[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shared keys, proxy encryption (was Re: PGP 5.5 CMR/GAK: a possible solution)

To: [email protected]
Subject: Re: shared keys, proxy encryption (was Re: PGP 5.5 CMR/GAK: a possible solution)
From: Adam Back <[email protected]>
Date: Wed, 22 Oct 1997 15:50:22 +0100
Sender: [email protected]

Forwarded with permission, Mark's response:

------- Start of forwarded message -------
Date: Wed, 22 Oct 1997 06:41:49 -0700 (PDT)
From: [email protected]
To: [email protected]
Cc: [email protected]
Subject: Re: shared keys, proxy encryption (was Re: PGP 5.5 CMR/GAK: a possible solution)

[email protected] wrote:

[Did you intend to send this to the list, or Bcc it? If so, please forward 
 a copy of this reply as well]

> What you're describing is an alternate use for CMR: to allow
> [email protected] to have attached to it the request that messages to
> that address be encrypted for all the sales people.
>
> Well that seems reasonable in a way.  Still potentially dangerous in
> that the NSA will soon enough be asking to be on every one's CMR list.

But that's *precisely* what I set out to avoid. The intention is to eliminate
the multiple-recipient encryption which is the real problem with PGP 5.5's
CMR. The NSA can easily put themselves at the top of the encryption hierachy,
but then all mail will *only* be encrypted to the NSA, and the recipient
will not be able to read it. Rather than encrypting to multiple recipients,
you would encrypt to a single key which is available to all those recipients.

> The other alternative is as you say: to have group keys which are
> shared amongst the sales people.  There are problems with this in
> managing the secure distribution of the shared key: sales manager
> creates it, and emails securely to all sales team members?
> Plausible I suppose.

Exactly. Or the individual sales-people create personal 'corporate use
keys' and escrow them, or the key is retained in a secure 'black box' which
takes incoming email encrypted to the sales department and outputs plaintext.
The point is that mail sent to that key can be recovered somehow, but 
confidential mail sent to their private, personal key cannot.

> Problem for both approaches is re-keying: what happens when Fred
> leaves the sales team to work for a competitor. 

I agree. But that can be solved in some fashion; the 'black box' approach,
for example.

> Really it seems to me that actually having half a dozen sales droids
> sharing a key, or being able to decrypt a message because they are all
> CMR enforced multiple crypto recipients is a security nightmare either
> way :-)

Sure, but better than a security nightmare *and* GAK.

> Reckon it would be arguably more secure to have the SMTP policy
> enforcer decrypt it for them, even.

Yep, that was one of the options I listed; the 'black box' above.

> I think what PGP are arguing for is ability to recover stored messages
> even if they are intended for one recipient only.  

But this is the one thing they don't seem to have a business case for. In
my system, if the mail was encrypted to that recipient's personal key rather
than a group key or an individual escrowed key, then the sender had a good reason to do so. In that case, the only reason a company could want to read 
the mail is for snooping on their employees. I don't believe that PGP or 
anyone else should be encouraging that.

The proxy key stuff seemed interesting, but not something that can be
implemented in the next few months. I'm thinking of this as a short-term
solution, not long-term.

    Mark
------- End of forwarded message -------

Prev by Date: Singapore TOILET ALERT
Next by Date: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
Prev by thread: Re: Singapore TOILET ALERT
Next by thread: Re: Bill Gates, the Bully Savior
Index(es):
- Date
- Thread