FlowerFunds - Fund Raising Program
sfaquestions@sendflowersamerica.com Wed, 30 August 2000 08:23 UTC
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA22176 for <openpgp-archive@odin.ietf.org>; Wed, 30 Aug 2000 04:23:18 -0400 (EDT)
Received: by ns.secondary.com (8.9.3/8.9.3) id BAA01660 for ietf-openpgp-bks; Wed, 30 Aug 2000 01:00:17 -0700 (PDT)
Received: from sendflowersamerica.com ([206.168.43.194]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA01619; Wed, 30 Aug 2000 01:00:02 -0700 (PDT)
From: sfaquestions@sendflowersamerica.com
Subject: FlowerFunds - Fund Raising Program
Date: Wed, 30 Aug 2000 01:32:31 -0000
Message-Id: <248.351783.815864@sendflowersamerica.com>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
SendFlowersAmerica is proud to introduce FlowerFunds-- This unique new concept will provide an income flow for your organization for years to come. Your organization is invited to explore the possibilities of participating in FlowerFunds. $FlowerFunds is an individualized fund raising program for non-profit organizations and schools. $FlowerFunds are cash rebates that are paid to your organization each and every time an order is placed by your members and supporters. $The best part is that it costs your organization nothing to participate!! How it works: 1. When your members and supporters order flowers or gifts through sendflowersamerica they determine the price they want to pay; be it $30, $40, $50 or $1000. Since your members and supporters determine the price, they all can participate in this program. 2. Your organization receives 20% of the purchase price of the order. Say a husband buys his wife a $50 bouquet. Your organization will receive a $10 cash rebate. Nice. This program never ends. Each and every time there is an order placed by your memebers and supporters, your organization will receive the 20% cash rebate. That's a lot of FlowerFunds, and your organization stands to benefit from a findraiser unlike any other fundraiser. For more information call 1 800 SEND 123 or http://www.sendflowersamerica.com Imagine earning money for your organization by making someone smile :-) Received: by ns.secondary.com (8.9.3/8.9.3) id BAA01660 for ietf-openpgp-bks; Wed, 30 Aug 2000 01:00:17 -0700 (PDT) Received: from sendflowersamerica.com ([206.168.43.194]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA01619; Wed, 30 Aug 2000 01:00:02 -0700 (PDT) From: sfaquestions@sendflowersamerica.com Subject: FlowerFunds - Fund Raising Program Date: Wed, 30 Aug 2000 01:32:31 Message-Id: <248.351783.815864@sendflowersamerica.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> SendFlowersAmerica is proud to introduce FlowerFunds-- This unique new concept will provide an income flow for your organization for years to come. Your organization is invited to explore the possibilities of participating in FlowerFunds. $FlowerFunds is an individualized fund raising program for non-profit organizations and schools. $FlowerFunds are cash rebates that are paid to your organization each and every time an order is placed by your members and supporters. $The best part is that it costs your organization nothing to participate!! How it works: 1. When your members and supporters order flowers or gifts through sendflowersamerica they determine the price they want to pay; be it $30, $40, $50 or $1000. Since your members and supporters determine the price, they all can participate in this program. 2. Your organization receives 20% of the purchase price of the order. Say a husband buys his wife a $50 bouquet. Your organization will receive a $10 cash rebate. Nice. This program never ends. Each and every time there is an order placed by your memebers and supporters, your organization will receive the 20% cash rebate. That's a lot of FlowerFunds, and your organization stands to benefit from a findraiser unlike any other fundraiser. For more information call 1 800 SEND 123 or http://www.sendflowersamerica.com Imagine earning money for your organization by making someone smile :-) Received: by ns.secondary.com (8.9.3/8.9.3) id JAA24099 for ietf-openpgp-bks; Mon, 28 Aug 2000 09:59:02 -0700 (PDT) Received: from demai05.mw.mediaone.net (demai05.mw.mediaone.net [24.131.1.56]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA24091 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2000 09:58:46 -0700 (PDT) Received: from deimos.ceddec.com (nic-30-c64-170.mw.mediaone.net [24.30.64.170]) by demai05.mw.mediaone.net (8.8.7/8.8.7) with ESMTP id MAA11379; Mon, 28 Aug 2000 12:59:24 -0400 (EDT) Received: (from nobody@localhost) by deimos.ceddec.com (8.9.3/8.9.3) id NAA15317; Mon, 28 Aug 2000 13:02:35 -0400 Date: Mon, 28 Aug 2000 13:02:35 -0400 From: Tom Zerucha <tz@execpc.com> To: Erron Criddle <ejc@comasp.com> Cc: ietf-openpgp@imc.org, hal@finney.org Subject: Re: subkey binding sigs q Message-ID: <20000828130235.A15310@deimos.mw.mediaone.net> References: <200008250800.BAA15512@finney.org> <4.3.2.7.0.20000828153003.035592e8@203.38.66.7> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <4.3.2.7.0.20000828153003.035592e8@203.38.66.7>; from ejc@comasp.com on Mon, Aug 28, 2000 at 03:33:25PM +0800 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Mon, Aug 28, 2000 at 03:33:25PM +0800, Erron Criddle wrote: > Hal, > > At 01:00 AM 25/08/2000 -0700, hal@finney.org wrote: > >Erron writes: > > > > > > > PSS: Are public and secret keyrings supposed to interoperate with other > > > versions of OpenPGP? > > > >No, OpenPGP does not specify keyring formats. > > If OpenPGP does not specify keyring formats, then what is: > > a) 11.2 related to? > > b) A tag 12 Trust packet packet related to (mentions keyrings)? It is a small but significant difference between key packet and export format which OpenPGP *does* specify, and whatever internal representation and storage used by the application for keyrings. When exporting a key, it must use a specific format and if it wants to export extra information like trust, there is a way to do that. For example, I am working on a Palm version, and will need to prepend indexing information in a private format and limit records to 