From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 9 Oct 1997 01:22:09 +0800
To: frantz@netcom.com
Subject: Re: What's really in PGP 5.5?
In-Reply-To: <v03007809b060c1553f4f@[207.94.249.179]>
Message-ID: <199710081011.LAA00865@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Bill Frantz <frantz@netcom.com> writes:
> At 2:27 PM -0700 10/7/97, Jon Callas wrote:
> >favorite way of expressing this problem is, "if you lose the keys to your
> >car, then you have to get a new car."
> 
> Now email is a confounding medium because it is both a transient
> communication medium and a storage medium.  We would like to be able to
> have protection against losing access to our stored data, at the same time
> we are sure that those who violate our trust and intercept our
> communications can not read the data, when it is sent or at any time in the
> future.
> 
> PGP 5.5 seems to have a solution to the "lose your data" problem.  It does
> not seem to address the secure deletion problem.

If PGP wants to archive data sent or received, well they can do so, but
sending encrypted communications over open networks encrypted to _two_ long
term public keys is bad security practice.


There are two reasons which are given as to why someone might want to
have GAK installed for company use.

1. to allow access to important material lost in the mail system in the
event that an employee is hit by a bus

2. to allow management to spot check the emails being sent and received


Argument 1 seems pretty flimsy to me.  I reiterate my comment in an earlier
post: who in their right mind keeps their _only_ copy of ultra valuable
company information bouncing around in the email system?  Did those arguing
for this position not notice that sometimes email gets lost in transit?

Regardless, if PGP claims to be catering to those who use this argument, and
to not want to try that hard to make it impossible to by-pass, the more
secure, and less GAK friendly way to do it is to have the mail client
software archive the email sent and received.


Argument 2 I find somewhat distasteful, but seems to me to be logically what
PGP's implementation is catering for.  A less GAK friendly way to implement
it, and a more secure (communications secure, not saying anything about GAK
being easier or harder to by-pass) way would be to archive for a while the
session keys. The security advantage being that the email doesn't go out
with the session key encrypted to 2 long term public key encryption keys.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`