From: rcain@netcom.com (Robert Cain)
To: cypherpunks@toad.com (cypherpunks)
Message Hash: 77a854ef8490930c989c2cb6d375d4ae273ee78acf3aa836be67b8b8ed8834a6
Message ID: <199403020133.RAA14793@netcom9.netcom.com>
Reply To: <m0pbaXM-000C52C@wet.uucp>
UTC Datetime: 1994-03-02 01:32:27 UTC
Raw Date: Tue, 1 Mar 94 17:32:27 PST
From: rcain@netcom.com (Robert Cain)
Date: Tue, 1 Mar 94 17:32:27 PST
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: Insecurity of public key crypto #2 (reply to May)
In-Reply-To: <m0pbaXM-000C52C@wet.uucp>
Message-ID: <199403020133.RAA14793@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
Peter Davidson sez:
>
> >This is the famed "key distribution problem."
> >
> >With public key methods, this problem is largely solved. Each person
> >can generate his or her own key, publish the public key part of it,
> >and be done with it.
>
> It's not that simple. Terry Ritter has pointed out on sci.crypt that
> the problem with PGP is the validation of public keys used. In other
> words, the security hole in the use of PGP is not in the encryption
> methods used, or in the use of PGP itself, but in the possibility of
> being duped by someone (or some nefarious federal agency) spreading
> bogus public keys. It's not enough to have a public key which you
> believe is the public key of a person you wish to communicate securely
> with - you also have to be sure that the private key which corresponds
> to this public key is known only to that person, in other words, that
> the public key really did come from the person you believe it came
> from. If you get the (presumed) public key of some person X from some
> directory of public keys, or from some third party, how can you be
> sure it didn't originate with someone who wants to monitor all the
> encrypted messages being sent to X? Terry Ritter has explained how a
> third party can place themselves in the middle of encrypted communications
> between two people using PGP and monitor everything they say to each other
> - and this without having to crack RSA or IDEA.
Ah, yes. The man in the middle again. If a protocol existed that
could guarantee detection of the man in the middle, then it would only
need be used once with each conversant to exchange public keys reliably.
The whole problem of public key distribution would then be solved.
As many of you know, I believe such a protocol exists. :-)
Without this detection capability in some form, public key has few
advantages except that you only need one of them. A signfigant
advantage, I admit but it doesn't seem to solve anything. Exchanging
keys between point A and point B requires a chain of trust with no
possibility of a man in the middle, not the sort of thing people want
to mess with.
Peace,
Bob
--
Bob Cain rcain@netcom.com 408-354-8021
"I used to be different. But now I'm the same."
--------------PGP 1.0 or 2.0 public key available on request.------------------
Return to March 1994
Return to “wet!naga (Peter Davidson)”