Re: Insecurity of public key crypto #1 (reply to Mandl)
: From rarachel@prism.poly.edu Tue Mar 1 21:44:58 1994 : Subject: Re: Insecurity of public key crypto #1 (reply to Mandl) : To: ejohnson@pmip.dist.maricopa.edu (Eric Johnson) : Cc: cypherpunks@toad.com : X-Mailer: ELM [version 2.4 PL21] : Content-Type: text : Content-Length: 1207 : : > Would it not make sense, therefore, to publish a public cypherpunks : > mailing list key, which is returned with subscription requests? : > All incoming message cleartext to the mailing list server would : > then be encrypted in the server's key; not for security, but : > precisely for the reason you state above. That _would_ create : > quite a volume of encrypted communications to each recipient of : > the list. : : Please don't do that. I don't want to go through hoops to read this : mailing list. It's already cumbersome as is. Adding PGP in the soup : would make things very nasty. I'd rather not use PGP except for private : messages. That was exactly the point Eric Hughes was making; it is not a good strategy to save encryption for only private communications. Besides, procmail (or similar) should be able to handle piping incoming cypherpunks traffic through the decryptor, so the hoop would be transparent anyway. No muss, no fuss. --Eric
Eric Johnson says:
: Please don't do that. I don't want to go through hoops to read this : mailing list. It's already cumbersome as is. Adding PGP in the soup : would make things very nasty. I'd rather not use PGP except for private : messages.
That was exactly the point Eric Hughes was making; it is not a good strategy to save encryption for only private communications.
Besides, procmail (or similar) should be able to handle piping incoming cypherpunks traffic through the decryptor, so the hoop would be transparent anyway. No muss, no fuss.
So, will procmail run for someone getting this mailing list via CCMail under DOS? There are people doing that, you know. Its one thing to write tools so people can encrypt their routine PRIVATE mail. Its another thing to encrypt mailing lists read by hundreds of people. The former can be adjusted on a case by case basis -- the latter cannot. Perry
"Perry E. Metzger" writes:
Eric Johnson says: [in reply to bits about encrypting The List]
Besides, procmail (or similar) should be able to handle piping incoming cypherpunks traffic through the decryptor, so the hoop would be transparent anyway. No muss, no fuss.
So, will procmail run for someone getting this mailing list via CCMail under DOS? There are people doing that, you know.
Ah - so provide an unencrypted list for the software-challenged and the merely lazy. The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours. Do I need to insert the stereotype that those who can't run procmail are probably experiencing worse delays than the above thanks to their UUCP feed? Or is enough to use the "information*timeliness=value" argument that's been advanced in the past to advocate encrypting traffic *to* the list? Either way, the rhetorical advantage still lies in the turnaround time to the list.
Its one thing to write tools so people can encrypt their routine PRIVATE mail. Its another thing to encrypt mailing lists read by hundreds of people. The former can be adjusted on a case by case basis -- the latter cannot.
I believe it's traditional to reply "Indeed." nathan
(I've changed the subject line to something much shorter than the 2 lines+ of the previous subject line. And hopefully more germane to my point.) Nathan Loofbourrow writes:
Ah - so provide an unencrypted list for the software-challenged and the merely lazy.
The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours. ... I believe it's traditional to reply "Indeed."
Indeed---NOT! I don't consider myself especially "lazy" when it comes to this list, nor do I consider myself "software-challenged." I connect to the Net from my home Mac IIci or PowerBook 170 over a 14.4 modem line to Netcom, an Internet service provider many of you are familiar with. Once on Netcome, I have access to a wide range of standard UNIX tools. However, I do NOT run PGP on these machines! Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or even "MailSafe" in rare circumstances) on my *home* machine, after first downloading the mail with "Eudora 2.0," a nice off-line mail reader. It still takes several steps, as most of you can imagine. I don't plan to start using PGP on insecure machines, even with a shortened "UNIX-grade" key. Especially not for a mailing list, where encryption is pointless (except to increase encrypted traffic a bit). Downloading and then decrypting 100 or more messages a day is not a viable option, and such a move would cause me to unsubscribe from the list rather quickly. (To clarify this: I read the list with "elm," when I am on Netcom doing other things as well, like reading NetNews, and am thus able to delete about half of all messages before eventually--every few days, typically--dowloading the whole batch. Encrypted traffic would make this screening and immediate response much more difficult.) If Nathan is running PGP on a multi-user system, such as campus machines at Ohio State, he is likely deluding himself about actual security. Others at the site may already have his private key and passphrase captured. If he is running PGP on his own private machine, with good Net connectivity, congratulations. Most of us--I think it's safe to say--don't have these options. Many are reading from university accounts, from commercial services like CompuServe, and even from multiple services (depending on location). Not running PGP on each and every message doesn't mean we're lazy--it means we've got better things to do with our time. As for Nathan Loofbourrow's charge that this must mean I am lazy and/or software-challenged, I suggest he try writing more posts for this list and/or writing code. Sorry to sound harsh, but calling us lazy and software-challenged is not addressing the real issues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
Timothy C. May writes:
As for Nathan Loofbourrow's charge that this must mean I am lazy and/or software-challenged, I suggest he try writing more posts for this list and/or writing code.
I'll address the last first: I meant to imply neither. I don't think encrypting traffic from cypherpunks tomorrow would have the desired effect. However, I'll gladly work towards the day when such a change can be transparent to its readers.
