[7810] in cryptography@c2.net mail archive
Re: More thoughts on Man in the Middle attacks and PGP
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed Sep 13 23:27:33 2000
Mime-Version: 1.0
Message-Id: <v04210106b5e55cc7d0ec@[24.218.56.92]>
In-Reply-To: <39BE9CEA.DA589246@algroup.co.uk>
Date: Wed, 13 Sep 2000 12:50:56 -0400
To: Ben Laurie <ben@algroup.co.uk>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 10:15 PM +0100 9/12/2000, Ben Laurie wrote:
>"Arnold G. Reinhold" wrote:
>>
>> I had some more thoughts on the question of Man in the Middle attacks
>> on PGP. A lot has changed on the Internet since 1991 when PGP was
>> first released. (That was the year when the World Wide Web was
>> introduced as well.) Many of these changes significantly reduce the
>> practicality of an MITM attack:
>>
>> 1. The widespread availability of SSL.
>> SSL might be anathema to the PGP community since it depends on a CA
>> model for trust distribution, but it has become ubiquitous and every
>> personal computer sold these days includes an SSL enabled browsers
>> and a set of certs. If Bob fears he is under MITM attack, he can use
>> SSL to tunnel out. Several companies, such as hushmail.com, are
>> already using SSL to offer secure e-mail services. These can be used
>> directly by Bob to ask people at random to verify the version of
>> Bob's public key at the various PGP key servers.
>>
>> An even better approach would be to use SSL to secure connections to
>> PGP key servers in different parts of the world. This would force an
>> MITM to subvert all the key servers as a minimum.
>
>There's really nothing stopping an implementation of SSL that uses PGP
>for key verification. All that's really required at the end of the day
>is some ASCII (to check the server name) and a public key, verified
>according to the requirements of the, err, verifier.
>
Allowing SSL to accept PGP keys might be handy in other contexts, but
not here. If Bob wants to rule out a MITM attack and he somehow has
an active PGP key (other than his own) that he trusts, he can simply
send PGP-encrypted mail asking that key holder to verify Bob's public
key at the key servers.
The value of SSL in this context is that every PC comes with a set of
certs that can be used to validate an SSL link. (Mine came with 66
certs) Bob can walk into any computer store and buy a PC or a Windows
disk off the shelf. Unless the MITM attacker has access to the
private portion of these keys (perhaps a risk if your expected threat
is United Spooks of Earth), and is willing to risk that compromise
being exposed, his electronic bubble is pierced.
Arnold Reinhold
