Notes for March 6, 1998

  1. Greetings and felicitations!
    1. Reading: Pfleeger, pp. 377-426; Garfinkel & Spafford, pp. 449-478, 669-700
  2. Puzzle
  3. PEM, PGP
    1. Goals: confidentiality, authentication, integrity, non-repudiation (maybel)
    2. Design goals: drop in (not change), works with any RFC 821-conformant MTA and any UA, and exchange messages without prior interaction
    3. Use of Data Exchange Key, Interchange Key
    4. Review of how to do confidentiality, authentication, integrity with public key IKs
    5. Details: canonicalization, security services, printable encoding (PEM)
    6. Certificate-based key management
    7. PGP v. PEM
  4. Certificates
    1. Binding key to name, notion of issuer
    2. PEM trust hierarchy, certificate types
    3. X.509/PGP web of trust model
  5. Common Implementation Vulnerabilities
    1. Unknown interaction with other system components (DNS entry with bad names, assuming finger port is finger and not chargen)
    2. Overflow (year 2000, lpr overwriting flaw, sendmail large integer flaw, su buffer overflow)
    3. Race conditions (xterm flaw, ps flaw)
    4. Environment variables (vi one-upsmanship, loadmodule)
    5. Not resetting privileges (Purdue Games incident)
[ ended here ]

You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 3/9/98