How To (And Not To) Make the Online Trust Honor ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

RetiredUser,
User Rank: Ninja
7/31/2017 | 2:46:22 PM

Re: impersonization, forgery, and fakes

100% behind you here, mack. There is room for the Public Key Model to improve, of course. Read an interesting paper "Soundness in the Public-Key Model" by Silvio Micali and Leonid Reyzin. From the ABSTRACT:

The public-key model for interactive proofs has proved to be quite effective in improving protocol efficiency (see Canetti, Goldreich, Goldwasser, Micali, STOC 2001). We argue, however, that its soundness notion is more subtle and complex than in the classical model, and that it should be better understood to avoid designing erroneous protocols. Specifically, for the public-key model, we:

identify four meaningful notions of soundness;
prove that, under minimal complexity assumptions, these four notions are distinct;
identify the exact soundness notions satisfied by prior interactive protocols; and
identify the round complexity of some of the new notions.

Reply | Post Message | Messages List | Start a Board

100%

macker490,
User Rank: Ninja
7/18/2017 | 8:21:33 AM

impersonization, forgery, and fakes

what do the sites do to prevent the "Bad Guys" from impersonating them -- or transmitting fakes and forgeries?

sites focus tons of effort on identifying their customers.    but what do customers do in order to authenticate sites?

we rely on a large list of x.509 certificates -- published by our web browsers -- and most of us -- have no clue what's in that list.

For Critical Sites Only:    we all need to COUNTERSIGN trusted certificates using our own PGP/GnuPG key

in the Public Key Model this step is required in order to validate a key.   Keys must be validated before a trust level can be assigned.

give this some thought.   "They" want to authenticate you -- but -- you need to authenticate them -- and the model we use today -- fails.   That's an F

Reply | Post Message | Messages List | Start a Board

Editors' Choice

Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel

Kelly Sheridan, Staff Editor, Dark Reading, 2/23/2021

Security + Fraud Protection: Your One-Two Punch Against Cyberattacks

Joshua Goldfarb, Director of Product Management at F5, 2/23/2021

Cybercrime Groups More Prolific, Focus on Healthcare in 2020

Robert Lemos, Contributing Writer, 2/22/2021

Live Events

Webinars

Interop Digital - Free Cybersecurity Event April 29

Communications & Collaboration: 2024 (March 9-10)

More Informa Tech Live Events

White Papers

Why Add Security to Your Skill Set and How to Do It

Key Strategies for Managing New Risks in Cybersecurity

Intelligent Outcomes Are Key to Business Resilience

How Hyatt Eliminated Bot Attacks Without Impacting their User Experience

Don't Let the Past Obstruct Your Zero-Trust Future

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: "The truth behind Stonehenge...."

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Building the SOC of the Future

Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-27886
PUBLISHED: 2021-03-02

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.

CVE-2016-8153
PUBLISHED: 2021-03-02

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.

CVE-2016-8154
PUBLISHED: 2021-03-02

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.

CVE-2016-8155
PUBLISHED: 2021-03-02

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.

CVE-2016-8156
PUBLISHED: 2021-03-02

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]