They don't provide enough information for me to be able to fix anything.
I checked my usual place
http://www.dnsstuff.com/tools/ip4r.ch?ip=85.10.195.197
and we aren't listed in any of the databases listed there.
I looked at the URL included in the bounce reply
http://help.yahoo.com/help/us/mail/defer/defer-02.html
This page talks about open proxies and relays which this server has never been and I even check using a service they suggest on that page
http://rbls.org/?q=85.10.195.197
and it lists no problems either.
So I'm at a loss to say why yahoo is blocking it.
Also, to test it I just sent an email to someone with a yahoo account from an account on lists.squeakfoundation.org and it went through without any problem. So if yahoo is blocking something it is apparently not the server as a whole.
I'm not sure where to go next.
Ken
On Wed, 2006-01-11 at 16:33 -0500, Ron Teitelbaum wrote:
Here are the contents:
Sorry, we were unable to deliver your message to the following address.
afunkyobject@yahoo.com: Remote host said: 553 Mail to/from "cryptography-bounces@lists.squeakfoundation.org" not allowed - VS99-IP1 deferred - see help.yahoo.com/help/us/mail/defer/defer-02.html (#5.7.1) [10] [MAIL_FROM]
--- Below this line is a copy of the message.
Received: from [66.218.69.6] by n26.bullet.scd.yahoo.com with NNFMP; 11 Jan 2006 18:59:08 -0000 Date: 11 Jan 2006 10:59:08 -0800 X-yahoo-newman-property: wss X-yahoo-newman-id: null Received: from [66.218.85.37] by t6.bullet.scd.yahoo.com with SMTP; 11 Jan 2006 18:59:08 -0000 Received: from milter9.wss.scd.yahoo.com (66.218.85.31) by mta6.wss.scd.yahoo.com (7.0.042) id 42FD96680449FF16 for chris@funkyobjects.org; Wed, 11 Jan 2006 10:59:08 -0800 Received: from box2.squeakfoundation.org (box2.squeakfoundation.org [85.10.195.197]) by milter9.wss.scd.yahoo.com (8.13.1/8.13.1) with SMTP id k0BIvK7h057518 for chris@funkyobjects.org; Wed, 11 Jan 2006 10:58:21 -0800 (PST) Date: Wed, 11 Jan 2006 10:57:20 -0800 (PST) Message-Id: 200601111858.k0BIvK7h057518@milter9.wss.scd.yahoo.com Received: (qmail 31486 invoked from network); 11 Jan 2006 18:57:20 +0000 Received: from unknown (HELO box2.squeakfoundation.org) (127.0.0.1) by localhost with SMTP; 11 Jan 2006 18:57:20 +0000 From: cryptography-request@lists.squeakfoundation.org Subject: Cryptography Digest, Vol 4, Issue 8 To: cryptography@lists.squeakfoundation.org Reply-To: cryptography@lists.squeakfoundation.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-BeenThere: cryptography@lists.squeakfoundation.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Cryptography Team Development List <cryptography.lists.squeakfoundation.org> List-Unsubscribe: http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography,
mailto:cryptography-request@lists.squeakfoundation.org?subject=unsubscribe List-Archive: http://liststest.squeakfoundation.org/pipermail/cryptography List-Post: mailto:cryptography@lists.squeakfoundation.org List-Help: mailto:cryptography-request@lists.squeakfoundation.org?subject=help List-Subscribe: http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography,
mailto:cryptography-request@lists.squeakfoundation.org?subject=subscribe Sender: cryptography-bounces@lists.squeakfoundation.org Errors-To: cryptography-bounces@lists.squeakfoundation.org X-Originating-IP: [85.10.195.197]
Send Cryptography mailing list submissions to cryptography@lists.squeakfoundation.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
or, via email, send a message with subject or body 'help' to cryptography-request@lists.squeakfoundation.org
You can reach the person managing the list at cryptography-owner@lists.squeakfoundation.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Cryptography digest..."
Today's Topics:
- Re: Protecting Image (Cees De Groot)
- Re: Re: KryptOn MakoEnvelope signedAndSealedFrom:to:object: (Tony Garnock-Jones)
- Re: Re: KryptOn MakoEnvelope signedAndSealedFrom:to:object: (Cees De Groot)
- RE: Squeak Cryptography Team Code CommercialAcceptance (Ron Teitelbaum)
Message: 1 Date: Wed, 11 Jan 2006 19:31:20 +0100 From: Cees De Groot cdegroot@gmail.com Subject: Re: [Cryptography Team] Protecting Image To: Ron@usmedrec.com, Cryptography Team Development List cryptography@lists.squeakfoundation.org Message-ID: 330b6fd60601111031i303da2d1g53450ee2f537badc@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
On 1/11/06, Ron Teitelbaum Ron@usmedrec.com wrote:
I've been thinking though some of the problems with cryptography. I have a question. How do we protect the image?
Usually, the local machine is to be assumed secure (Trusted Computing Base). If someone subverts my machine, anything can happen from capturing keystrokes to advanced subliminal channel analysis.
Which doesn't mean that you should do your best to minimize these effects - for example, I've been thinking of using methodwrappers or Aspect/S or similar to tag methods as "crypto methods", meaning which would trigger behaviour like on exit, all temps are erased (recursively?) before they are gc'd.
