1997-07-03 - Re: PGP security problems?

Header Data

From: Hallam-Baker <hallam@ai.mit.edu>
To: “Robert A. Costner” <cypherpunks@toad.com
Message Hash: f3e0c43e1e9a202cfc15ebdc5502b25e58e1d08f0fa680e8b9206aac954eee73
Message ID: <33BBCB54.2781@ai.mit.edu>
Reply To: <199707030715.BAA26652@wombat.sk.sympatico.ca>
UTC Datetime: 1997-07-03 16:19:59 UTC
Raw Date: Fri, 4 Jul 1997 00:19:59 +0800

Raw message

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 4 Jul 1997 00:19:59 +0800
To: "Robert A. Costner" <cypherpunks@toad.com
Subject: Re: PGP security problems?
In-Reply-To: <199707030715.BAA26652@wombat.sk.sympatico.ca>
Message-ID: <33BBCB54.2781@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert A. Costner wrote:
> 
> At 01:18 AM 7/3/97 EST, Carolyn Turbyfill (probably didn't) write:
> >The email forgeries using bogus PGP keys to give the appearance
> >that the messages are from PGP, Inc. and our employees are the
> >result of a sick, twisted mind.
> 
> While a keyserver with no authentication has a very low barrier to entry
> for false authentication, the barrier is not that much higher for even a
> Verisign class three verification.  I've continually said that the biggest
> problem with secure authentication is that secure authentication is not
> possible.

I don't think thats a reasonable assertion at all. PGP is positing that
they have an online identification technique. Verisign are asserting
they
have performed a particular identification process and suggest that it
is 
sufficient for a particular purpose:

http://www.verisign.com/pr/pr_idfct.htm
Class 3 Digital IDs 

     Require personal presence or registered credentials

     Used for e-banking, large-sum transactions and contract execution

     Cost: $24/year for individuals, $290/year for entities/web servers
($75 per
     year renewal) 


If you are a bank or company that needs to depend on an identity inthis
circumastance the critical point is that you have a standardized level
of security. 

In electronic commerce it is rarely the case that one needs to reduce 
risk to zero. The question is whether you can quantify the risk you are
exposed to. Whether you can insure it.


> I hate to see people doing such things with keyservers and keys, but we all
> knew the problem existed.  I wonder where the solution is.

The solution is to put trust attributes in the certificates. If you
do an email callback you state that that is the identification 
process you used in the cert.

Two years back it would make sense to upgrade PGP certs to work in
this way. At this point however X.509v3 has become the standard,
the most commonly available form of email encryption is S/MIME
which is built into the default operating system from next year
and comes with Communicator. 

X509v3 may not be perfect but its there, it works and you can carry 
the same information and construct the same trust relationships that
PGP supports. You can also construct other relationships. Looking at
the practice of using X509v3 with Outlook Express I found that the 
actual mechanics of use were remarkably similar to PGP except that
it was easy to add in an entire trust domain such as my employer.

At this point I'm somewhat skeptical that a single vendor proprietary
solution should receive unquestioned support from cypherpunks on
the basis of history alone. The question is how to put cryptography
on every desk top on the planet. Bill Gates is a better aly in that
fight than Phil Z. 


I think its rather silly for people to start complaining on this 
list about the bad, bad, hackers. If we could trust people to be
good we would not need certificates or computer security at all.
Making unspecified and unsupported allegations against competitors 
seems to me to be a very bad idea indeed.



	Phill

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBM7s2017MfpC8gEO7EQI7pACg0285HGGqLevqRTFZnzpB59PS8yoAn1Wp
0b7D8YcrmSn9VbjmAq55nKWx
=fRuw
-----END PGP SIGNATURE-----






Thread