1997-07-03 - Re: PGP security problems?

Header Data

From: “William H. Geiger III” <whgiii@amaranth.com>
To: cypherpunks@toad.com
Message Hash: ae24f07e49cc2f5de1b56b2e7f6dd9bed4ab00b9c73f14bbfc39ef9304ae01db
Message ID: <199707032025.PAA30172@mailhub.amaranth.com>
Reply To: N/A
UTC Datetime: 1997-07-03 20:37:03 UTC
Raw Date: Fri, 4 Jul 1997 04:37:03 +0800

Raw message

From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 4 Jul 1997 04:37:03 +0800
To: cypherpunks@toad.com
Subject: Re: PGP security problems?
Message-ID: <199707032025.PAA30172@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <33BBCB54.2781@ai.mit.edu>, on 07/03/97 
   at 11:55 AM, Hallam-Baker <hallam@ai.mit.edu> said:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1

>Robert A. Costner wrote:
>> 
>> At 01:18 AM 7/3/97 EST, Carolyn Turbyfill (probably didn't) write:
>> >The email forgeries using bogus PGP keys to give the appearance
>> >that the messages are from PGP, Inc. and our employees are the
>> >result of a sick, twisted mind.
>> 
>> While a keyserver with no authentication has a very low barrier to entry
>> for false authentication, the barrier is not that much higher for even a
>> Verisign class three verification.  I've continually said that the biggest
>> problem with secure authentication is that secure authentication is not
>> possible.

>I don't think thats a reasonable assertion at all. PGP is positing that
>they have an online identification technique. Verisign are asserting they
>have performed a particular identification process and suggest that it is

>sufficient for a particular purpose:

>http://www.verisign.com/pr/pr_idfct.htm
>Class 3 Digital IDs 

>     Require personal presence or registered credentials

>     Used for e-banking, large-sum transactions and contract execution

>     Cost: $24/year for individuals, $290/year for entities/web servers
>($75 per
>     year renewal) 


>If you are a bank or company that needs to depend on an identity inthis
>circumastance the critical point is that you have a standardized level of
>security. 

>In electronic commerce it is rarely the case that one needs to reduce 
>risk to zero. The question is whether you can quantify the risk you are
>exposed to. Whether you can insure it.


>> I hate to see people doing such things with keyservers and keys, but we all
>> knew the problem existed.  I wonder where the solution is.

>The solution is to put trust attributes in the certificates. If you do an
>email callback you state that that is the identification  process you
>used in the cert.

>Two years back it would make sense to upgrade PGP certs to work in this
>way. At this point however X.509v3 has become the standard, the most
>commonly available form of email encryption is S/MIME which is built into
>the default operating system from next year and comes with Communicator. 

>X509v3 may not be perfect but its there, it works and you can carry  the
>same information and construct the same trust relationships that PGP
>supports. You can also construct other relationships. Looking at the
>practice of using X509v3 with Outlook Express I found that the  actual
>mechanics of use were remarkably similar to PGP except that it was easy
>to add in an entire trust domain such as my employer.

>At this point I'm somewhat skeptical that a single vendor proprietary
>solution should receive unquestioned support from cypherpunks on the
>basis of history alone. The question is how to put cryptography on every
>desk top on the planet. Bill Gates is a better aly in that fight than
>Phil Z. 


>I think its rather silly for people to start complaining on this  list
>about the bad, bad, hackers. If we could trust people to be good we would
>not need certificates or computer security at all. Making unspecified and
>unsupported allegations against competitors  seems to me to be a very bad
>idea indeed.


Phil what can I say except this is just BULL!

Last time I looked the S/MIME & X509 v3 specs were not in a finished
state.

What I have seen of the specs I do not like. The sepcs are overly complex
and fail to offer any added security over what can be obtained using PGP.

Then we have GAK directly referenced and supported in the specs:

>5.1 Binding Names and Keys

>An S/MIME agent or some related administrative utility or function MUST
>be capable of generating a certification request given a user's public
>key and associated name information. In most cases, the user's public
>key/private key pair will be generated simultaneously. However, there
>are cases where the keying information may be generated by an external
>process (such as when a key pair is generated on a cryptographic token
>or by a "key recovery" service).
 
Now lets add to this Netscapes support of weak crypto & their
implementation of "policy tokens".

Are these really the people you wish to trust with the future of crypto??
Are you willing to condem the world to Win95 & Communicator (2 of the
bigest peices of crap I have ever seen passed of as comercial software).

Phil Zimmerman has done more for putting STRONG crypto on every desktop
than M$,N$,R$A or the rest ever have or ever will.

Make no mistakes about it, our goal should be to put STRONG crypto on
every desktop not just any weak peice of crap available. Weak crypto is
worse than no crypto at all.


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBM7wJcY9Co1n+aLhhAQHL5AP+LHUhm9qzChoPIfZt3mClFCpk41Byx95D
0o/jxHBgyr1b4Xu96BiZXkNYn5Z/B7pXCyp8j5JU1nHs3een/n+Bg2V3gxZHK5hf
dhAGyetvDHq1h9sxXtWi/3kVctJQN0dGH7TT7RRA46pG0CfIdn2LX/DbnI04COcf
f3Xp+dve8wY=
=PS/R
-----END PGP SIGNATURE-----






Thread