:31:05 [chaals]
FH: Right...
14:31:20 [chaals]
Topic: deviance
14:32:11 [chaals]
s/deviance/Applying context to Web Authentication/
14:32:18 [chaals]
John Linn et al.
14:32:31 [chaals]
slide: Overview
14:34:09 [chaals]
slide: Web Authentication Today
14:34:26 [chaals]
JL: The situation today is not very pretty...
14:35:58 [chaals]
slide: user authentication flow, decomposed
14:36:48 [chaals]
JL: There are various points of attack available
14:37:07 [chaals]
... but in the happy case you get data to the site...
14:37:23 [chaals]
slide: authenticator data: 3 reusability classes
14:39:17 [chaals]
slide: Partially reusable data - example context dimensions
14:39:51 [chaals]
JL: Make the data something that makes no sense outside some aspect(s) of the original context(s)
14:40:16 [chaals]
... the more dimensions of unique contextual value, the better your protection
14:40:29 [chaals]
slide: Protecting evidence in a destination context
14:42:26 [chaals]
slide: aspects of approach
14:43:19 [chaals]
JL: Password is a deterrent - not necessarily guaranteed, but can be made relatively pointless...
14:43:39 [chaals]
... to break down
14:44:32 [chaals]
slide: safeguarding the evidence
14:45:18 [DanC_lap]
DanC_lap has joined #security-ws
14:46:19 [chaals]
slide: mutual authentication
14:47:09 [chaals]
JL: User Interface design here is important...
14:47:41 [chaals]
... you can say "here is what we found, what do you want to do", or interpret and act on behalf of user. Perhaps neither is the right universal approach
14:47:55 [chaals]
slide: standardisation prospects
14:49:15 [chaals]
slide: concluding observations
14:50:17 [chaals]
Q: ??? licensing ???
14:50:47 [chaals]
Q: We have told users about trusted paths, but they still click dodgy links in email. Could I still do that...
14:51:00 [chaals]
JL: Think it is a fertile ground for thinking about it
14:52:07 [peter]
peter has joined #security-ws
14:52:35 [plipp]
plipp has joined #security-ws
14:52:39 [chaals]
Q: (comment) How do we put good password protection in browser? How do we generate critical mass for this technology? Would be no brainer to dump dig-auth in a form. I want mechanism that lets me buy an auth token, I am happy to get a plugin to use that, but there still needs to be some some glue for the transport. But I then want to use that anywhere...
14:53:16 [chaals]
... without being bothered by patents etc. That's stnadardisation question - then where do we do the work - w3c, ietf, ...?
14:53:30 [chaals]
JL: For deployability the ideal is to change nothing. Which is not possible.
14:53:50 [chaals]
... so question is what is the simplest change we can make
14:53:59 [chaals]
Q...: Think we can make one change...
14:54:55 [chaals]
Q: Nice idea. We have been working on a similar one. Problem - passwords can be broken. Better solution would be zero-knowledge password proofs - we posted a position paper on this.
14:55:31 [chaals]
Q: If you embed a one time password approach, why not use zero-knowledge proof?
14:55:45 [chaals]
JL: OTP is not necessarily challenge based, so may not have the same overhead
14:56:02 [chaals]
Topic: How sites can manage HTTPS when users dont.
14:56:06 [chaals]
Andy Ozment et al.
14:56:28 [chaals]
slide: simplifying tasks and decisions
14:56:49 [DanC_lap]
DanC_lap has joined #security-ws
14:56:58 [chaals]
AO: Two types of tasks for users - trying to remove the https tasks
14:57:04 [chaals]
slide: goals
14:57:13 [chaals]
slide: what's expected today
14:57:29 [chaals]
slide: method A request
14:57:44 [chaals]
AO: This is what we expect of users, not what they are actually doing.
14:58:09 [beltzner]
[um, why does this slide assume that users are typing in direct urls to their login pages?]
14:58:29 [beltzner]
[oh, wait, I get it]
14:58:45 [chaals]
AO: nothing in UI to help users decide if it is safe enough to use HTTP plain text
14:58:53 [chaals]
slide: method B: verify
14:59:44 [chaals]
AO: users can't tell why a domain isn't the one they expected
15:00:04 [chaals]
... mistyped? trsutable redirect? attack?
15:00:11 [chaals]
slide: tasks and decisions
15:01:23 [chaals]
AO: For an untrusted source, stop user making a mistake by preventing them from using unsafe method for trusted source, or if domain isn't recognised as safe then recheck
15:01:32 [chaals]
slide: Why don't we have this?
15:01:43 [chaals]
slide: proposal
15:02:30 [DanC_lap]
(dnssec... are the relevant roots doing that yet?)
15:02:32 [chaals]
slide: query root zone
15:06:15 [chaals]
AO: So the wonderful thing is that Alice uses the specified signed requirement to use SSL foo - no man-in-the-middle hole
15:06:26 [chaals]
slide: ssr record's capabilities
15:08:57 [chaals]
slide: design questions
15:10:06 [beltzner]
I don't know why this means a user doesn't need to know whether or not they're using an SSL connection, since that's how they'll understand the nature of their connection
15:10:37 [chaals]
Q: Are you anticipating DNSSec will be implemented at browser, or OS level?
15:11:02 [chaals]
AO: anticipate it eventually in OS, but there are resolvers out there and believe browsers can do this until then
15:11:50 [DanC_lap]
(what's the dns root's public key? where does a body get it? I'm having trouble navigating (
15:11:54 [DanC_lap]
15:11:59 [chaals]
SS: Browsers need to be aware of it anyway
15:12:29 [chaals]
Q: Key management is important - who is going to manage the keys and how will DNSSec be deployed?
15:12:38 [chaals]
SS: There is a root key managed by ICANN
15:13:32 [chaals]
AO: Every zone has to sign their zone. The extra complexity is not enormous.
15:14:01 [DanC_lap]
(huh? tlr, why is that not a discussion for here? bummer.)
15:14:10 [chaals]
[Thomas, please stop being so far to the right]
15:14:19 [chaals]
Q: Wells Fargo are 100% under SSL
15:14:23 [chaals]
15:14:47 [chaals]
Q...: Security for pushing metadata down - hadn't considered putting that through DNS
15:15:04 [chaals]
[/me not too keen to fetch advertising through SSL on a phone]
15:15:36 [chaals]
AO: Problem isn't in SSL - we used SSL 2 for the handshae - this secures info in advance about how to secure the connection
15:16:16 [chaals]
Q: Assuming all this works, I would think the fingerprint of my site key would be useful information to include, since I already trust DNSSec - no onger need to deal with CAs
15:16:32 [chaals]
SS: Already an IETF proposal for storing certificates in domain registry
15:16:55 [chaals]
AO: CAs still needed, e.g. to verify that a business really is themselves
15:17:27 [chaals]
Q: You have value here if you just have a policy record. You have to take account of fact that DNS is not extensible as claimed - it takes 5 years to deploy to 80%
15:17:39 [chaals]
... but you can make it work using prefix records.
15:19:17 [chaals]
Q: In some cases SSL might not be the right solution. It seems W3C could make contribution