[8145] in cryptography@c2.net mail archive
Re: Is PGP broken?
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Wed Nov 29 19:12:56 2000
Message-ID: <024a01c059dd$52147210$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: "Bram Cohen" <bram@gawth.com>, "Russell Nelson" <nelson@crynwr.com>
Cc: <cryptography@c2.net>
Date: Wed, 29 Nov 2000 16:20:32 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Bram Cohen" <bram@gawth.com>
To: "Russell Nelson" <nelson@crynwr.com>
Cc: <cryptography@c2.net>
Sent: Wednesday, November 29, 2000 10:55 AM
Subject: Re: Is PGP broken?
> What we really need is a system which just stops passive attacks. The best
> idea I've come up with so far is for all outgoing messages to have a
> public key attached, and if you have the public key of an email address
> you're sending to you use it. If you receive a different public key than
> one you saw before, you overwrite the old one.
Uhm, that sounds dangerous: what if Mallet sent me a mail faking your return
address, and attaching his public key? My reply to you would be readable by
him.
In S/MIME this trick of attaching the public keys works because the they are
signed by a trusted (well, sort of) third party, which rarely changes
keypair.
> This doesn't stop active attacks at all, but would be very easy to use.
Then, sending plaintext would be even easier :-)
If it may of any comfort (or perhaps enhanced desperation), the S/MIME
community has similar headaches: in these days, the ietf-smime@imc.org list
is debating whether, in S/MIME v.3, RSA should be made a MUST algorithm
together with, or in alternative to, DSS and D-H. At this moment (RFC2630)
neither RSA nor RC2 are MUST, so interoperability is not guaranteed with v.2
agents...
Enzo