Message: 2 Date: Wed, 11 Jan 2006 18:35:23 +0000 From: Tony Garnock-Jones tonyg@lshift.net Subject: Re: [Cryptography Team] Re: KryptOn MakoEnvelope signedAndSealedFrom:to:object: To: Cryptography Team Development List cryptography@lists.squeakfoundation.org Message-ID: 43C54FEB.9010304@lshift.net Content-Type: text/plain; charset=ISO-8859-1
Cees De Groot wrote:
Err... recalling vaguely from memory - wasn't signing plaintext a big no-no? There were some attacks on RSA that based on feeding a signer plaintexts (or is my memory leaving me here?)...
Are you perhaps thinking of the need for something like RSA-PSS?
Message: 3 Date: Wed, 11 Jan 2006 19:38:33 +0100 From: Cees De Groot cdegroot@gmail.com Subject: Re: [Cryptography Team] Re: KryptOn MakoEnvelope signedAndSealedFrom:to:object: To: Cryptography Team Development List cryptography@lists.squeakfoundation.org Message-ID: 330b6fd60601111038k7c68c846qf7689e15fbddff1c@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
At the very least hash-then-sign, but RSA-PSS looks like the latest-and-greatest insight from the crypto community, so I wouldn't ignore it :)
On 1/11/06, Tony Garnock-Jones tonyg@lshift.net wrote:
Cees De Groot wrote:
Err... recalling vaguely from memory - wasn't signing plaintext a big no-no? There were some attacks on RSA that based on feeding a signer plaintexts (or is my memory leaving me here?)...
Are you perhaps thinking of the need for something like RSA-PSS? _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph y
Message: 4 Date: Wed, 11 Jan 2006 13:57:14 -0500 From: "Ron Teitelbaum" Ron@USMedRec.com Subject: RE: [Cryptography Team] Squeak Cryptography Team Code CommercialAcceptance To: "'Cryptography Team Development List'" cryptography@lists.squeakfoundation.org Message-ID:
<!&!AAAAAAAAAAAYAAAAAAAAALn4DBa9j89Bkul53Jf1ky/CgAAAEAAAANG2X4+g4JNCs/qwFDyH YJEBAAAAAA==@USMedRec.com>
Content-Type: text/plain; charset="us-ascii"
I see that FIPS140-2 states that the certification is intended for sensitive, not classified information. Is it possible for us to be certified for classified information, or is that certification out of reach?
Ron
From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Ron Teitelbaum Sent: Tuesday, January 10, 2006 6:35 PM To: 'Cryptography Team Development List' Subject: RE: [Cryptography Team] Squeak Cryptography Team Code CommercialAcceptance
Matt,
Thanks for the information, I will review the process. I would think we could come up with the money you suggested to get certified.
So to update our goals:
- Get external US Government certification of Security for external package
and image components.
Should be changed to:
- Complete Cryptographic Module Validation Program (CMVP) through the
OpenSSL Federal Information Processing Standard (FIPS) Certification Process.
5.1) Identify Experts in Group (recruit new members?) 5.2) Find repository and define structure for documentation. 5.3) Document current frameworks 5.4) Develop new designs, following design goals (tbd through
open discussions) and document new framework.
5.5) Expert Design Review and Implementation recursively until
code complete
5.6) Identify Team Leaders to walk our project through OpenSSL
FIPS Cert Process
5.7) Raise Money for Cert Process 5.8) Complete Certification, Publicize results 5.9) Offer Reward for anyone that breaks code 5.10) Set up review committee that reviews implementations (for
a fee) and helps others get certified using our code.
Does anyone have any comments on the change?
Ron Teitelbaum
Squeak Cryptography Team Leader
Ron@USMedRec.com
From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Matthew S. Hamrick Sent: Tuesday, January 10, 2006 4:22 PM To: Ron@USMedRec.com; Cryptography Team Development List Subject: Re: [Cryptography Team] Squeak Cryptography Team Code CommercialAcceptance
On Jan 10, 2006, at 10:30 AM, Ron Teitelbaum wrote:
Does anyone have a suggestion for how to certify our code?
In general... when talking about Security, you want to have the design reviewed prior to having the code reviewed... but I guess we can be agile about it. Maybe the thing to do would be to document what we have in terms of architecture, find someone to do an independent review of the architecture, incorporate architecture changes recommended by the reviewer, then make code changes, then have the code reviewed.
The word "certify" has a lot of different meanings to different people. If you're looking for FIPS certification, that's a long process... and it costs money. The OpenSSL FIPS certification process has been going on for at least a year or two with the bill being footed by OSSI, HP, DoD and a couple other people whose names escape me at the moment.
The motivation there was that HP and DoD believed the certification was an investment... pay a little up front so they can benefit from the cost savings of using an open implementation of various crypto algorithms. The last time I was involved in a CMVP effort, the total bill to the independent lab was something on the order of about $12k US. With the recent devaluation of the US peso, I'm guessing it would probably run at least $18k US these days.
I think it would
be helpful if what we have done to prove our work (testing documentation
...), the qualifications of the person writing the code, and any reference.
materials were all kept in a single place. It would be helpful as a
reference for others, and some proof that may be needed before someone
considers adoption. What do you all think?
I definitely agree with this!
On 1/11/06, Ken Causey ken@kencausey.com wrote:
They don't provide enough information for me to be able to fix anything.
Seems to be a Yahoo problem - they bounced a mail from me, directly from gmail.com, earlier this week.
box-admins@lists.squeakfoundation.org