[4462] in cryptography@c2.net mail archive
Re: PGP 6.5/PGPnet Announcement!
daemon@ATHENA.MIT.EDU (Michael Paul Johnson)
Tue Apr 6 19:44:03 1999
Date: Tue, 06 Apr 1999 15:39:31 -0600
To: Jim Gillogly <jim@acm.org>, cryptography@c2.net
From: Michael Paul Johnson <mpj@ebible.org>
In-Reply-To: <370A6B2B.EE2EF1D3@acm.org>
At 01:14 PM 4/6/1999 -0700, Jim Gillogly wrote:
>Michael Paul Johnson wrote:
>>> Of course this is dangerous, but there is a demand for it. Not everyone
>>> wants bomb-proof security. ... The real cure, of course, is to so
>>> tightly and easily integrate security into email that it is as easy
>>> as this to use, but not as risky.
>
>Steven M. Bellovin responded:
>> There's bomb-proof security, and there's "security" that itself is a time
>> bomb. I fear that self-extracting decryptors are much closer to
>> the latter than to the former -- very much closer.
>
>I agree with Steve about this part. These programs are much like
>the active email bogosities, which should never be allowed to
>operate without the user's informed consent -- and I don't regard
>accepting Windows defaults as constituting informed consent. But
>supplying weak cryptography to people even with caveats can give
>them a fatally false sense of security. If they could tell at a
>glance that their communications were weak, they might use them
>more safely.
Of course. This problem can be solved by providing the recipient with a
"real" security program instead of a "self-decrypting" executable, then
sending the encrypted data separately. Of course, this is also subject to
the very same active attack. The attacker merely forges a message from you,
offering an upgrade to the "real" security program that sereptitiously also
mails the password(s) and/or plaintext back to him, and hopes that the
recipient doesn't notice the lack of a digital signature.
_______
Michael Paul Johnson
http://ebible.org/mpj