64k - the internal format will have packets but they won't be just the literal key packet. For larger apps, e.g. keyservers, it makes sense to use a real database indexed by several query database-keys. Received: by ns.secondary.com (8.9.3/8.9.3) id AAA06435 for ietf-openpgp-bks; Mon, 28 Aug 2000 00:45:52 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id AAA06428 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2000 00:45:44 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id ABE7307601D2; Mon, 28 Aug 2000 15:47:03 0800 Message-Id: <4.3.2.7.0.20000828153003.035592e8@203.38.66.7> X-Sender: ejc@203.38.66.7 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 28 Aug 2000 15:33:25 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: Re: subkey binding sigs q Cc: hal@finney.org In-Reply-To: <200008250800.BAA15512@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Hal, At 01:00 AM 25/08/2000 -0700, hal@finney.org wrote: >Erron writes: > > > Does a subkey binding sig only perform the hash on the subkey (incl. 0x99, > > packet body and keys), as stated in 5.2.1 for a 0x18 signature type or: > > > > does the hashable data for a subkey binding sig mirror that as stated > in 5.2.4: > > > > "A subkey signature (0x18) THEN hashes the subkey..." > > > > I'm assuming the THEN means that you hash the main key before the subkey, > > subsequently contradicting 5.2.1. > >The description in 5.2.1 is really very general: > > 0x18: Subkey Binding Signature > This signature is a statement by the top-level signing key > indicates that it owns the subkey. This signature is calculated > directly on the subkey itself, not on any User ID or other > packets. > >This is meant to convey that the signature does not cover "siblings" >of the subkey, like other subkeys or userid packets. The description >in 5.2.4 is correct; the hash is over the top-level key plus the subkey. > > > PS: Where's the best place to insert a type 0x30 as it's not defined in > > 11.1...before the certification sig or after...or doesn't it matter? > >A type 0x30 is a subkey revocation signature. I don't think it matters >whether it goes before or after the subkey certification sig. I think >we put it before. > > > PSS: Are public and secret keyrings supposed to interoperate with other > > versions of OpenPGP? > >No, OpenPGP does not specify keyring formats. If OpenPGP does not specify keyring formats, then what is: a) 11.2 related to? b) A tag 12 Trust packet packet related to (mentions keyrings)? Cheers. Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id OAA13621 for ietf-openpgp-bks; Sun, 27 Aug 2000 14:26:48 -0700 (PDT) Received: from merrymeet.com (Merrymeet@merrymeet.com [63.73.97.162]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA13617 for <ietf-openpgp@imc.org>; Sun, 27 Aug 2000 14:26:43 -0700 (PDT) Received: from [63.73.97.180] (63.73.97.180) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.1); Sun, 27 Aug 2000 14:27:17 -0700 Mime-Version: 1.0 X-Sender: jon@merrymeet.com Message-Id: <p04320400b5cf336d8927@[172.20.1.38]> In-Reply-To: <200008271729.NAA23046@domains.invweb.net> References: <200008271729.NAA23046@domains.invweb.net> Date: Sun, 27 Aug 2000 14:07:42 -0700 To: "William H. Geiger III" <whgiii@openpgp.net>, ietf-openpgp@imc.org From: Jon Callas <jon@callas.org> Subject: Re: RFC2440bis? Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At 12:28 PM -0500 8/27/00, William H. Geiger III wrote: >Anyone know what is going on with the updated draft? It is no longer >listed on the IETF site as it is over 6mo. old without updates. > I'll work on releasing a new one, then. Jon Received: by ns.secondary.com (8.9.3/8.9.3) id KAA10383 for ietf-openpgp-bks; Sun, 27 Aug 2000 10:28:19 -0700 (PDT) Received: from domains.invweb.net (root@domains.invweb.net [198.182.196.32]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA10379 for <ietf-openpgp@imc.org>; Sun, 27 Aug 2000 10:28:17 -0700 (PDT) Received: from whgiii (root@openpgp.net [199.184.252.29]) by domains.invweb.net (8.9.3/8.9.3) with SMTP id NAA23046 for <ietf-openpgp@imc.org>; Sun, 27 Aug 2000 13:29:01 -0400 Message-Id: <200008271729.NAA23046@domains.invweb.net> From: "William H. Geiger III" <whgiii@openpgp.net> Date: Sun, 27 Aug 2000 12:28:12 -0500 To: ietf-openpgp@imc.org Subject: RFC2440bis? X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.19zg/19zg Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Anyone know what is going on with the updated draft? It is no longer listed on the IETF site as it is over 6mo. old without updates. tks, -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Data Security & Cryptology Consulting Programming, Networking, Analysis PGP for OS/2: http://www.openpgp.net/pgp.html E-Secure: http://www.openpgp.net/esecure.html --------------------------------------------------------------- Received: by ns.secondary.com (8.9.3/8.9.3) id OAA05358 for ietf-openpgp-bks; Sat, 26 Aug 2000 14:55:43 -0700 (PDT) Received: from oo.net (syr-24-164-180-90.twcny.rr.com [24.164.180.90]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id OAA05349 for <ietf-openpgp@imc.org>; Sat, 26 Aug 2000 14:55:42 -0700 (PDT) Date: Sat, 26 Aug 2000 14:55:42 -0700 (PDT) From: pmilea@oo.net Message-Id: <200008262155.OAA05349@ns.secondary.