Re: Basic Flaws in Internet Security and Commerce

[patrick@Verity.COM (Patrick Horgan)]

Paul said:

> A fine piece of work.  The ideas expressed in this paper should scare
> the hell out of everyone who uses NFS for any serious applications,
> which for a fact includes most banks and all investment banks and
> brokage houses.  In this particular area I KNOW what is at risk.
> Again, I congratulate the authors on a first-class effort.

I agree, it's a good job of publicizing these holes, but (not to take
anything away from these guys, I'm sure they know this), these are not
newly found holes.  These attacks on NFS have been known and exploited
for years and are well known within the security community.

What if all NFS traffic was encrypted via a shared key distributed via
Diffie-Hellman?  Know that would REALLY be secure NFS;)  (I know, I know,
DH doesn't do secure authentication, so how does Alice know that she
didn't just agree to a secret with our Mr Bucket Brigade Mallet!)

Patrick
   _______________________________________________________________________
  /  These opinions are mine, and not Verity's (except by coincidence;).  \
 |                                                       (\                |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have       |
 |  patrick@verity.com        1550 Plymouth Street         \\  _ Sword     | 
 |  Phone : (415)960-7600     Mountain View                 \\/    Will    | 
 |  FAX   : (415)960-7750     California 94303             _/\\     Travel | 
  \___________________________________________________________\)__________/