I connect to the Net from my home Mac IIci or PowerBook 170 over a 14.4 modem line to Netcom, an Internet service provider many of you are familiar with. Once on Netcome, I have access to a wide range of standard UNIX tools. However, I do NOT run PGP on these machines!
Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or even "MailSafe" in rare circumstances) on my *home* machine, after first downloading the mail with "Eudora 2.0," a nice off-line mail reader. It still takes several steps, as most of you can imagine.
I don't plan to start using PGP on insecure machines, even with a shortened "UNIX-grade" key. Especially not for a mailing list, where encryption is pointless (except to increase encrypted traffic a bit).
I would like to see greater independence from the list. With the help of anonymous mailing and forwarding services, and with the use of a secure machine, I may be able to read and respond to the list without ever betraying my participation. Why announce to the world that I read cypherpunks if I don't have to?
Downloading and then decrypting 100 or more messages a day is not a viable option, and such a move would cause me to unsubscribe from the list rather quickly. (To clarify this: I read the list with "elm," when I am on Netcom doing other things as well, like reading NetNews, and am thus able to delete about half of all messages before eventually--every few days, typically--dowloading the whole batch. Encrypted traffic would make this screening and immediate response much more difficult.)
Your particular connectivity and the ease of reading mail on-line seem to have conspired to make decryption (as well as offline reading and archiving!) quite onerous. If you lack a secure, connected machine at the office, and have no IP (or UUCP!) service at home, I think you're at a strong disadvantage towards reading any encrypted traffic at all. Is there no means for you to automate offline mail reading? The user with a 300 baud modem and a VT100 terminal at home should not expect to be practicing secure encryption. Any better-equipped user has the hardware needed to encrypt and decrypt securely -- they just haven't written the software.
If Nathan is running PGP on a multi-user system, such as campus machines at Ohio State, he is likely deluding himself about actual security. Others at the site may already have his private key and passphrase captured. If he is running PGP on his own private machine, with good Net connectivity, congratulations. Most of us--I think it's safe to say--don't have these options. Many are reading from university accounts, from commercial services like CompuServe, and even from multiple services (depending on location). Not running PGP on each and every message doesn't mean we're lazy--it means we've got better things to do with our time.
Point taken; but if you receive unencrypted mail on a multi-user system, you're likely deluding yourself about its security as well. I am motivated to provide the list to anyone that wants it without advertising your subscription (and its traffic) to your service provider. Anonymous posting, meet anonymous subscribers. I can think of several reasons why cypherpunks would not be the only list for which encrypted traffic might be desired.
Sorry to sound harsh, but calling us lazy and software-challenged is not addressing the real issues.
"Indeed." I hadn't intended this to be taken as name calling. Really. nathan
Why announce to the world that I read cypherpunks if I don't have to?
This is one reason that we have not disable the 'who' command on the toad.com majordomo server. If you want the public not to know you're on the cypherpunks list, get and use an alias.
Point taken; but if you receive unencrypted mail on a multi-user system, you're likely deluding yourself about its security as well.
There are two issues here. I don't mind reading most mail on a shared machine, but I'm sure as hell not going to let my private key inside its RAM. Eric
The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours.
I'll consider doing this after a whole bunch more stuff is developed, like checking for digital signatures on posts and delaying those without them. We're now running majordomo for the list, so if these features get added to the standard majordomo distribution, we could more easily deploy them. That's a hint, since I have higher priority things to work on. Eric
Excerpts from internet.cypherpunks: 2-Mar-94 Increasing the encrypted/un.. by Eric Hughes@ah.com
The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours.
I'll consider doing this after a whole bunch more stuff is developed, like checking for digital signatures on posts and delaying those without them.
We're now running majordomo for the list, so if these features get added to the standard majordomo distribution, we could more easily deploy them. That's a hint, since I have higher priority things to work on.
Well, I know that this might be a bit of a "crazy" idea, but would the best way to distribute an encrypted mailing list be to have a PGP setup where there is a public key to the mailing list, and all recipients are given copies of the secret key? I know that it might be a bit stupid from the security side, but if each person was using PGP, the secret key would be PGP encrypted and sent with that person's public key, ensuring that only subscribers would get it, and then using that secret key to decrypt the messages as they are recieved? Just wonderin'.... Anthony
On Wed, 2 Mar 1994, Anthony D Ortenzi wrote:
Well, I know that this might be a bit of a "crazy" idea, but would the best way to distribute an encrypted mailing list be to have a PGP setup where there is a public key to the mailing list, and all recipients are given copies of the secret key? I know that it might be a bit stupid from the security side, but if each person was using PGP, the secret key would be PGP encrypted and sent with that person's public key, ensuring that only subscribers would get it, and then using that secret key to decrypt the messages as they are recieved?
Just wonderin'.... Anthony
I think you are probably not thinking about how Public key systems work. It doesn't matter which key you use, public or private, each one reverses the effect of the other. In this case what you are calling the secret key would really be the public key, and vice-versa. You are just asking that the public key be known only among the recipients of the list. _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -===
participants (7)
-
Anthony D Ortenzi -
Eric Johnson -
hughes@ah.com -
Jeremy Cooper -
Nathan Loofbourrow -
Perry E. Metzger -
tcmay@netcom.com