Re: PGP security problems?
-----BEGIN PGP SIGNED MESSAGE----- In <33BBCB54.2781@ai.mit.edu>, on 07/03/97 at 11:55 AM, Hallam-Baker <hallam@ai.mit.edu> said:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Robert A. Costner wrote:
At 01:18 AM 7/3/97 EST, Carolyn Turbyfill (probably didn't) write:
The email forgeries using bogus PGP keys to give the appearance that the messages are from PGP, Inc. and our employees are the result of a sick, twisted mind.
While a keyserver with no authentication has a very low barrier to entry for false authentication, the barrier is not that much higher for even a Verisign class three verification. I've continually said that the biggest problem with secure authentication is that secure authentication is not possible.
I don't think thats a reasonable assertion at all. PGP is positing that they have an online identification technique. Verisign are asserting they have performed a particular identification process and suggest that it is
sufficient for a particular purpose:
http://www.verisign.com/pr/pr_idfct.htm Class 3 Digital IDs
Require personal presence or registered credentials
Used for e-banking, large-sum transactions and contract execution
Cost: $24/year for individuals, $290/year for entities/web servers ($75 per year renewal)
If you are a bank or company that needs to depend on an identity inthis circumastance the critical point is that you have a standardized level of security.
In electronic commerce it is rarely the case that one needs to reduce risk to zero. The question is whether you can quantify the risk you are exposed to. Whether you can insure it.
I hate to see people doing such things with keyservers and keys, but we all knew the problem existed. I wonder where the solution is.
The solution is to put trust attributes in the certificates. If you do an email callback you state that that is the identification process you used in the cert.
Two years back it would make sense to upgrade PGP certs to work in this way. At this point however X.509v3 has become the standard, the most commonly available form of email encryption is S/MIME which is built into the default operating system from next year and comes with Communicator.
X509v3 may not be perfect but its there, it works and you can carry the same information and construct the same trust relationships that PGP supports. You can also construct other relationships. Looking at the practice of using X509v3 with Outlook Express I found that the actual mechanics of use were remarkably similar to PGP except that it was easy to add in an entire trust domain such as my employer.
At this point I'm somewhat skeptical that a single vendor proprietary solution should receive unquestioned support from cypherpunks on the basis of history alone. The question is how to put cryptography on every desk top on the planet. Bill Gates is a better aly in that fight than Phil Z.
I think its rather silly for people to start complaining on this list about the bad, bad, hackers. If we could trust people to be good we would not need certificates or computer security at all. Making unspecified and unsupported allegations against competitors seems to me to be a very bad idea indeed.
Phil what can I say except this is just BULL! Last time I looked the S/MIME & X509 v3 specs were not in a finished state. What I have seen of the specs I do not like. The sepcs are overly complex and fail to offer any added security over what can be obtained using PGP. Then we have GAK directly referenced and supported in the specs:
5.1 Binding Names and Keys
An S/MIME agent or some related administrative utility or function MUST be capable of generating a certification request given a user's public key and associated name information. In most cases, the user's public key/private key pair will be generated simultaneously. However, there are cases where the keying information may be generated by an external process (such as when a key pair is generated on a cryptographic token or by a "key recovery" service).
Now lets add to this Netscapes support of weak crypto & their implementation of "policy tokens". Are these really the people you wish to trust with the future of crypto?? Are you willing to condem the world to Win95 & Communicator (2 of the bigest peices of crap I have ever seen passed of as comercial software). Phil Zimmerman has done more for putting STRONG crypto on every desktop than M$,N$,R$A or the rest ever have or ever will. Make no mistakes about it, our goal should be to put STRONG crypto on every desktop not just any weak peice of crap available. Weak crypto is worse than no crypto at all. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM7wJcY9Co1n+aLhhAQHL5AP+LHUhm9qzChoPIfZt3mClFCpk41Byx95D 0o/jxHBgyr1b4Xu96BiZXkNYn5Z/B7pXCyp8j5JU1nHs3een/n+Bg2V3gxZHK5hf dhAGyetvDHq1h9sxXtWi/3kVctJQN0dGH7TT7RRA46pG0CfIdn2LX/DbnI04COcf f3Xp+dve8wY= =PS/R -----END PGP SIGNATURE-----
participants (1)
-
William H. Geiger III