[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how to release code if the programmer is a target for coercion (fwd)

Hash: SHA1

At 02:35 AM 1/15/98 -0600, Jim Choate wrote:

>I'm assuming this has something to do with the eternity server/black_net
>discussion that has been going on. So I'll take a stab at it, not that it
>may make any sense in the actual context ...
> - You generate the code and sign it
> - You deliver the signed code to a data haven server of some architecture
>   (note that you don't know where it is or who runs it, I'll assume you
>    use some particular usenet newsgroup as your drop point)
> - Somebody else comes along and sees a list of available items and
>   yours (again through a usenet based request mechanism).
> - They receive the code signed with 'your' key and decide they want to
>   verify the signing (through yet another usenet channel).
>The problem with this model is in the second step. What is to keep them
>from removing your signatory, moding the code, and then resigning it. If
>recipient desides they want to check the sign they have two choices:
> - select an anonymous key that has been previously stored on some sort of
>   key server.
>   (if they are running a eternity server blind they could be running a
>    key server blind as well, it follows that at least some of the
>    users of your software wanting to verify the signing will go to this
>    server and hence have corrupted code, if we're using the usenet model
>    this is even more likely since they could be running a feed point for
>    other usenet feeds downstream and hence capture many if not all
>    for the product, especialy if they were the only server to actualy
>    carry a copy.)
> - contact you the author directly (I'm assuming of course you were silly
>   enough to put a publicly available key directly traceable to yourself
>   on it in the first place) in which case they simply intercede from a
>   upstream tap and verify their request in your behalf.
>In either case there is no guarantee that what comes off the server is
>what you the source put on there. Hence the long term security of the key
>is compromised. In particular, in the second case, since they already know
>who provided the illicit data to the server there motive is clearly to
>track the users. This breaks the anonymity of the data haven.
>Implicit in a workable data haven model is the goal of both source and
>anonymity. This means that any signed data on the server must provide a
>mechanism for the user to verify the sign by access to a suitable key to
>generate the appropriate hash and compare it to the one that the server
>delivered. If they match you should have the correct unadulterated

Jim, there are > 2 parties in the matter being discussed:  the author of
the item (who wishes to remain anonymous), the person who wishes to use the
item (who probably wishes to remain anonymous), and N
reviewers/authenticators of the item, who may or may not wish to be
anonymous.  In the case of the reviewers, signature verification may be
possible outside of the BlackNet/Eternity structure.  For example, I could
look at the source for Joes Awesome CryptoKillerApp, or the latest manual
from GunzenBomz Pyro-Technologies, and sign the files indicating that I
cannot find any security flaws or that I tried some of the "recipes" and
blew up a local pedophile's house.

My key is publicly available at the MIT keyserver; it has been since PGP
5.0 came out.  I have posted hundreds of times to Cypherpunks; most of
these posts have been signed with my key and include the fingerprint of my
key.  It would be fairly difficult for any attacker to forge a signature
with a false key; it would involve either rubber-hosing my passphrase,
changing history on all the Cypherpunks archives (including any on the item
end-user's machine and on the machines of all the Cypherpunks they
correspond with), or re-creating my private key from my public one.  A
similar situation exists for other entities that customarily sign their
posts, such as Bill Geiger, Monty Cantsin (assuming he ever got around to
posting his public key), Nerthus, etc.  "Certified by #314159" does not in
itself inspire confidence, but if hundreds of signed writings by #314159
exist, such that #314159 has high reputation capital, it begins to do so,
assuming that #314159's passphrase hasn't been rubber-hosed or otherwise

Version: PGP for Business Security 5.5


Jonathan Wienke

PGP Key Fingerprints:
7484 2FB7 7588 ACD1  3A8F 778A 7407 2928
3312 6597 8258 9A9E D9FA  4878 C245 D245 EAA7 0DCC

"If ye love wealth greater than liberty, the tranquility of servitude
greater than the animating contest for freedom, go home from us in peace.
We seek not your counsel, nor your arms. Crouch down and lick the hand that
feeds you. May your chains set lightly upon you; and may posterity forget
that ye were our countrymen."
-- Samuel Adams

"Stupidity is the one arena of of human achievement where most people
fulfill their potential."
-- Jonathan Wienke

Never sign a contract that contains the phrase "first-born child."

When the government fears the people there is liberty.
When the people fear the government there is tyranny.
Those who live by the sword get shot by those who don't. 

RSA export-o-matic:
print pack"C*",split/\D+/,`echo "16iII*o\[email protected]{$/=$z;[(pop,pop,unpack"H*",<>