Versão em Português Peter, Radia and me at SSI'2005

Coming Back from SSI'2005

São Paulo, 13-nov-2005 23:08

This is my 5th time at SSI and this has arguably been the funniest. Perhaps because this was the first year I don't deliver a tutorial, which in previous years always took a whole lot of time to prepare. Or because I've got a chance to talk to Peter Gutmann and Radia Perlman. Among the presentations I attended, there wasn't as much crap as in the previous years. And lots of other friends showed up, making for interesting conversations.

However, apart from a nice idea Radia gave me, I didn't learn anything really new. That may be because I focused on things related to my own work, instead of going to lots of different talks as I did previous years.

Peter Gutmann

Peter speaks in bursts and his New Zealand accent took me some time to get used to. I've heard that one of the simultaneous translation ladies just couldn't keep up with him and had to be replaced. "He speaks inherently encrypted", joked a fried of mine (we laughed wondering whether the substitute translator had an implanted cryptoprocessor with the appropriate key). Shame, he did lose some audience in his tutorial because of this.

On the very first day of the event I invited him and Radia to talk to us and kind of forced them to listen to my long story about how I got involved with PKIs and the current state of PKIs in Brazil. He was intrigued by my description of ViaCert and I showed it to him, but only briefly, because at that time Radia was very tired and wanted to go back to their hotel. I promised to send him a copy so he can play with it, along with the paper.

I also learned that my fried Jeroen van der Graaf had intercepted Peter as he was coming to Brazil, taking him on tour around Belo Horizonte and Ouro Preto. Peter reported that he convinced Jeroen that attribute certs were a bad idea. Peter said he loved Ouro Preto (who doesn't?).

Quite naturally, Peter wanted to taste typical Brazilian food. This proved surprisingly difficult to find in São José dos Campos' restaurants. He loved fried manioc (although it was vastly inferior to the ones we can get in my hometown). But he didn't seem to like the "arrumadinho" very much.

My friend Pedro Rezende just loved Peter's talk on the convergence of Internet threats. Just as I imagined -- Pedro loves real-world stories from practicioners.

We also shared a delightful talk one evening with Alfred Bacon, where we exchanged security horror stories and brazilian politics insanity gossip. I also got to learn even more impressive stats about Petrobras and some cool stuff they do.

Radia Perlman

Radia is such a terrific speaker. She speaks in plaintext, very clearly.

In one of her talks she had this slide about PKI models: monopoly, oligarchy, anarchy, etc. I couldn't resist shouting "this is Brazil's PKI" when she was on "monopoly". I just wished she delivered that talk to the folks at ITI, the brazilian agency that runs ICP-BR, the Brazilian National PKI. (Or, even better, at ITI's CertForum, which, unfortunately, was being held in Brasilia at the same time as SSI).

In the same segment, she presented a model of a mixed hierarchical PKI tied to DNS names augmented with crosslinks among trusting domains, which fits very nicely with my own model. I found it quite appealing because it maps very well how trust is already set up in the Internet, around DNS names, making it specially easy for sysadmins to understand and believe.

One of Radia's final slides said "Don't give up on PKIs", which made an interesting contrast with Peter's repeated comments that PKIs, in their current incarnation, are nearly unusable and serve no practical real-world purpose. I actually agree with them both -- that's why I'm busy building what I believe will become a usable one, based on practical real-world problems.

At some point during dinner one evening she mentioned that at Sun, anything Java has diety status. We had fun ranting about the Java brainwashing culture, which happens to be quite strong here in Brazil.

Paulo Barreto

I enjoyed watching Prof. Barreto's talk in which he gave a retrospective about the crisis in the hash function arena from his point of view. He is the co-inventor of the Whirlpool hash function, which may be a way out of the current SHA family mess. I meant to ask his opinions about Dan Bernstein's Salsa20 algorithm, but he got carried away in his presentation, totally blowing the time for questions and invading some time from Radia's talk. When I tried to find him in the coffee break, I learned he'd left already.

My Own Talks

I delivered a talk about a paper I sent to the conference about a method for generating passphrases resilient against several kinds of attacks and yet easy enough to memorize.

I also delivered a talk about how a few historic vulnerabilities in Windows' PKI infrastructure and how we solved them in ViaCert, Tempest's PKI client product. Unfortunately the talk was in an unfavorable timeslot and in the most obscure presentation room, so very few people attended.

top