[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP CAKware & IETF controlled Open-PGP standard




Adam Back writes:
 > Jonathan Seybold <[email protected]> writes:
 > > Adam, one aspect of your suggestion puzzles me:
 > > 	One thing which concerns me most is KNOWING when a message I send
 > > (or receive) could be read by someone else. The PGP CMR scheme makes this
 > > very clear: if there is an extra CMR key, the message may be read by
 > > whomever controls that key, if not, only the recipient may decrypt the
 > > message.
 > > 	If, however, the message is secretly re-encrypted to a corporate
 > > storage key AFTER it is received, I will never know that.
 > 
 > You will if you mark the key with this information.

This is a straw man anyway.  You don't know this now.  Someone you are
communicating with could already be forwarding plaintext to a third
party unbeknownst to the sender.  

This is a "do you trust the recipient" issue.

 > What I _am_ arguing is that in designing systems to provide companies
 > with data recovery mechanisms that you should a) not weaken security
 > more than necessary, and b) that it would be nice if you used a method
 > which doesn't introduce GAK compliancy for communications keys.
 > 
 > I presented I think in plenty of detail an alternate mechanism which
 > is both non-GAK compliant, and more secure.  So what is the problem?
 > Is there a technical flaw in my solution?

No.  But there is in their's(PGP Inc.) as I think you and others have
amply demonstrated.  The technical issues alone are enough to reject
usage of PGP5.5's CMR features.

It intrigues me that there has been virtual silence from PGP employees
on the technical issues.  Only Hal Finney via the IETF-Open-PGP has come
anywhere near commenting upon this.  I haven't seen anyone from PGP
Inc. comment on your data-recovery implementation ideas.  

In my optimistic moments, I take this as a sign that internally, PGP
inc. is giving consideration to producting more sensible and effective
solutions.  (Maybe even as outlined here)

 > > 	This means, I believe, that they should NEVER INVOLVE HIDDEN BACK
 > > DOORS THAT USERS ARE NOT AWARE OF.
 > 
 > Agreed.  You can flag backdoors with either solution.

See above.  The prescence of flags does not prevent this.  By
definition I might add ;).  Trust issues, etc. are involved.

 > It works well enough, but it could be made much more secure, by
 > separating storage key functionality from transient message key
 > functionality.  This would also give you the chance to resolve the
 > articificially created need for GAK compliancy, which arises because
 > you are being forced by this lack of distinction between key
 > functionalities to use one key for both long term storage and what
 > should be transient communications key usage.

Hal Finney's description of key sttributes indicate that implementing
separate storage keys would not be hard for PGP Inc to implement in
the next release.  

 > Decentralised control is good, of course, but the pgp5.5 and SMTP
 > policy enforcer is a ready to roll GAK system.  

Of course, other companies could have (and will) implement similar
systems.  That PGP, with it's reputation and stated policies, would is
surprising.  

Hopefully, PGP will live up to their reputation by realizing this
misstep and correcting it with a more secure, less GAK-compliant
implementation. 
 
 > The PGP bashing PGP observes is an attempt by the pro-privacy crypto
 > community to influence PGP to re-think the GAK compliancy, and to
 > point out the more secure way to implement corporate recovery of
 > stored email messages without GAK compliancy.
 > 
 > I reserve the right to bash any company which attempts to field GAK
 > compliant software.

The "bashing" in this notoriously harsh forum has been rather tender
in my view.

Perhaps the perception of "bashing" is based on recognition (and
guilt) that the CMR mechanism is flawed and goes against "the spirit
of PGP."  Methinks, y'all doth protest too much.
 
-- 
---------------------------------------------------------------------
Omegaman <mailto:[email protected]>|"When they kick out your front door,
   PGP Key fingerprint =        | How are you gonna come? 
   6D 31 C3 00 77 8C D1 C2      | With your hands upon your head,   
   59 0A 01 E3 AF 81 94 63      | Or on the trigger of your gun?" 
Send email with "get key" as the| -- The Clash, "Guns of Brixton"
"Subject:"to get my public key  |   _London_Calling_ , 1980
---------------------------------------------------------------------