#tlsnotary-chat

I remembered this morning that TLS servers already sign their DH params, so those can be used to derive the initial IV. Also, future IVs are still unpredictable in advance because they are derived from TLS record MACs. So one could argue that IVs are random i.e. sufficiently unpredictable to the attacker to exploit them.

this is neat because servers dont have to perform any extra signing, which may be a DoS vector.

waxwing: can you recall reading a paper about making repudiable authentication non-repudiable by having a third party involved in generation of the key? Or am I having some deja vu?

tlsnotary.pdf/

:)

:-|

sergio got back on email. he seems to be dreaming up a new scheme :)

will be interested to see his approach for sure.

so, read the camacho pres. it's helpful for sure (w.r.t. how to use commitments for privacy, in particular). There is an "appeal to moon math" element in the mention of zkpok, but OK, fine. And yes "banks just sign stuff" addresses one aspect. Meanwhile I'm wondering how, if at all, a tlsnotary/customer auditing approach can address this "key rental attack" problem. I mean, not directly of course, but maybe somehow.

dansmith_btc: re: signed DH params, it's an interesting thought, but *if* there's a problem with determinstic IVs, it's not just "calculable in advance" it's also "calculable from record to record". I'm not sure, but I say that because that's what was dropped from tls 1.0 in cbc mode - last block of previous record.

dansmith_btc: waxwing sorry, just forgot to say i totally couldn't remember my facebook password :(

waxwing: btw totally called it ;)

oakpacific: you won't hear me complaining about other people not logging into facebook

what did you call?

waxwing: Lerner

i'm glad for you :) but don't really know what you mean.

hopefully he'll pop by here at some point.

waxwing: that's what i said, he didn't make any initial contact probably because...he asn't really that impressed

well, I can't speak for him of course, but "not impressed" is not the main point I think. The main point is that he wants a much more extensive functionality than what we've created.

btw, anything 2^(-32) smells of the fragrance of your grandma's hand-baked crypto

heh. actually what it made me think was, he was going along similar to lines to you have in the past: throwing 100s of random fakes to the counterparty and requiring them to pick the right one.

as if it was just me

hey, it's a compliment, i'm not imaginative enough to come up with a lot of those things.

c'mon :)

i do find myself drawn to thinking about more-than-2 party DH key exchange. Did that ever enter the discussion?

with a third auditor i guess?

yeah

maybe it's just another way of describing what's already been looked at

waxwing: right, for tlsnotary sceanrio, my guess is that you would need to be able to do a general multiplication-splitting of A.B=S1+S2

i probably shouldn't wade into this right now. i'm actually not even up to date with what you guys already worked out.

iirc you said that the key exchange is OK, but would need to be RSA signed not DSS

dat MPC can doeverything joke should really be part of our corp culture

With our bleeding edge military grade zero knowledge proof of fully homomorphically encrypted multiparty computation ...

waxwing: okay but srsly, my real point was, whether or not he has some good ideas, working with us would be to the benefit of everyone, so i failed to comprehend why he doesn't, do we stink somehow or what?

oakpacific: well, i don't know, maybe. either way, at least it's been looked at.

amuelli: dansmith_btc dfoolz HostFat mkarrer_ moo-_- oakpacific tymat : feel free to try out the new system at https://github.com/AdamISZ/taas-poc-1-auditee and try to make some *.audit files which we can share with each other.

hearn: ^ sorry missed you out there :)

should work OK for linux and macos ; have no idea about windows, would need openssl.

in case you're not up to speed with the convo, basically this is a trial version of a new system as described here: https://gist.github.com/AdamISZ/9d9e6d2520571af...

cool!

hm? what did i miss out on?

hearn: no prob, you didn't miss content, i just missed you out of the 'please try this' list

waxwing: will try it out a bit later, will be offline now...

mkarrer_: HostFat thanks

it's probably more the concept than the implementation that's interesting, but having a concrete example to look at does help I think.

oh cool

out, back in a few couple of hours

waxwing: I just tried it out, but I don't see any audit button.

mkarrer_: ok. i did try on a VM, but it was only a quick check so I'm not surprised. Is there any error on the console?

tlsnotary-auditee.py:639: SyntaxWarning: name 'hcts' is assigned to before global declaration

global hcts

nothing else

right

you have FF 36?

i think 36.0.4 is latest, but prob doesn't matter

and i had the same problem like earlier as i did not have my firefox in the default dir

also you could double check if in your addons list tlsnotary is enabled

ah, could be that i guess

the start sh also did not find the py file so i started the py fiel directly

the start sh did not find the py file!? that sounds wrong

no 31.0

will check for updates

are you sure you ran the mac os .sh not the linux one?

yes there is a 36. will try again with that

yes

ah maybe the python2.7 alias is a prob?

haven't paid any attention to this kind of stuff in ages

can't open file 'src/auditee/tlsnotary-auditee.py': [Errno 2] No such file or directory

just seems that it did not take the path correctly

hmm, i guess you have to run it from within that root dir, maybe that's the issue?

i mean, i agree, you can just run it 'by hand' so no big deal

btw dansmith_btc has done a lot of work on bundling this into an addon, which will remove this stuff. i have seen a demo of it working, but not sure of the status right now.

ah now i see the audit button

mkarrer_: ah interesting. so, it was a function of the FF version. I think I saw the same thing myself.

huh, the server is seeing a few interesting requests :)

still in progress

audit is underway should disappear when dine, right?

hmm something may well be wrong, i see "commit_hash" server side which means it should be finished

seems it hangs

Exception happened

i send u by mail the exc.

mkarrer_: github.com may not be a good choice since it's one of reliable sites, but not sure about that.

mkarrer_: cheers, thanks a lot.

sent

will try it with another page

someone is sending GET tmUnblock.cgi requests, naughty

another failed with https://bitsquare.io/team/ also sent exc.

mkarrer_: i saw that signature exception also when I tried on MacOS. I haven't figured it out yet. But second time I tried, it was OK.

will try again

again error

ok second error is another one I saw once, but I can't remember what that was about.

what happesn if 2 user connect simultaniuosly? there is no session handling yet, right? is it just blocking?

mkarrer_: that's right.

i'll stick in some delays, at least, so it can get back to normal if someone gets into a mess :)

the result audit page you get and sent the auditor, is taht including the complete html or just pain text?

you know how it is, when you only run something yourself, everything works perfectly :) that's why i need a few people to try it out

sure, i know that :-)

mkarrer_: it's everything. you can check the http headers

will try to make a test session soon with bitsquare and then will be in the same position :-)

getting good progress btw. hope in 1 or 2 months a basic version is ready

mkarrer_: could you hang on a minute?

i'm just thinking while you're here it would be good to get one run working. i'll restart the server in case it's in an inconsistent state.

i stopped the browser

ok

let me knwo when i shoudl try again. and maybe give me a site you know it was working for you

mkarrer_: try bitcointalk.org, any page

back up

ok, start again

server is finished ; another exception or?

/subprocess.py", line 573, in check_output

raise CalledProcessError(retcode, cmd, output=output)

yes, will send u

so it's the signature error again, right

oh hang on do you have openssl ?

which openssl

i dont mean which version, i just mean do `which openssl` :)

oh, come to think of it, there's another reason, if you run the script from the src/auditee directory, it's not picking up the public key.

OpenSSL 0.9.8zc 15 Oct 2014