[3148] in cryptography@c2.net mail archive
Re: We don't need a PKI to build universal strong encryption
daemon@ATHENA.MIT.EDU (Greg Rose)
Wed Aug 5 23:26:41 1998
To: John Gilmore <gnu@toad.com>
cc: cryptography@c2.net
In-reply-to: Your message of Wed, 05 Aug 1998 10:50:14 MST.
<199808051750.KAA28487@toad.com>
Date: Thu, 06 Aug 1998 11:53:39 +1000
From: Greg Rose <ggr@qualcomm.com>
John Gilmore writes:
>Universal strong encryption does NOT require a public-key infrastructure!
>
>The Diffie-Hellman "key agreement" protocol can agree on keys to
>protect 99.99% of the traffic with no additional public-key crypto,
>and no infrastructure. Widely deployed D-H that then keys Triple-DES
>or some other strong cipher would protects against all passive attacks
>except traffic analysis. It would require specific intervention in
>your phone call with customized equipment -- or physically bugging
>your house -- to recover the contents of the message.
Note that this is exactly the design goal of "ssmail", a publicly
available (from Australia) patch to Sendmail. It protects completely
against passive attacks, but completely omits authentication. Doing
authentication out of band would be pretty easily added.
Ssmail is available at
http://www.home.aone.net.au/qualcomm
Ssmail was implemented by Damian Bentley while he was a summer intern
here; it works, but: (a) sparsely documented, (b) needs to be upgraded to
8.8.9 sendmail.
Both of these will be fixed as soon as we get a chance.
>But let's do steps one and two first -- there is NOTHING the government
>can do to stop us!
I heartily agree (in fact the idea to do ssmail came from a conversation
John and I had at Crypto last year).
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
QUALCOMM Australia VOICE: +61-2-9181 4851 FAX: +61-2-9181 5470
Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F
