1996-03-01 - Re: a brief comparison of e-mail encryption protocols

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>
Message Hash: 84dbc5c1bc224a627e92842f31a3761dffc2390f18ed5cc944d20fba906d4135
Message ID: <199603011617.LAA15140@toxicwaste.media.mit.edu>
Reply To: <960301090649.202002a4@hobbes.orl.mmc.com>
UTC Datetime: 1996-03-01 16:19:09 UTC
Raw Date: Fri, 1 Mar 96 08:19:09 PST

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 1 Mar 96 08:19:09 PST
To: "A. Padgett Peterson P.E. Information Security"    <PADGETT@hobbes.orl.mmc.com>
Subject: Re: a brief comparison of e-mail encryption protocols
In-Reply-To: <960301090649.202002a4@hobbes.orl.mmc.com>
Message-ID: <199603011617.LAA15140@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

I think we are in violent agreement here...

> I disagree but then my worldview is different. For personal use the
> compact distributed system is workable however when you start thinking
> in terms of a large distributed organization, the quanta changes.
> Mention was made of the difficulty of handling 20,000 keys. I am looking at
> over 80,000 today and over 200,000 tomorrow *for a single organization*. For
> quantities like this, a hierarchial system of management seems inevitable.

Perhaps you misunderstood what I mean by "central keyserver model".
What I mean by that is the status quo, where we have a set of central
keyservers and each keyserver knows about each key.  When I say that
this will disappear, I mean that we will move towards a more
distributed system, similar to the DNS for looking up hostnames.  Yes,
we will need a distributed, hierarchial [sic] system in the future,
and if we want to continue using PGP we will need to provide a simpler
way to use that.

> First, I am not about to give up my personal PGP key, it is trustworthy and
> effective for my needs. It is not necessarily incompatable with an 
> organizational structure.

This is true.

> However *for the organization* something else is needed. I can see a 
> future in which the bulk of the population has only two keys: their own
> and the punlic key of their post office (not talking USNail - private ones
> though not saying the US might not operate one as well).

I disagree.  I know the addresses of the people with whom I
communicate regularly.  I know my parent's USnail address, my
grandparents', my SO's, etc.  I dont need to tell the Post Office
"Send this to my parents" and trust them to do it.  I give them a
destination address and trust them to send it to the proper
destination.  The same thing is true in the electronic world.  I put a
destination on the email, give it to the mailer, and trust it to send
it to the appropriate destination.

A similar anology can be made when I dont know an address: I ask
someone for it.  Same thing with an email address/PGP key, I need to
ask for it before I can use it.

The same thing is true of hostnames.  I can find a hostname<->IP
address for just about any host on the planet.  Do I have them all on
my local disk?  No, of course not.  I look them up when I need them.
However, I do cache local copies of the names I frequently use.

> As noted, a hierarchal mechanism will be needed for key retrieval -
> only local keys and "frequent fliers" will be kept locally. Not new
> concept, just not used by post offices that I know of today.

Yes, this is true.  And it is used -- its called regional phone books.
If I want to get a number for someone, I go to the regional phone book
and look them up.  I have to know something about them first, so I
know where to look.  If I asked you to find the machine
"incommunicado" and tell me it's IP address, what would you do?  You'd
have to look in every domain for machines named "incommunicado".
However, if you knew that I meant "in the 'ihtfp.org' domain", you'd
know exactly where to look.  The same is true of phone numbers.  The
same is true for keys.

> Will need a bit of fleshing out and expect the end-state to be 2-4 years out
> but is a good time to think about it.

True.  The problem is that with PGP messages, the only information
about keys is a "random" keyID.  From a keyID there is no way to
determine that key unless you already have it.  This means that if you
do not already have the key, you have no way to find that key.  See
the problem?  This is like the "find 'incommunicado'" problem above.

What I propose is to modify, slightly, the PGP signature certificate
to add a "hint" field.  This hint field would tell you where to look
for the key.  This is the way to add the "ihtfp.org" info to the
PGP signature.

I hope this clears up any misconceptions...