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=200008261745=" To: ietf-openpgp@imc.org X-Mailer: 4BE1F5A3.72197FEC.7dbd07624742bbf35e4ccc1b2cac4074 Subject: Fiber Optic Cable Needed !! Organization: Wing N' A Prayer Excess Property Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> --=200008261745= Content-Type: text/plain;charset=US-ASCII If this message has reached you by error please type" remove" in the subject line and hit return . I will promptly remove you from any future mailings. Please accept my sincerest apologies for any inconvenience this may have caused you. Dear Sir(s),Ms., Mrs., I have a client looking for a large amount of Fiber optic cable for the year 2,001,starting in January . The specifications for the cable required are ; outside plant ,single mode ,single armor,single jacket,loose tube ,SMF28 or equivalent. The strand types needed are 12,24,48,72 and 96. The total fiber footage needed is over a half billion feet ! If you think you can help facilitate this order or any portion of it,please type "fiber specs" in your subject line and hit return and I will get you out the necessary information immediateley. Please feel free to call with any questions. Paul J. Milea jr. Wing N' A Prayer Excess Property 3504 James Street Syracuse,.New York ,USA 13206 ph 315 463 1287 fax 315 463 4337 --=200008261745=-- Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id BAA15235 for ietf-openpgp-bks; Fri, 25 Aug 2000 01:02:53 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA15230 for <ietf-openpgp@imc.org>; Fri, 25 Aug 2000 01:02:52 -0700 (PDT) From: hal@finney.org Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id BAA15512; Fri, 25 Aug 2000 01:00:46 -0700 Date: Fri, 25 Aug 2000 01:00:46 -0700 Message-Id: <200008250800.BAA15512@finney.org> To: ejc@comasp.com, ietf-openpgp@imc.org Subject: Re: subkey binding sigs q Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Erron writes: > Does a subkey binding sig only perform the hash on the subkey (incl. 0x99, > packet body and keys), as stated in 5.2.1 for a 0x18 signature type or: > > does the hashable data for a subkey binding sig mirror that as stated in 5.2.4: > > "A subkey signature (0x18) THEN hashes the subkey..." > > I'm assuming the THEN means that you hash the main key before the subkey, > subsequently contradicting 5.2.1. The description in 5.2.1 is really very general: 0x18: Subkey Binding Signature This signature is a statement by the top-level signing key indicates that it owns the subkey. This signature is calculated directly on the subkey itself, not on any User ID or other packets. This is meant to convey that the signature does not cover "siblings" of the subkey, like other subkeys or userid packets. The description in 5.2.4 is correct; the hash is over the top-level key plus the subkey. > PS: Where's the best place to insert a type 0x30 as it's not defined in > 11.1...before the certification sig or after...or doesn't it matter? A type 0x30 is a subkey revocation signature. I don't think it matters whether it goes before or after the subkey certification sig. I think we put it before. > PSS: Are public and secret keyrings supposed to interoperate with other > versions of OpenPGP? No, OpenPGP does not specify keyring formats. > PSSS: If PSS=yes, then shouldn't we define the makeup of a private/public > key-ring better than that explained in 11.1 (re exact locations and order/s > of packets etc etc). N/A. Hal Received: by ns.secondary.com (8.9.3/8.9.3) id AAA12439 for ietf-openpgp-bks; Fri, 25 Aug 2000 00:15:27 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id AAA12428 for <ietf-openpgp@imc.org>; Fri, 25 Aug 2000 00:15:23 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id A04BE372029A; Fri, 25 Aug 2000 15:16:43 0800 Message-Id: <4.3.2.7.0.20000825143917.00b237b0@203.38.66.7> X-Sender: ejc@203.38.66.7 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 25 Aug 2000 15:03:15 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: subkey binding sigs q Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> To all, Does a subkey binding sig only perform the hash on the subkey (incl. 0x99, packet body and keys), as stated in 5.2.1 for a 0x18 signature type or: does the hashable data for a subkey binding sig mirror that as stated in 5.2.4: "A subkey signature (0x18) THEN hashes the subkey..." I'm assuming the THEN means that you hash the main key before the subkey, subsequently contradicting 5.2.1. PS: Where's the best place to insert a type 0x30 as it's not defined in 11.1...before the certification sig or after...or doesn't it matter? PSS: Are public and secret keyrings supposed to interoperate with other versions of OpenPGP? PSSS: If PSS=yes, then shouldn't we define the makeup of a private/public key-ring better than that explained in 11.1 (re exact locations and order/s of packets etc etc). Thanks for any clarifications. Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id HAA24502 for ietf-openpgp-bks; Thu, 24 Aug 2000 07:22:24 -0700 (PDT) Received: from cypherspace.org (adam@modemcable228.178-201-24.mtl.mc.videotron.net [24.201.178.228]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA24498 for <ietf-openpgp@imc.org>; Thu, 24 Aug 2000 07:22:23 -0700 (PDT) Received: (from adam@localhost) by cypherspace.org (8.8.3/8.6.12) id KAA01527; Thu, 24 Aug 2000 10:24:48 -0500 Date: Thu, 24 Aug 2000 10:24:48 -0500 Message-Id: <200008241524.KAA01527@cypherspace.org> From: Adam Back <adam@cypherspace.org> To: Ross.Anderson@cl.cam.ac.uk Cc: ukcrypto@maillist.ox.ac.uk Cc: ietf-openpgp@imc.org Subject: Re: Serious bug in PGP - versions 5 and 6 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Ross Anderson writes on uk-crypto: > Ralf Senderek has found a horrendous bug in PGP versions 5 and 6. > > [...] > > He's written a paper on his work and it's at > > http://senderek.de/security/key-experiments.html > > Since NAI joined the Key Recovery Alliance, PGP has supported > "Additional Decryption Keys" which can be added to a public key. > > The sender will then encrypt the session key to these as well as to > your main public key. The bug is that some versions of PGP respond > to ADK subpackets in the non-signed part of the public key data > structure. The effect is that GCHQ can create a tampered version of > your PGP public key containing a public key whose corresponding > private key is also known to themselves, and circulate it. People > who encrypt traffic to you will encrypt it to them too. Amazing, and really unfortunate. Those of us who invested large amounts of effort in ensuring the ADK subpackets were not included in the ietf openPGP standard can be pleased we succeeded -- otherwise gnuPG and other implementations may now also have contributed to this risk. As it is gnuPG doesn't honor ADK requests, and all the rfc2440 says about them is: 10 = placeholder for backward compatibility At the time I was suggesting that if PGP really must insist on creating software to escrow communications (the primary