From: dsc@swcp.com (Dar Scott)
To: cypherpunks@toad.com
Message Hash: 7e060219e5b0f7d2c3c4eb03a2389e5cbdee6fa80e9d42520081176a9aa95da6
Message ID: <v01510100ac77f0effd65@[198.59.115.132]>
Reply To: N/A
UTC Datetime: 1995-09-10 05:13:50 UTC
Raw Date: Sat, 9 Sep 95 22:13:50 PDT
From: dsc@swcp.com (Dar Scott)
Date: Sat, 9 Sep 95 22:13:50 PDT
To: cypherpunks@toad.com
Subject: Re: Scientology/Wollersheim as test case for key disclosure
Message-ID: <v01510100ac77f0effd65@[198.59.115.132]>
MIME-Version: 1.0
Content-Type: text/plain
Phill <hallam@w3.org> wrote,
>One solution to this problem would be to modify PGP so that the session
>key for
>the document was released rather than the passphrase for the public key. The
>former would provide only read access, the latter would allow th
>scientologists
>to forge Wollerstein's signature on other material. In addition many of the
>documents may be subject to privillege.
It seems to me that if this kind of risk was seen ahead of time that a
method doing the equivalent using ordinary PGP commands could be agreed
upon by all involved. The document could be encrypted using "PGP
conventional encryption" and the pass phrase for that could then encrypted
using the public key. The encrypted document would thus consist of these
two parts. The breaking of the traditional decryption into it's two parts
would not be needed--superficial use of PGP would work.
The owner of the public key--who is in possession of the document encrypted
as suggested--when threated by an attacker--who is also in possession of
the document--with an unbearably high cost for not giving up his secret key
can offer to give up the the password for the "PGP conventional
encryption".
This method does not define how the password is obtained and that might be
a weakness.
I confess I'm new to PGP (and this subject in general) and am ignoring the
suggestion in Tim May's FAQ that newbies try not to look clueless.
Dar Scott
===========================================================
Dar Scott Home phone: +1 505 299 9497
Dar Scott Consulting Voice: +1 505 299 5790
8637 Horacio Place NE Email: darscott@aol.com
Albuquerque, NM 87111 dsc@swcp.com
Fax: +1 505 898 6525
http://www.swcp.com/~correspo/DSC/DarScott.html
===========================================================
Return to September 1995
Return to “dsc@swcp.com (Dar Scott)”
1995-09-10 (Sat, 9 Sep 95 22:13:50 PDT) - Re: Scientology/Wollersheim as test case for key disclosure - dsc@swcp.com (Dar Scott)