1994-12-28 - Re: Making sure a program gets to the receiver intact

Header Data

From: Matt Blaze <mab@crypto.com>
To: bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Message Hash: 7f7d142a8bf00eb1298e225056edc05530b337bd66a1e9d4b2eeb857b4a6cc87
Message ID: <199412280046.TAA26043@crypto.com>
Reply To: <9412280015.AA22592@anchor.ho.att.com>
UTC Datetime: 1994-12-28 00:45:01 UTC
Raw Date: Tue, 27 Dec 94 16:45:01 PST

Raw message

From: Matt Blaze <mab@crypto.com>
Date: Tue, 27 Dec 94 16:45:01 PST
To: bill.stewart@pleasantonca.ncr.com   +1-510-484-6204)
Subject: Re: Making sure a program gets to the receiver intact
In-Reply-To: <9412280015.AA22592@anchor.ho.att.com>
Message-ID: <199412280046.TAA26043@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stuart writes:
>>    How can I insure a program, once put on FTP sites stays untampered with?
... 
>On the other hand, without signatures, it's not too hard for a Bad Guy
>to store bogus files on the server and get them timestamped too -
>the user needs a good way to check for previous editions of the 
>document in the timestamp file.  With digital signatures,
>at least a given file has some internal consistency.
>
>>    The holes:
>>    1:  Someone hacking the keyservers, substituting a key for all the people
>>        who signed, and modifing the archive to show that.
>That's why keyservers are inherently non-trustable; the trust comes from
>the Web of Trust connections you have, though a keyserver run by a 
>widely-trusted person carrying only keys signed by him/her/it is stronger.
>
>>    2:  Someone breaking into my apt, sticking a keyboard monitor on, getting
>>        my passphrase and key.
>Yup.  That's a problem with signatures.
>

Another, practical, problem with integrity checks (both signatures
and timestamps) for files on public archive servers is that the
receiver has to expect them and know how to verify them.  Current
ftp and www clients certainly don't have facilities to do this
automatically, and neither do users have reason to suspect foul
play if a timestamp or signature is missing for some file.  It's
somewhat analogous to the situation ten years ago when some nut
was lacing over-the-counter drugs with poison and putting the
packages back on the shelf.  The major drug companies responded by
including tamper-evident seals on their packages, but until consumers
learned to expect the seals, all the bad guys had to do was remove
the seal entirely before replacing the tainted packages.  In the short
term, given today's infrastructure, there's not a lot you can do.

Of course, in the medium- and long- term, the best solution is to
design good schemes and deploy them widely enough that people learn
to expect them.

-matt





Thread