Re: secure sign & encrypt
Jon Callas <jon@callas.org> Tue, 21 May 2002 18:38 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA23768 for <openpgp-archive@odin.ietf.org>; Tue, 21 May 2002 14:38:52 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g4LIWK002054 for ietf-openpgp-bks; Tue, 21 May 2002 11:32:20 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4LIWJL02050 for <ietf-openpgp@imc.org>; Tue, 21 May 2002 11:32:19 -0700 (PDT)
Received: from [192.168.1.126] (63.84.37.127) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2); Tue, 21 May 2002 11:32:16 -0700
User-Agent: Microsoft-Entourage/10.0.0.1331
Date: Tue, 21 May 2002 11:31:50 -0700
Subject: Re: secure sign & encrypt
From: Jon Callas <jon@callas.org>
To: vedaal <vedaal@hotmail.com>, OpenPGP <ietf-openpgp@imc.org>
Message-ID: <B90FE0A6.3655%jon@callas.org>
In-Reply-To: <OE46AW4eE2FGwQ21ju200000454@hotmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
On 5/21/2002 8:36 AM, "vedaal" <vedaal@hotmail.com> wrote: > Also, could the MDC be utilized to prevent such substitutions, by detecting > alterations of any of the packets? No. The MDC protects the contents of the symmetric encryption. It does not protect the ESKs. Nothing protects them, beyond their own encryption. It would be possible, for example, to make an SMTP server that took a PGP message with several ESKs in one message, and explode that into N messages, each with only one ESK. If such a thing existed, the receiver could not detect it. As Derek mentioned, you could even put in utterly bogus MDCs. These could never be detected as bogus unless you happened to have the key that opened it. There are a number of interesting "harrassment attacks" that you can do. For example, let's suppose I run a server that's an intermediate between Alice and Bob. I intercept a message Alice's message, and then add in an ESK that's encrypted to the Lotus Notes/NSA key that Adam Back created into a PGP key. This is utterly bogus -- I just made up some 128 bit number and encrypted it to that key. But I insert it in the message and send it on to Bob. If Bob concludes that Alice is CCing the NSA on messages, then that's a not unreasonable conclusion to draw. I can just sit back and snicker. It's important to understand what's in the envelope and what is not in the envelope. The ESK is like the address on an envelope. It's not in the envelope. It's outside the envelope and is not protected. Jon
- secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt vedaal
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Hal Finney
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Jon Callas
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Peter Gutmann
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt David P. Kemp
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Matthew Byng-Maddick
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Dominikus Scherkl
- RE: secure sign & encrypt Dominikus Scherkl
- Re: secure sign & encrypt disastry
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt disastry
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Derek Atkins
- Re: secure sign & encrypt Derek Atkins
- RE: secure sign & encrypt Terje Braaten
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Peter Gutmann
- Re: secure sign & encrypt Michael Young
- Re: secure sign & encrypt Paul Hoffman / IMC
- RE: secure sign & encrypt Terje Braaten
- Re: secure sign & encrypt Brian M. Carlson
- Re: secure sign & encrypt Jon Callas
- Re: secure sign & encrypt Adrian 'Dagurashibanipal' von Bidder
- RE: secure sign & encrypt john.dlugosz
- RE: secure sign & encrypt Terje Braaten