1995-09-10 - Re: Scientology/Wollersheim as test case for key disclosure

Header Data

From: dsc@swcp.com (Dar Scott)
To: cypherpunks@toad.com
Message Hash: 7e060219e5b0f7d2c3c4eb03a2389e5cbdee6fa80e9d42520081176a9aa95da6
Message ID: <v01510100ac77f0effd65@[198.59.115.132]>
Reply To: N/A
UTC Datetime: 1995-09-10 05:13:50 UTC
Raw Date: Sat, 9 Sep 95 22:13:50 PDT

Raw message

From: dsc@swcp.com (Dar Scott)
Date: Sat, 9 Sep 95 22:13:50 PDT
To: cypherpunks@toad.com
Subject: Re: Scientology/Wollersheim as test case for key disclosure
Message-ID: <v01510100ac77f0effd65@[198.59.115.132]>
MIME-Version: 1.0
Content-Type: text/plain


Phill <hallam@w3.org> wrote,
>One solution to this problem would be to modify PGP so that the session
>key for
>the document was released rather than the passphrase for the public key. The
>former would provide only read access, the latter would allow th
>scientologists
>to forge Wollerstein's signature on other material. In addition many of the
>documents may be subject to privillege.

It seems to me that if this kind of risk was seen ahead of time that a
method doing the equivalent using ordinary PGP commands could be agreed
upon by all involved.  The document could be encrypted using "PGP
conventional encryption" and the pass phrase for that could then encrypted
using the public key.  The encrypted document would thus consist of these
two parts.  The breaking of the traditional decryption into it's two parts
would not be needed--superficial use of PGP would work.

The owner of the public key--who is in possession of the document encrypted
as suggested--when threated by an attacker--who is also in possession of
the document--with an unbearably high cost for not giving up his secret key
can offer to give up the the password for the "PGP conventional
encryption".

This method does not define how the password is obtained and that might be
a weakness.

I confess I'm new to PGP (and this subject in general) and am ignoring the
suggestion in Tim May's FAQ that newbies try not to look clueless.

Dar Scott


===========================================================
Dar Scott               Home phone: +1 505 299 9497

Dar Scott Consulting         Voice: +1 505 299 5790
8637 Horacio Place NE        Email: darscott@aol.com
Albuquerque, NM  87111              dsc@swcp.com
                               Fax: +1 505 898 6525
http://www.swcp.com/~correspo/DSC/DarScott.html
===========================================================







Thread