At 5:00 PM -0800 12/4/97, James A. Donald wrote:
-- I have produced a program that, like PGP, provides digital signatures and communications encryption. http://www.jim.com/jamesd/Kong/Kong.htm This is the first beta. Please beta test this product.
Actually, it's more fun to beta test the product concept than it is the product itself, especially since I don't use Windoze these days. First of all, the product Kong is not solving the same problem PGP was designed to solve: PGP follows the classic approach to e-mail encryption, with certificates to address MIM and personal authentication issues. Kong only concerns itself with individuals' cyberspace identity. But there's something appealing to this simplifying notion, and I'm interested in anything that makes crypto easier for people to understand and use. I admit I can't figure out what crypto mechanism Kong is really using since there's obfuscating talk of passphrases and secrets. But I can see how I'd do it with conventional public key mechanisms. The 123 byte (or whatever) string included in the message would incorporate a digital signature over the message plus the public key used to produce the signature. Thus, each message contains an internal integrity check. Recipients also would be able to compare the public keys used to sign two or more messages allegedly from the same recipient and verify that they were signed by the same entity. (technical nit: I'd prefer to put the PK in a special message header field and only stick the digital signature data in the message body, like PGP). Since Kong does not use certificates, it is vulnerable to the Man in the Middle (MIM) attack and indeed to forgery. However, I also suspect that the behavior of a long lived cyberspace identity would make a MIM attack detectable and/or impractical in the long run. If John Doe consistently includes a public key in his web site, messages, and postings, then recipients have a relatively independent way to validate the key being used in a message allegedly from him. The public key is literally associated with the cyberspace identity and its "reputation capital." Since no third party is attesting to the identity, you could argue that it's exclusively established by the holder's cyberspace reputation. This is an interesting property. Key revocation remains a problem, as with any PK system. The key holder essentially starts over associating reputation capital with the new key. This could be weird (but the topic of an interesting tale) if the revoked key was actually disclosed to an adversary and actively used in forgeries. As mentioned above, I haven't used the produt itself. But the underlying concept may represent a practical subset of classic e-mail security. Rick. smith@securecomputing.com Secure Computing Corporation "Internet Cryptography" at http://www.visi.com/crypto/ and bookstores