[801] in cryptography@c2.net mail archive
Re: CACK without GAK
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon May 12 12:39:29 1997
In-Reply-To: <199705111752.KAA02850@crypt.hfinney.com>
Date: Mon, 12 May 1997 09:06:23 -0700
To: Hal Finney <hal@rain.org>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
At 10:52 AM -0700 5/11/97, Hal Finney wrote:
>Also, it is not clear that simply making the level of access known
>to the person encrypting is sufficient to prevent a system of GAK.
>Once a mechanism is in place to share secret keys, the government could
>require it to be used for everyone. I am sure you will agree that even
>if you knew that every message you sent were readable by the government,
>that would not make the practice acceptable.
I think Hal is making a mistake in assuming there is no way to share secret
keys. With PGP, if I give you a copy of my keyring and the passphrase, we
are sharing the key.
The idea of shared corporate keys seems very promising. (And please don't
get too excited about sharing. We share symmetric keys all the time.)
When I send an email order to V2 Graphics, I am sending to their order
processing department.* I am not sending to any of the individuals
currently working in that department. I should be using a departmental (or
corporate wide) key.
There are still a few practical problems. Say Joe has been caught stealing
jelly beans from the CEO's private stash and has been fired for cause. Joe
also knows the corporate key. Now Joe can intercept orders and steal the
credit card numbers. For the sake of argument, the key can not be changed
because its fingerprint has been published in a paper catalog. (Note that
this same problem would exist if orders were sent to Joe's key, but then
when Joe left, the corporation could not decrypt their orders.)
* Plug: V2 Graphics gave me very good service on an order for a PGP hat.
-------------------------------------------------------------------------
Bill Frantz | God could make the world | Periwinkle -- Consulting
(408)356-8506 | in six days because he did | 16345 Englewood Ave.
frantz@netcom.com | not have an installed base.| Los Gatos, CA 95032, USA
