1997-10-22 - Re: PGP 5.5 CMR/GAK: a possible solution

Header Data

From: amp@pobox.com
To: mark@unicorn.com
Message Hash: 65957c4a48ba38555cb02a867bbe959c74fdb9d037af6a3acdc514ca6ce6882d
Message ID: <Chameleon.877513698.amp@rcnu3077>
Reply To: <877514566.20581.193.133.230.33@unicorn.com>
UTC Datetime: 1997-10-22 11:57:44 UTC
Raw Date: Wed, 22 Oct 1997 19:57:44 +0800

Raw message

From: amp@pobox.com
Date: Wed, 22 Oct 1997 19:57:44 +0800
To: mark@unicorn.com
Subject: Re: PGP 5.5 CMR/GAK: a possible solution
In-Reply-To: <877514566.20581.193.133.230.33@unicorn.com>
Message-ID: <Chameleon.877513698.amp@rcnu3077>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

mark@unicorn.com was heard to whisper to several hundred people:
=snip=

> The effect of this is that if someone wants to send email about an urgent
> bug and I'm out at lunch, any of my co-workers can read that mail. But if
> they want to send *me* mail about confidential inter-company negotiations,
> the co-workers could decrypt the outer layer of the message, but would be
> blocked by the inner layer encryption to my personal key. 

> As I see it, this system is simple, solves the problems which PGP claim
> they need to solve without creating the snooping problems Tim and others
> have discussed, cannot easily be adapted to GAK ('This message is to be
> encrypted to the FBI public key. If it is confidential, click here to
> superencrypt to the recipient's personal key'), and won't require a
> massive change to the PGP source code. 

> There are some obvious security issues with having the department key
> shared amongst the members of the department, but I don't see that they
> are any worse than PGP's current CMR implementation, which has already
> discussed the use of department keys; it's certainly better than using
> plaintext. There are also problems with encrypting confidential mail to
> multiple recipients, but they're surmountable; an easy solution, if you
> don't care about traffic analysis, is to only encrypt confidential mail
> to the personal key rather than superencrypt with the corporate key. In
most 
> cases such mail wouldn't be sent to multiple recipients anyway. 

This isn't quite as bad as the current setup with pgp5.5. We've set up
something almost like this within my department. We have a shared key for
the department, and private keys individually. I'm pretty leery of the
concept of a shared group key, but for certain types of messages, it is not
too terrible a solution. Of course, you have problems when someone leaves
the group, as you now have to change the master key for the group. I'd
actually prefer to be able to use conventional crypto for when we need to
distribute new passwords amongst my group, as it is easier to deal with ftmp
(for the group where i work anyway) without the difficulties of having to
revoke/reissue the dept key.

One thing that I think PGP needs more than anything else, is to make it easy
to build lists of keys to encrypt to. Version 4.5 has this feature, which is
why I'm using it. I would hope that 5.5 does, and will also let the user
create whatever type of keys he wants and use conventional crypto as well.
I'm expecting a copy here soon, so will get to play with it then.

I can't say I really like version 5.0 much.


- ------------------------
Name: amp
E-mail: amp@pobox.com
Date: 10/22/97
Time: 05:37:49
Visit me at http://www.pobox.com/~amp
==
     -export-a-crypto-system-sig -RSA-3-lines-PERL
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
==

'Drug Trafficking Offense' is the root passphrase to the Constitution.

Have you seen 
http://www.public-action.com/SkyWriter/WacoMuseum
- ------------------------

-----BEGIN PGP SIGNATURE-----
Version: 4.5
Comment: Strong Encryption Is Your Friend

iQEVAgUBNE3Z0/pLP0N7vZi7AQGS1QgAnDOauulYt+eCWfKeK1Lsnx/goxVYGIIc
FiGb6qySEJRzoohtcWNnwppdNgsaMJBzmgjPad2CX7WjtrOUavybP/W+9hlTRn0T
UVUg++CLBvyNwD5bxRdnLFqeUw2tUkIgfGw0Eyef3LQ0M6jwuczYj/YMCvL7RR7e
INhZfX2sVGfl6e2/p01M8b+KmjQZ4U5SDD8HcQRC1I4+g8qqnsenzVqwel2tRbmg
kjWE5nJwC755Y0I7gqMPWgYMu2FUS/0RVjehDCh9RhuwhUuC3vxUG0oeFMkFwiR1
uJi6KRtQPElVb9wOuN7/jTQodgOfabE0or0b0+G1JNrYYo9MxEvieg==
=n7SF
-----END PGP SIGNATURE-----






Thread