[689] in Kerberos
Re: using kerberos for secure mail
daemon@TELECOM.MIT.EDU (John Gilmore)
Mon Apr 10 05:33:05 1989
From: hoptoad!gnu@ucbvax.berkeley.edu (John Gilmore)
To: kerberos@ATHENA.MIT.EDU
Jeffrey Schiller proposed a scheme for secure mail. At first reading
it strikes me that the mail key transmission service will be contacted
many times per message (once by the sender and once by each recipient)
and will get a full list of who is sending the mail and who all the
recipients are. To me this sounds like a perfect place to do traffic
analysis ("intelligence gathering" in which an adversary finds out who
is talking to who). It would not even be necessary to break into
the MKS, most of what you need is in the addresses in the packet headers.
I would prefer a protocol where local systems can cache the private
keys of the people who they talk to often, and could generate their own
session keys if required, so that a central key server would only be
able to track a small fraction of the traffic.
Mr. Schiller's proposal also seems to require:
* that the full list of recipients be divulged to each recipient
(including bcc's)
* that the recipients must contact the mail key server to decrypt
the received message *from the addressed machine*, that is, if they
have their mail forwarded elsewhere, they will be unable to decrypt
it since their new location is not on the "recipient list".
--
John Gilmore {sun,pacbell,uunet,pyramid,amdahl}!hoptoad!gnu gnu@toad.com
"Use the Source, Luke...."
Copyright 1989 John Gilmore; you may redistribute only if your recipients may.
