From: Tim May <tcmay@got.net>
To: cypherpunks@Algebra.COM
Message Hash: add58c2961196769c63838ffe38ae905ca71134e4ab8a8030f8a91ecf221d19d
Message ID: <v03102801b06ac04e5a12@[207.167.93.63]>
Reply To: <199710141935.PAA13621@beast.brainlink.com>
UTC Datetime: 1997-10-15 19:27:38 UTC
Raw Date: Thu, 16 Oct 1997 03:27:38 +0800
From: Tim May <tcmay@got.net>
Date: Thu, 16 Oct 1997 03:27:38 +0800
To: cypherpunks@Algebra.COM
Subject: Security flaws introduced by "other readers" in CMR
In-Reply-To: <199710141935.PAA13621@beast.brainlink.com>
Message-ID: <v03102801b06ac04e5a12@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain
At 11:10 AM -0700 10/15/97, Eli Brandt wrote:
>Non-technical point: the NSA (reportedly) has no intention of using
>GAK for classified information. They know that it weakens security.
>
>Do the privacy of the nation's data and the security of its
>information infrastructure deserve the same consideration as the
>Pentagon's "Confidential" memos? When you're planning to build in a
>single point of failure, this is a question you have to ask.
This also applies to CMR as well. Whatever the perceived business reasons
for CMR, the fact is that it introduces additional failure points. No
longer will Alice and Bob be secure that at least there are no "other
readers" in the channel between them (what they do with the plaintext after
decryption is of course solvable by no technology).
And, contrary to some of what we've been hearing, even corporations have
continuing needs to know that a communication between Alice and Bob, within
a corporation or crossing the corporate boundary, is not being listened to
by any other person. Merger negotiations are one obvious example.
(There are workarounds, I suppose. CMR could have a "override" switch to
turn off the CMR to a second key. But who decides on this? Maybe a signed
message from a suitable higher-up? Ah, the complexity. And executives
wanting to bypass CMR can and will use other channels. So many of the goals
of CMR are out of reach....)
Instead of choosing an example where CMR apparently "works," such as
Crispin's example of a corporation using CMR to detect (as if it weren't
detectable in other ways!) that an employee is operating a porn ftp site
from company computers, let me throw out some examples where CMR introduces
flaws into a security system.
* Andy Grove sends a PGP 5.5-encrypted message to T.J. Rodgers, CEO of
Cypress Semiconductor, outlining the plans for Cypress to be acquired by
Intel. However, Cypress has implemented CMR, and one of the "second
readers" of Andy's message is the cryptically-named (no pun intended)
"CCCP" (Corporate Crypto Compliance Police), staffed by security guards and
personnel management droids. Major security flaw.
(Sure, one can imagine various levels of "second readers." But I rather
doubt that most of them will be _offices_, with changing staffs. While one
could, for example, designate "Gordon Moore" to be the second reader of all
files encrypted to Andy Grove's key, I rather doubt this is the way CMR
will play out.)
* Craig Livingstone, at whitehouse.gov, is the Key Compliance Officer for
all communications entering or leaving the White House. Enough said?
* Sheep-dipped cutouts in defense companies await their orders from DoD,
but find that other readers in their companies are monitoring them.
And so on.
"Three can keep a secret if two of them are dead." (Ben Franklin)
What will of course happen is that these "security flaws" will be plugged
by subterfuge. People will stop using the corporate mail for many such
tasks, and will use nonwork accounts. With some loss of efficiency, and
even more opportunities for leaks. (If firewalls are in place, on outside
net connections, employees can just dial out. Or use Metricom Ricochet
modems, if conditions are favorable for reception. Or wait until they go
home.)
In fact, CMR will mostly just mean bland, interdepartmental messages get
"recovered." As I said before, this is a pretty crude way to implement a
kind of corporate archiving of information.
Truly sensitive stuff--stuff about takeovers, foreign production plans, new
products, etc.--will be encrypted with channels having no nosy security
guards or Corporate Crypto Compliance Police silently listening in.
Which means we're back to square one. So why does PGP, Inc. bother?
And why should OpenPGP squander efforts worrying about this?
--Tim May
The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Return to October 1997
Return to “Tim May <tcmay@got.net>”