Tim May <tcmay@got.net> writes:
This also applies to CMR as well. Whatever the perceived business reasons for CMR, the fact is that it introduces additional failure points. No longer will Alice and Bob be secure that at least there are no "other readers" in the channel between them (what they do with the plaintext after decryption is of course solvable by no technology).
I thought that was the whole point of the PGP design. It makes the presence of third parties clear and visible to all participants. This seems to be the fundamental principle. PGP is designed to allow Alice and Bob to be informed if third party access is built in. Key escrow and re-encryption are inherently less visible forms of message access.
Anonymous writes:
I thought that was the whole point of the PGP design. It makes the presence of third parties clear and visible to all participants. This seems to be the fundamental principle.
I have noticed serveral PGPers use this fallacy also. It is a fundamental irrelevance. If PGP Inc has selected this principle as a guiding principle then they're nuts. It matters not one whit what `statement of intent' you mark PGP CMR extended public keys with. That statement is semantically meaningless as a design principle because it is utterly unenforceable. Here are two examples to show how your expectation can be broken: - the user decrypts your message encrypted to a `company access' key, and then proceeds to post it to cypherpunks - you send a message encrypted to a `company access' key, but the company screwed up and lost the private half of the company access key In neither case is the statement of intent honoured. There are lots of other ways to not honour such statements of intent, such as perhaps forwarding a copy to your own supervisor at your company, or printing out on paper and giving to secretary to file for future reference.
PGP is designed to allow Alice and Bob to be informed if third party access is built in. Key escrow and re-encryption are inherently less visible forms of message access.
re-encryption and forwarding tends to be GAK pervertable, it violates design principle 2 as explained in corollary 1 of the anti-GAK principles. Do not do this. (I didn't realise the full danger of this construct until recently, and is one result which fell out of the exercise of developing a codified set of design rules to guide protocol designers away from building GAK-compliant or GAKker-useful software). "Key escrow" is too perverted a term to know even what you are referring to. If you mean data recovery (my CDR proposal) it is _exactly_ as visible as CMR. You can affix all the statements of intent you like to it. (For all the good it will do you.) There can be no enforcement of statement of intents. All you can do is hope that companies are not lying; encourage them to behave in ways which you consider ethical. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Adam Back wrote:
Anonymous writes:
I thought that was the whole point of the PGP design. It makes the presence of third parties clear and visible to all participants. This seems to be the fundamental principle.
I have noticed serveral PGPers use this fallacy also. ... It matters not one whit what `statement of intent' you mark PGP CMR extended public keys with. That statement is semantically meaningless as a design principle because it is utterly unenforceable.
Since I am always right, let me give you the benefit of my thoughts on a few things. (No need to bow at my feet, I'm always willing to help.) I have no doubt that the government's framing of the Escrow/Recovery debate has had an influence on those companies who wish to be compliant enough with emerging standards to remain in business. In a perfect world, those with 'good intentions' would have the time and resources to do things totally 'right,' both in a technological manner and in exercising the highest standards of principles and ethics. In reality, the industry is moving so fast that any company who dallys about, trying to make the perfect product, might well find that 'Pretty Freeh Privacy' has the encryption market locked up, and besides, they don't make Intel CPU's any more--that was _last_ week. PGP is being castigated for, by way of analogy, not producing a gun that can _only_ be used for self-defense, and _not_ for killing the (imaginary) innocent. Unfortunately, for PGP, this is not unreasonable, since PGP's reputation capital was built on a level of standards and integrity which go far beyond *only* business concerns. Phil Zimmermann, before he sold out his principles (just kidding!), wrote a documentation for PGP which did not contain a Madison Avenue pitch assuring the user that if they used PGP on their work machine, they could let rapists and murders use it, without fear of their encrypted home address being compromised. I truly believe that much of PGP's reputation is a result of people reading the documentation and having the program's author point out the _weaknesses_ and _vulnerabilties_ in his product, pointing out what it could and could _not_ do. I respected the points that Jon was making in his first long post defending PGP's new product, but I was also saying, "Bullshit!" as I read on. Why? Because while the benefit of the software lies in what it _does_ do, the danger lies in what it _doesn't_ do. How can Jon convince me that the PGP product is their best possible effort, to date, and that PGP will strive to improve the product's ability to resist misuse by fascists, while giving the individual user as much knowledge and control as possible in the product's use? He can do so by telling me that he wakes up at night, screaming, in fear of having helped to create the crytp equivalent of the atomic bomb, when the product is in the hands of the fascists. (Not that I expect him to be stupid enough to say this on the product packaging.)
There can be no enforcement of statement of intents. All you can do is hope that companies are not lying; encourage them to behave in ways which you consider ethical.
Governments, corporations and crypto munitions don't kill people. People kill people. When death camps are computerized, the software used will be named, "I Am Just Following Orders." ("I don't put the in in the gas chambers, I just boot the computer.") I have to admit to being somewhat amused by Jon taking a Cypherpunk to task for being loud, rude, and ranting. Is this your first time on the list, Jon? The Right Guy ~~~~~~~~~~~~~ Tomorrow: The Solution to World Peace
At 2:45 PM -0700 10/15/97, Anonymous wrote:
Tim May <tcmay@got.net> writes:
This also applies to CMR as well. Whatever the perceived business reasons for CMR, the fact is that it introduces additional failure points. No longer will Alice and Bob be secure that at least there are no "other readers" in the channel between them (what they do with the plaintext after decryption is of course solvable by no technology).
I thought that was the whole point of the PGP design. It makes the presence of third parties clear and visible to all participants. This seems to be the fundamental principle. PGP is designed to allow Alice and Bob to be informed if third party access is built in. Key escrow and re-encryption are inherently less visible forms of message access.
My explicit point was about what happens to plaintext _after_ it has been received. Not an exceptionable point, it seems to me. CMR doesn't tell anybody anything about who later sees the plaintext (it can't, which was my point). And CMR of course does not actually stop the practice of requiring employees to physically "escrow" keys. I would expect that most companies now requiring employees to deposit copies of their keys may well continue to do so. (And I'll bet the CMR keys are _also_ required to be escrowed...the CMR keys are too valuable not to be copied multiple times.) Finally, I stand by my point that it introduces security weaknesses in the model. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (4)
-
Adam Back -
Anonymous -
The Right Guy -
Tim May