1995-09-15 - Re: Scientology/Wollersheim as test case for key disclosure

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: hallam@w3.org
Message Hash: 6b75980e674a7866f795e441b66b7697210e923269d6a6ec821705c3fdcb007f
Message ID: <199509150908.CAA22173@ix3.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-15 09:09:11 UTC
Raw Date: Fri, 15 Sep 95 02:09:11 PDT

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 15 Sep 95 02:09:11 PDT
To: hallam@w3.org
Subject: Re: Scientology/Wollersheim as test case for key disclosure
Message-ID: <199509150908.CAA22173@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:42 PM 9/9/95 -0400, Phill wrote:
>One solution to this problem would be to modify PGP so that the session key
for 
>the document was released rather than the passphrase for the public key. The 
>former would provide only read access, the latter would allow th
scientologists 
>to forge Wollerstein's signature on other material. In addition many of the 
>documents may be subject to privillege.

It wouldn't be hard, though I'm not sure it's much different from requiring
the owner of the public key to decrypt the document in the first place.
It does give you some verifiability (somebody else can take the session key
and demonstrate that encrypting it with the recipient's public key does or 
does not produce the encrypted-key string in the document being verified.)
If that's what you plan to use it for, you would also need to have the
entire padded session key and not just the session key itself.

Total amount of work to implement - another command-line option, a print
statement,
and maybe another command-line option and bit of code to allow decryption of a
public-key-encrypted document using a command-line-supplied session key.
#---
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






Thread