argument being that people didn't want to lose access to the stored mail as opposed to being able to have designated third parties snooping mail in transit) they should use storage key escrow. My main premise was that communication key escrow is too risky because an outside attacker gets the plaintext: http://www.cypherspace.org/~adam/cdr/ "Keys used to encrypt email which is transmitted over the Internet are more valuable to an attacker than keys used to encrypt stored files because of the relative ease with which an attacker can obtain copies of emailed ciphertext. Stored encrypted files in contrast are protected by all the physical security systems the company is relying on to protect it's paper files, plaintext data stored on disks, and backup tapes. [...]" There was also lots of political discussion of how unwise it was for PGP to create a escrow infrastructure which could as easily be used by governments as by SEC companies to archive their employees communications. And people quoting Phil Zimmermann a few years earlier complaining about ViaCrypt's PGP4 for business variant which had "escrow" in the form of a third party "encrypt-to-self" config file setting. And I believe I recall the NSA or some other US government body picking up on the CMR / ADK mechanism and holding it up as evidence against the claim that key recover was complex ... "see PGP did it, this works". > It's of scientific interest because it spectacularly confirms a > prediction made by a number of us in the paper on `The Risks of Key > Recovery, Key Escrow, and Trusted Third-Party Encryption' > <http://www.cdt.org/crypto/risks98/> that key escrow would make it > much more difficult than people thought to build secure systems. Yes. It really highlights the truth in the statement about the new risks introduced by adding key escrow. Adam Received: by ns.secondary.com (8.9.3/8.9.3) id CAA09299 for ietf-openpgp-bks; Thu, 24 Aug 2000 02:31:32 -0700 (PDT) Received: from elde.org (elde.org [195.204.143.185]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA09293 for <ietf-openpgp@imc.org>; Thu, 24 Aug 2000 02:31:26 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id BD1535EF47; Thu, 24 Aug 2000 11:31:24 +0200 (CEST) Date: Thu, 24 Aug 2000 11:31:24 +0200 From: Terje Elde <terje@elde.net> To: "L. Sassaman" <rabbi@quickie.net> Cc: sen_ml@eccosys.com, whgiii@openpgp.net, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Message-ID: <20000824113124.B95675@dlt.follo.net> References: <20000823103414.A82399@dlt.follo.net> <Pine.LNX.4.21.QNWS_2.0008231226380.28443-100000@thetis.deor.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <Pine.LNX.4.21.QNWS_2.0008231226380.28443-100000@thetis.deor.org>; from rabbi@quickie.net on Wed, Aug 23, 2000 at 12:29:01PM -0700 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * L. Sassaman (rabbi@quickie.net) [000823 21:29]: > > The user *will* have to decrypt multiple secret keys if such exist. Perhaps a > > recommendation that non-encrypted keys be tried first is an idea? > > I actually would like to see the default key tried first, since that makes > more sense in my mind... but now we're in the realm of specific > implementation methods. True. Giving a few notes for authors to reflect over isn't a bad thing though, is it? Trying to use the default key first isn't a bad idea. It's the one that's got the better chance of being a hit. Un-encrypted keys take no time to check however, and you can spare the user from having to enter the passphrase. I also thing that the places you'll be using speculative KeyID's are also the places where the chances of encrypting to a key with no passphrase are highest, as many will simply want to get the mail securely from sniffers, and not have to decrypt ever single message. Just a thought... > > Actually, this might be of some concern. You could effectively send a email > > using speculative KeyID, which would make the user decrypt all his key in > > turn, thus providing a attacker with access to keyboard with passphrases to > > *all* his KeyID's, including keys the user might have made to be extra secure, > > and not for normal use (root keys etc). > > You could automatically try the default key, and then give the user the > list of keys remaining to try, and he can pick which ones. > > And you can always have a "disable speculative key" option. Both great ideas. :) Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5pOtr8HLgLrwmRg0RAioDAJwIJM37UWRptyWZNal7LKwINL/tVgCglyih yYncR/9JfUoXOJRvCiDsVeo= =z859 -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id MAA12556 for ietf-openpgp-bks; Wed, 23 Aug 2000 12:29:07 -0700 (PDT) Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA12544 for <ietf-openpgp@imc.org>; Wed, 23 Aug 2000 12:29:01 -0700 (PDT) Received: from localhost (rabbi@localhost) by thetis.deor.org (8.9.3/8.9.3) with ESMTP id MAA28577; Wed, 23 Aug 2000 12:29:08 -0700 Date: Wed, 23 Aug 2000 12:29:01 -0700 (PDT) From: "L. Sassaman" <rabbi@quickie.net> To: Terje Elde <terje@elde.net> cc: sen_ml@eccosys.com, whgiii@openpgp.net, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients In-Reply-To: <20000823103414.A82399@dlt.follo.net> Message-ID: <Pine.LNX.4.21.QNWS_2.0008231226380.28443-100000@thetis.deor.org> X-AIM: Elom777 X-icq: 10735603 X-No-Archive: yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Aug 2000, Terje Elde wrote: > The user *will* have to decrypt multiple secret keys if such exist. Perhaps a > recommendation that non-encrypted keys be tried first is an idea? I actually would like to see the default key tried first, since that makes more sense in my mind... but now we're in the realm of specific implementation methods. > Actually, this might be of some concern. You could effectively send a email > using speculative KeyID, which would make the user decrypt all his key in > turn, thus providing a attacker with access to keyboard with passphrases to > *all* his KeyID's, including keys the user might have made to be extra secure, > and not for normal use (root keys etc). You could automatically try the default key, and then give the user the list of keys remaining to