[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Conference report - resolving security workshop
At 04:55 PM 2/22/96 -0800, Raph Levien <[email protected]> wrote:
> The biggest problem with S/MIME is that the signed and encrypted
>format reveals who made the signatures. Obviously, this has severe
>consequences for anonymous mail. Believe it or not, a lot of people
>care. For example, the car manufacturers do not wish to broadcast the
>email addresses of their employees over the net.
> One technical workaround is to do it the MOSS way - first, sign the
>message, resulting in an intermediate S/MIME message, then encrypt
>that into a second S/MIME message. I'd recommend that implementors
>make provisions for such recursive formats; I think it's likely that
>we'll see a lot of these on the Net.
Recursive-capable formats are clearly the way to go; the difficult problem is
deciding how many layers of recursion to do while decoding (e.g. all the way
down,
or one layer at a time asking the user for each round), which is largely
a user-interface issue rather than a platform issue, though it also lets you
build limited-purpose tools instead of an all-singing, all-dancing camel
of a platform.
Unfortunately, the formats being considered give you too much known plaintext
to make triple-encryption a useful way around the 40-bit-key silliness.
*/MIME has MIME headers, PGP has the (expendable but present) ------BEGIN.
A new MIME header like
X: parameters
where parameters are ignored would limit you to three bytes of known plaintext,
which is at least a start.
>The prevailing philosophy of the PGP people is that the PGP
>application itself should not decode MIME formats - that should be the
>job of a separate application. It seems to me that this is going
>against the tradition, though. In the past, if you got a PGP message,
>you just ran it through PGP. Now you won't be able to do that.
The prevailing philosophy is also that we need to build an API toolkit
so PGP components can be easily included into programs. This means that
PGP will inherently no longer be able to decode all the PGP-based messages,
which may have different layers of other material wrapped around them.
PGP/MIME is probably one of the better excuses for doing so, as are
improved keyring-handling applications.
> Earlier, I mentioned that two and a half protocols survived the
>day. The remaining one is MSP. It's actually not a bad protocol.
Where can we find the new specs for MSP?
> It was announced that there will be a free reference implementation
>of MSP, available to US citizens.
Will it be GAK-enabled?
#--
# Thanks; Bill
# Bill Stewart, [email protected] / [email protected] +1-415-442-2215
# http://www.idiom.com/~wcs Pager +1-408-787-1281