[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scientology/Wollersheim as test case for key disclosure



Phill <[email protected]> wrote,
>One solution to this problem would be to modify PGP so that the session
>key for
>the document was released rather than the passphrase for the public key. The
>former would provide only read access, the latter would allow th
>scientologists
>to forge Wollerstein's signature on other material. In addition many of the
>documents may be subject to privillege.

It seems to me that if this kind of risk was seen ahead of time that a
method doing the equivalent using ordinary PGP commands could be agreed
upon by all involved.  The document could be encrypted using "PGP
conventional encryption" and the pass phrase for that could then encrypted
using the public key.  The encrypted document would thus consist of these
two parts.  The breaking of the traditional decryption into it's two parts
would not be needed--superficial use of PGP would work.

The owner of the public key--who is in possession of the document encrypted
as suggested--when threated by an attacker--who is also in possession of
the document--with an unbearably high cost for not giving up his secret key
can offer to give up the the password for the "PGP conventional
encryption".

This method does not define how the password is obtained and that might be
a weakness.

I confess I'm new to PGP (and this subject in general) and am ignoring the
suggestion in Tim May's FAQ that newbies try not to look clueless.

Dar Scott


===========================================================
Dar Scott               Home phone: +1 505 299 9497

Dar Scott Consulting         Voice: +1 505 299 5790
8637 Horacio Place NE        Email: [email protected]
Albuquerque, NM  87111              [email protected]
                               Fax: +1 505 898 6525
http://www.swcp.com/~correspo/DSC/DarScott.html
===========================================================