try, and he can pick which ones. And you can always have a "disable speculative key" option. - --Len. __ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." http://sion.quickie.net | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5pCYDPYrxsgmsCmoRAvhKAKDGEWEVEeWa00nrTys363LLzaKF5gCg0djj ZaHNWk3gnGwfDfj4dYPaWos= =GUWm -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id CAA29792 for ietf-openpgp-bks; Wed, 23 Aug 2000 02:22:09 -0700 (PDT) Received: from dlt.follo.net (postfix@elde.org [195.204.143.185]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA29784 for <ietf-openpgp@imc.org>; Wed, 23 Aug 2000 02:22:07 -0700 (PDT) Received: by dlt.follo.net (Postfix, from userid 1002) id 911315EF47; Wed, 23 Aug 2000 11:22:31 +0200 (CEST) Date: Wed, 23 Aug 2000 11:22:31 +0200 From: Terje Elde <terje@elde.net> To: sen_ml@eccosys.com Cc: whgiii@openpgp.net, rabbi@quickie.net, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Message-ID: <20000823112231.F82399@dlt.follo.net> References: <200008221827.OAA03394@domains.invweb.net> <20000823121640E.1001@eccosys.com> <20000823103414.A82399@dlt.follo.net> <20000823174824X.1001@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20000823174824X.1001@eccosys.com>; from sen_ml@eccosys.com on Wed, Aug 23, 2000 at 05:48:24PM +0900 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * sen_ml@eccosys.com (sen_ml@eccosys.com) [000823 10:49]: > > I think the only thing one can do is offer help whenever possible, > > and view everything with a critical eye, as well as publishing > > information about potential problems, to help lesser skilled users > > from getting bitten. > > i would hesitate to claim uniqueness ("the only thing"), but w/o too > much further thought, i agree w/ the rest. Obviously you're right. I should have went more along the lines of "the only thing I can come up with". > imo, part of "publishing information about potential problems" is to > address such issues in relevant ID/RFC/STDs. so, for starters, i > think we should either create another draft or try to incoporate the > substance of this into an existing document. A big part in the reason why I registered openpgp.org is that I intend to try to make it a resource for developers and users alike. One of the things I want to focus on in addition to such basic things as pointing the visitors at other resources is to help by providing information on best ways to solve problems, and pointing out what the problems might be in the first place. This will range from helping users by suggesting secure ways of avoiding loss of keyrings (pub and priv) to helping programmers by pointing out issues such as the bcc problem, and ways to fix it. I hope noone at the IETF-OpenPGP working group feels offended by me registering the domain. Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5o5fW8HLgLrwmRg0RAtsGAJ97Rh3oznPridWWJ3Qxr5R8Hn4wEACfeUYb XxLVcmcLRgFGfQZNoIuTiXs= =ZNpA -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id BAA27848 for ietf-openpgp-bks; Wed, 23 Aug 2000 01:49:16 -0700 (PDT) Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA27841 for <ietf-openpgp@imc.org>; Wed, 23 Aug 2000 01:49:09 -0700 (PDT) From: sen_ml@eccosys.com Received: (qmail 23656 invoked from network); 23 Aug 2000 08:46:38 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 23 Aug 2000 08:46:38 -0000 To: terje@elde.net Cc: whgiii@openpgp.net, rabbi@quickie.net, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients In-Reply-To: <20000823103414.A82399@dlt.follo.net> References: <200008221827.OAA03394@domains.invweb.net> <20000823121640E.1001@eccosys.com> <20000823103414.A82399@dlt.follo.net> X-Mailer: Mew version 1.94.2 on Emacs 20.7 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000823174824X.1001@eccosys.com> Date: Wed, 23 Aug 2000 17:48:24 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 36 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> From: Terje Elde <terje@elde.net> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Date: Wed, 23 Aug 2000 10:34:15 +0200 Message-ID: <20000823103414.A82399@dlt.follo.net> ... > > > but it does not address the underlying problem: Implementors not > > > understanding basic concepts of e-mail encryption. > > > > i agree w/ this as well. > > The question is, how would you like to solve the problem? > > I don't see any quick fix for this. i don't see a quick fix either. > You can't force people to not write crypto applications until > they've been certifies in their field. You can't force people to > want to educate themselves. i agree. > I think the only thing one can do is offer help whenever possible, > and view everything with a critical eye, as well as publishing > information about potential problems, to help lesser skilled users > from getting bitten. i would hesitate to claim uniqueness ("the only thing"), but w/o too much further thought, i agree w/ the rest. imo, part of "publishing information about potential problems" is to address such issues in relevant ID/RFC/STDs. so, for starters, i think we should either create another draft or try to incoporate the substance of this into an existing document. Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id BAA27183 for ietf-openpgp-bks; Wed, 23 Aug 2000 01:34:19 -0700 (PDT) Received: from dlt.follo.net (postfix@elde.org [195.204.143.185]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA27177 for <ietf-openpgp@imc.org>; Wed, 23 Aug 2000 01:34:12 -0700 (PDT) Received: by dlt.follo.net (Postfix, from userid 1002) id 4C2AA5EF47; Wed, 23 Aug 2000 10:34:15 +0200 (CEST) Date: Wed, 23 Aug 2000 10:34:15 +0200 From: Terje Elde <terje@elde.net> To: sen_ml@eccosys.com Cc: whgiii@openpgp.net, rabbi@quickie.net, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Message-ID: <20000823103414.A82399@dlt.follo.net> References: <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org> <200008221827.OAA03394@domains.invweb.net> <20000823121640E.1001@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20000823121640E.1001@eccosys.com>; from sen_ml@eccosys.com on Wed, Aug 23, 2000 at 12:16:40PM +0900 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * sen_ml@eccosys.com (sen_ml@eccosys.com) [000823 05:17]: > > >Why don't we make the "wild card" or "speculative" key id support a > > >SHOULD? I at least want to see all the client's being able to properly > > >decrypt messages that use this feature. > > > > I don't have a problem with the speculative keyID support > > same here, though i think when this issue was brought up once before > there were some valid concerns brought up. > > imo, one context in which i think speculative key ids support "SHOULD" > exist, is one which is user-driven -- if a user receives a message > that contains public key encrypted session key packets that contain > speculative key ids, the user should be able to have an openpgp > implementation attempt to decrypt the pk esk packets w/ the user's > secret key(s). the user shouldn't have to perform surgery on the pk > esk's (inserting key ids) and attempting to decrypt repeatedly. The user *will* have to decrypt multiple secret keys if such exist. Perhaps a recommendation that non-encrypted keys be tried first is an idea? Actually, this might be of some concern. You could effectively send a email using speculative KeyID, which would make the user decrypt all his key in turn, thus providing a attacker with access to keyboard with passphrases to *all* his KeyID's, including keys the user might have made to be extra secure, and not for normal use (root keys etc). Recommending some way of managing this, by specifying the order in which keys are tried, or even marking keys as not to be used with spec keyid's is a possible fix to this problem. > in other contexts (e.g. processing by a script on a mail gateway), i > was given to understand that there were valid reasons (e.g. computing > resource limitations) not to want to support the feature. I'm one who has raised such concerns, although not in the discussion you refer to. I don't see how the fact that use of spec keyid's isn't appropriate in every situation should put breaks on making it a should. Sure, it'll force admins of major mailing lists to have to think first, act later, but isn't that always the case when you have to admin a mailing list which is using encrypted emails to such a number of user that that's a concern? > > but it does not address the underlying problem: Implementors not > > understanding basic concepts of e-mail encryption. > > i agree w/ this as well. The question is, how would you like to solve the problem? I don't see any quick fix for this. You can't force people to not write crypto applications until they've been certifies in their field. You can't force people to want to educate themselves. I think the only thing one can do is offer help whenever possible, and view everything with a critical eye, as well as publishing information about potential problems, to help lesser skilled users from getting bitten. Just my $0.02 Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5o4yF8HLgLrwmRg0RAv1PAJ9Uw3k80gHFDaktuqEbHvlGQ1elTgCfWvNP 7ouIyW4piHQZLjrBoVp05yo= =bYcM -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id BAA25207 for ietf-openpgp-bks; Wed, 23 Aug 2000 01:05:41 -0700 (PDT) Received: from djebel.gnupg.de (djebel.openit.de [194.77.127.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA25202 for <ietf-openpgp@imc.org>; Wed, 23 Aug 2000 01:05:39 -0700 (PDT) Received: from wk by djebel.gnupg.de with local (Exim 3.12 #1 (Debian)) id 13RVdO-0001Nh-00; Wed, 23 Aug 2000 10:11:42 +0200 Date: Wed, 23 Aug 2000 10:11:42 +0200 From: Werner Koch <wk@gnupg.org> To: ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Message-ID: <20000823101142.E5236@djebel.openit.de> Mail-Followup-To: ietf-openpgp@imc.org References: <200008222107.OAA06552@finney.org> <4.3.2.7.0.20000823115222.00b97a38@mail.comasp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.8i In-Reply-To: <4.3.2.7.0.20000823115222.00b97a38@mail.comasp.com>; from ejc@comasp.com on Wed, Aug 23, 2000 at 12:07:04PM +0800 X-URL: http://www.openit.de X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wkoch@sigtrap.guug.de Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Wed, 23 Aug 2000, Erron Criddle wrote: > However, once again, I am still baffled as to where the Key ID is stored > for an encryption subkey :) I have looked at the tag 2 packet (sig) and I Key IDs are not stored but calculated from the key data like a fingerprint. Actually a v4 key ID is a stripped down fingerprint. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de Received: by ns.secondary.com (8.9.3/8.9.3) id WAA14421 for ietf-openpgp-bks; Tue, 22 Aug 2000 22:42:42 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id WAA14409 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 22:42:40 -0700 (PDT) From: hal@finney.org Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id WAA07419; Tue, 22 Aug 2000 22:40:21 -0700 Date: Tue, 22 Aug 2000 22:40:21 -0700 Message-Id: <200008230540.WAA07419@finney.org> To: ejc@comasp.com, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Cc: hal@finney.org Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Erron writes, quoting me: > > If you are decrypting, isn't looking up by keyid the only possibility? > > If you're not using speculative Key ID's and you're talking about sigs, yes. > > > There is no userid to tell you which key to decrypt with. > > Yes; if the headers have been stripped from the email message - no; if > they're not :) I see, so you use the email message headers to figure out which key to decrypt with. That could work, for the specific case of decrypting email. Even if you did pick the wrong key, you would of course not be troubled by false decryptions, you'd know that something had gone wrong. However adding the ability to lookup by keyid is something you might consider, for increased flexibility and reliability of lookup. > >No, subkeys can have keyids too. A PKESK packet should use the keyid of > >the specific subkey which can decrypt it. > > OK, here is where I am confused. For example, a tag 14 (Public Subkey > Packet) hasn't the facility to store the Key ID and from reading the tag 2 > (signature packet), you cannot store the key ID's there either - either > within the sig. packet or a subpacket of the signature. Where exactly do > you store the Key ID of an encryption subkey...I am totally bamboozled! Here is the source of your confusion. Keyids are not stored on keys. Rather, they are calculated from the key data, like key fingerprints. When we read in a key, we calculate its keyid and store it alongside the key. We can then use this stored keyid to find the key. In PGP 2.6, we did not store the keys in memory, but rather we calculated the keyid as we read and parsed each key on disk (it was simple for those old V3 RSA keys). This was then used to match against the desired keyid. > Sorry, I didn't clarify enough - when I refer to using User ID's, I am > referring to decryption, not verification. The signature Key ID's can be > looked up via the self sig. I don't quite understand how this would work; how would you know that a sig is a "self sig" except by seeing that the keyid in the sig packet matches the calculated keyid of the parent key? Or do you just assume the first sig on an object is a self sig? Hal Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA08316 for ietf-openpgp-bks; Tue, 22 Aug 2000 21:19:19 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id VAA08311 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 21:19:15 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id A3F2219701A4; Wed, 23 Aug 2000 12:20:18 0800 Message-Id: <4.3.2.7.0.20000823115222.00b97a38@mail.comasp.com> X-Sender: ejc@mail.comasp.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 23 Aug 2000 12:07:04 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Cc: hal@finney.org In-Reply-To: <200008222107.OAA06552@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Hal, At 02:07 PM 22/08/2000 -0700, Hal wrote: >Erron Criddle writes: > > As far as I'm concerned the Key ID is a complete waste of time unless a > > lookup is being made on a server that is automatically decrypting each > > message. This is OK here because you can configure the database to store > > the Key ID and that makes lookups easier (if there are no duplicate Key > > ID's). > >I am confused about whether you are talking about decryption or >encryption. Decryption. > The OpenPGP message formats only allow for using keyids to >indicate which key should decrypt. Yes, I know. > If you are decrypting, isn't looking up by keyid the only possibility? If you're not using speculative Key ID's and you're talking about sigs, yes. > There is no userid to tell you which key to decrypt with. Yes; if the headers have been stripped from the email message - no; if they're not :) > > From my understanding of the Public and Private Keyring structures, > > you can only have a Key ID for the highest level key (self sig.) and > cannot > > store the Key ID's for the subkeys. > >No, subkeys can have keyids too. A PKESK packet should use the keyid of >the specific subkey which can decrypt it. OK, here is where I am confused. For example, a tag 14 (Public Subkey Packet) hasn't the facility to store the Key ID and from reading the tag 2 (signature packet), you cannot store the key ID's there either - either within the sig. packet or a subpacket of the signature. Where exactly do you store the Key ID of an encryption subkey...I am totally bamboozled! > > For our client software, we are not doing lookups via the Key ID (as it > > isn't stored in the public/private keyrings), however the server version > > will support lookups via Key ID's. > > > > We have found it better just to do lookups via the User ID - at least you > > can store that within the private /public keyring structures. > > > > If anyone can tell me otherwise regarding the storage of Signing and > > Encryption Key ID's within the private/public keyrings, it would be great. > >If you are talking about decryption, I don't see how you do it. The type of software we are implementing will allow us to do this. > And what about signature verification? Again in that case the OpenPGP > message >only has the signing keyid. Don't you have to do a lookup by keyid to >verify the sig? Sorry, I didn't clarify enough - when I refer to using User ID's, I am referring to decryption, not verification. The signature Key ID's can be looked up via the self sig. However, once again, I am still baffled as to where the Key ID is stored for an encryption subkey :) I have looked at the tag 2 packet (sig) and I can only see that you can store a Key ID in a signature subpacket for a signing key - but what is the subpacket type to use for a Key ID? Has a new one been created? Can we create one for Key ID? Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA06871 for ietf-openpgp-bks; Tue, 22 Aug 2000 21:00:05 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id VAA06860 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 21:00:02 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id AF721E5801A4; Wed, 23 Aug 2000 12:01:06 0800 Message-Id: <4.3.2.7.0.20000823112102.00b962f8@mail.comasp.com> X-Sender: ejc@mail.comasp.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 23 Aug 2000 11:47:52 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Cc: "William H. Geiger III" <whgiii@openpgp.net> In-Reply-To: <200008221819.OAA02610@domains.invweb.net> References: <4.3.2.7.0.20000822163657.00af8850@mail.comasp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At 01:03 PM 22/08/2000 -0500, "William H. Geiger III" <whgiii@openpgp.net> wrote: <snip> > >As far as I'm concerned the Key ID is a complete waste of time unless a > >lookup is being made on a server that is automatically decrypting each > >message. This is OK here because you can configure the database to store > >the Key ID and that makes lookups easier (if there are no duplicate Key > >ID's). From my understanding of the Public and Private Keyring > >structures, you can only have a Key ID for the highest level key (self > >sig.) and cannot store the Key ID's for the subkeys. > > >For our client software, we are not doing lookups via the Key ID (as it > >isn't stored in the public/private keyrings), however the server version > >will support lookups