[7709] in cryptography@c2.net mail archive
[Fwd: A note to the public - relayed from Ralf Senderek]
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Aug 26 15:16:35 2000
Message-ID: <39A7E85A.14C137DD@algroup.co.uk>
Date: Sat, 26 Aug 2000 16:55:06 +0100
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Cryptography <cryptography@c2.net>
Content-Type: multipart/mixed;
boundary="------------60A4F484ADA011F54D97788D"
This is a multi-part message in MIME format.
--------------60A4F484ADA011F54D97788D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
--------------60A4F484ADA011F54D97788D
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Received: from mailgate.algroup.co.uk (mailgate.algroup.co.uk [194.128.162.5]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with SMTP id NAA29740 for <ben@freeby.ben.algroup.co.uk>; Sat, 26 Aug 2000 13:00:31 +0100
Received: (qmail 29185 invoked by uid 1002); 26 Aug 2000 12:00:16 -0000
Received: (qmail 859 invoked from network); 26 Aug 2000 12:00:15 -0000
Received: from bagpuss.oucs.ox.ac.uk (exim@163.1.2.37)
by mailgate.algroup.co.uk with SMTP; 26 Aug 2000 12:00:15 -0000
Received: from majordom by bagpuss.oucs.ox.ac.uk with local (Exim 2.12 #1)
id 13SecP-0006lF-00
for ukcrypto-outgoing@bagpuss.oucs.ox.ac.uk; Sat, 26 Aug 2000 12:59:25 +0100
Received: from mta1.cl.cam.ac.uk
([128.232.0.15] helo=wisbech.cl.cam.ac.uk ident=exim)
by bagpuss.oucs.ox.ac.uk with esmtp (Exim 2.12 #1)
id 13SecO-0006l2-00
for ukcrypto@maillist.ox.ac.uk; Sat, 26 Aug 2000 12:59:24 +0100
Received: from rake.cl.cam.ac.uk
([128.232.8.86] helo=cl.cam.ac.uk ident=rja14)
by wisbech.cl.cam.ac.uk with esmtp (Exim 3.092 #1)
id 13SecO-0001nW-00
for ukcrypto@maillist.ox.ac.uk; Sat, 26 Aug 2000 12:59:24 +0100
To: ukcrypto@maillist.ox.ac.uk
Subject: A note to the public - relayed from Ralf Senderek
Date: Sat, 26 Aug 2000 12:59:24 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Message-Id: <E13SecO-0001nW-00@wisbech.cl.cam.ac.uk>
Sender: owner-ukcrypto@maillist.ox.ac.uk
Precedence: bulk
Reply-To: ukcrypto@maillist.ox.ac.uk
-----BEGIN PGP SIGNED MESSAGE-----
A note to the public.
I have been warning repeatedly to use newer versions of PGP for over
two years now. In a study I put on the net in August 1998 which is
also present on the PGP-International website I expressed my valuation
of the ADK-problem which came with the newer versions.
May I cite one sentence from my earlier work:
"I do not know which mechanism will prevent a user's public key to be
linked with another faked message recovery key without the user's
consent or knowledge."
I expressed my fear that this can happen and hoped that there will be
security-checking mechanisms to prevent this. But not knowing much about
the details of signatures and packages in 1998 I finally started to put
this to a test because in the meantime almost everyone got used to the
new keys.
Completing my study and making sure that everyone who repeats my tests
will get the same results I presented my study to the public on Tuesday
22nd August 2000 and informed persons working on computer security
immediately.
So I did not find a bug in the PGP-source code, that was Steve Early
working with Ross Anderson after having studied my experimental research
at Cambridge on Wednesday.
I discovered that there simply is no checking done, not even the attempt
to detect unauthorized manipulations of public keys.
This is not a bug, this is a scandal, because NAI put ADKs into PGP
without caring about simple manipulations. Obviously there has never been
a well thought-out security strategy and most of the relevant information
the public got from NAI concerning ADKs was completely untrue as my
experiments reveal.
No quick debugging will solve this situation and the damage being done
to the reputation of PGP by everyone who supports Additional Decryption Keys.
I am opposed to Additional Decryption Keys, as you know, but I do not want
people to turn away from PGP. I would like to see people getting rid
of the ADK-problem actively by checking the keys they use and avoiding
the new signature type.
"Use PGP-classic in a reliably secure environment." That would be my
advice if I had 49 characters left on the telegram.
Ralf Senderek
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBOae3cimc/oJTgiNJAQFsQAP+L+KfUcsDBkM3oGjSPEs/L1I04WGfhPjH
lRzqJYsNEN69A6K72eg1x8zHkeKGfIGQlS2eC9QbE4ZX4GTblh3Kdc8GXzCHRMSi
O2i1U765L7/0HbwKPSpyHZXMu96T0UpXSxJN61YqgKMr3zpreyySHBHWCCMLOjLv
sSqoFUCBnaw=
=8nRq
-----END PGP SIGNATURE-----
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek <ralf@senderek.de> * What is privacy *
* http://senderek.de * without *
* Tel.: 02432-3960 Sandstr. 60 D-41849 Wassenberg * PGP-2.6.3i? *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
--------------60A4F484ADA011F54D97788D--
