|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Wed, 22 Sep 2004 14:40:08 +0100 From: Ben Laurie <ben@algroup.co.uk> To: Ed Gerck <egerck@nma.com> Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com> In-Reply-To: <414CD2DF.6010002@nma.com> Ed Gerck wrote: > Ben Laurie wrote: > >> Ed Gerck wrote: >> >>> If the recipient cannot in good faith detect a key-access ware, or a >>> GAK-ware, or a Trojan, or a bug, why would a complete background >>> check of the recipient help? >> >> >> Let's assume for a moment that a solution exists that satisfies your >> requirements. Since the recipient _must_ be able to read the document >> in the end, and is assumed to be incapable of securing their software, >> then the document is still available to third parties without the >> consent of the sender, is it not? > > > The recipient was not assumed to be entirely incapable of securing his > software. The recipient can be trusted to do a number of things that are > basic, for example, to operate an email software. In fact, we can even > assume a pretty sophisticated recipient, trained to use all the security > email software systems commercially available. Still, the recipient will > be incapable of verifying whether his RSA private-key is weak or not. Thus, > even fully unwillingly and under best efforts, the recipient can put the > sender's message security at risk when using that recipient's RSA public- > key. Since they are using good software, the key is known to be strong, surely? >> It seems to me that fixing the PK "problem" would in no way improve >> the senders situation given that threat model. > > The sender's situation can be improved mostly when the sender trusts the > least possible (ideally, nothing) regarding message security. In other > words, the sender would like to avoid anything that is not under control or > cannot be directly verified by the sender. Doing a background check of the > recipient is orthogonal to the PK problem. It does not help nor solve it. I didn't suggest a background check would help. I am suggesting that if you cannot rely on the recipient (or their machine) to manage keys properly, then you also cannot rely on them to manage decrypted emails properly. Cheers, Ben. -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |