||ugh Daniel raises some questions about using public keys to verify pseudonyms:
Hal is somewhat right, anyone can use 'Secret Squirrel' and anyone can use any public key they want also.
But, once person A creates public key X, nobody else can sign messages using X. So if all messages from A are signed under X, we can know that they are all from the same person, even if they are sent anonymously or under a pseudonym.
So, in a many-to-one scope (as in a maillist) where the sender can not use the one-on-one signed signiture method how do we have proff of who the sender really is?
You can use signatures even in a many-to-one scope. Messages from a particular person could be signed and the signature appended to the message. Then anyone who has the public key can check to see who the message came from. The process is a little unwieldy now in PGP because you have to separate the signature and message into separate files and run PGP on the signature file. This should be streamlined.
[Good points about keeping track of key-pseudonym pairs] But all this needs to be done automaticly by the mailers and interfaces, else the system will be mis-used and folks will tire of the extra work that gets them little advantage.
Absolutely. The most crying need now, IMO, is to better integrate the cryptographic tools into mail readers and senders, so that it's not such a pain to use these things. People should be able to give a single command or press a button to decrypt an incoming message or encrypt an outgoing one. Only then will these features be used by average people. There was a message posted on alt.security.pgp describing how to use PGP with the Emacs mail reading program. I'd like to see more messages telling how to use it with other systems. Hal 74076.1041@compuserve.com
But, once person A creates public key X, nobody else can sign messages using X. So if all messages from A are signed under X, we can know that they are all from the same person, even if they are sent anonymously or under a pseudonym.
Who's to say that person B sees a message signed under X by person A. He copies the signature (X) onto the bottom of one of his messages and everyone thinks they can verify that it's from A but it's really from B. (makes sense to me anyway...) Chael Hall Chael Hall | Campus Phone Number iuvax!bsu-cs!nowhere | (317) 285-3648 00CCHALL@bsuvax1.bitnet | iuvax!bsu-cs!bsu-ucs!00cchall | "I hate it when that happens!"
The most pressing thing is not to integrate encryptions in mail handlers, but at the level of ether. Ether is an enormous security hole. I can walk up to anything running ether with my notebook, plug in, and listen to all traffic. Therefore, ether cards need public key encryption built in, so they can communicate with eachother in a secure way. This also applies to all other low level protocols. e
A signature on a message is dependent on the contents of the message; it is not a free floating bit of information. You can't copy a signature, therefore, without copying the message or find another message that hashes to the same value. This is the design criterion behind one-way functions--that you can't (feasibly) find a message that hashes to a given value. Eric
A genral and powerful method of makeing sure that Headders, Bodys and Signatures match is to use cyrpto-checksums. For example in NetNews I proposed changing the MessageId: headder such that part of the gobldyguk on the left side of the atsign was a crypto hash of the body of the message and some of the important sending host generated headders. With this system of MessageId:'s anyone who corrupts a message (intentionaly or otherwise) creates a bogus message, as the next machine that gets the message can see that the message does not match it MessageId: line. So, if we design the signature system right (with a field for a crypto hash, or some sort of secondarys signatures to in efect counter sign various includes such as the plain text) a plain text message can be signed in such a way that you can be sure that the text is the right text and none other. This can be sent over the airwaves as it is not hideing information but proveing that it is the right information! Systems like this would be *very* usefull right now, are simple to do (with good advice from Crypto Math types) and usefull to everybody. ||ugh
participants (5)
-
Eric Hollander -
Eric Hughes -
Hal -
hugh@domingo.teracons.com -
nowhere@bsu-cs.bsu.edu