via Key ID's. > > >We have found it better just to do lookups via the User ID - at least you > > can store that within the private /public keyring structures. > > >If anyone can tell me otherwise regarding the storage of Signing and > >Encryption Key ID's within the private/public keyrings, it would be > >great. > > > IMHO using the userID is *not* the way to go. While userID lookups > can be used the first time you are encrypting a message to a new e-mail > address precautions need to be made. A dialog between the user should be > established to verify that this is the actual key that should be used > (anyone can create a key with any userID, multiple keys with the same > userID may be present, ...ect). Agreed that User ID's provide the encryptor (user) options as to which key to use for encryption. > Key lookups need to be based on the 64bit keyID, it's the only way to > insure that you are getting the correct key (for signature verifications > it is the only way to find the key). A 8 octet lookup of the Key ID for sigs. is definitely the only way to go (you can obtain the Key ID from the self sig. of the signature key). A lookup via a Key ID with a PKESK is only good if you are not using speculative Key ID's. > Once a user has selected a key to use for a new e-mail address the > application should store the 64bit keyID & the e-mail address in a table. Agreed. > For subsequent encryptions to that address the application should lookup > the e-mail address in the table and then extract the PGP public key from > the keyring using the corresponding keyID. That's where my dilemma starts - how do you store the Key ID of encryption subkeys on a keyring? I think this should be made possible somehow. >Now granted the keyID is not stored in the key itself, this is not really >that big of an issue. I can currently process a 1Gb keyring, calculating >all the keyID's, in a couple of mins. For an average size keyring the >processing time is less that a second. If you find your application needs >to work with large keyrings maintaining a simple external index on the >keyring by keyID will greatly improve performance. Yes, that's what we are doing - creating an index that links key ID's to email addresses - it certainly speeds things up. Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id UAA03095 for ietf-openpgp-bks; Tue, 22 Aug 2000 20:17:10 -0700 (PDT) Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA03089 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 20:17:03 -0700 (PDT) From: sen_ml@eccosys.com Received: (qmail 16985 invoked from network); 23 Aug 2000 03:14:43 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 23 Aug 2000 03:14:43 -0000 To: whgiii@openpgp.net Cc: rabbi@quickie.net, ietf-openpgp@imc.org, terje@elde.net Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients In-Reply-To: <200008221827.OAA03394@domains.invweb.net> References: <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org> <200008221827.OAA03394@domains.invweb.net> X-Mailer: Mew version 1.94.2 on Emacs 20.7 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000823121640E.1001@eccosys.com> Date: Wed, 23 Aug 2000 12:16:40 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 51 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> From: "William H. Geiger III" <whgiii@openpgp.net> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Date: Tue, 22 Aug 2000 13:20:19 -0500 Message-ID: <200008221827.OAA03394@domains.invweb.net> > In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org>, on 08/22/00 > at 01:43 AM, "L. Sassaman" <rabbi@quickie.net> said: > > >Why don't we make the "wild card" or "speculative" key id support a > >SHOULD? I at least want to see all the client's being able to properly > >decrypt messages that use this feature. > > I don't have a problem with the speculative keyID support same here, though i think when this issue was brought up once before there were some valid concerns brought up. imo, one context in which i think speculative key ids support "SHOULD" exist, is one which is user-driven -- if a user receives a message that contains public key encrypted session key packets that contain speculative key ids, the user should be able to have an openpgp implementation attempt to decrypt the pk esk packets w/ the user's secret key(s). the user shouldn't have to perform surgery on the pk esk's (inserting key ids) and attempting to decrypt repeatedly. in other contexts (e.g. processing by a script on a mail gateway), i was given to understand that there were valid reasons (e.g. computing resource limitations) not to want to support the feature. the discussion i am referring to took place in january of this year. it starts at: http://www.imc.org/ietf-openpgp/mail-archive/msg02691.html > but it does not address the underlying problem: Implementors not > understanding basic concepts of e-mail encryption. i agree w/ this as well. i would like to have a document i could point mail client developers at that had some kind of "official" status -- like an ID, RFC, or standard. i don't think RFC 2440 (or bis) is the place for it (it's too big already). > I came across the issue of KeyID leakage back in '96 and documented > it at: > > http://www.openpgp.net/pgpemail_5.html nice! perhaps this can be converted into an ID or portions of it adapted to become an ID? Received: by ns.secondary.com (8.9.3/8.9.3) id OAA13979 for ietf-openpgp-bks; Tue, 22 Aug 2000 14:10:13 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA13974 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 14:10:09 -0700 (PDT) From: hal@finney.org Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id OAA06552; Tue, 22 Aug 2000 14:07:46 -0700 Date: Tue, 22 Aug 2000 14:07:46 -0700 Message-Id: <200008222107.OAA06552@finney.org> To: ejc@comasp.com, ietf-openpgp@imc.org Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Cc: sen_ml@eccosys.com Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Erron Criddle writes: > As far as I'm concerned the Key ID is a complete waste of time unless a > lookup is being made on a server that is automatically decrypting each > message. This is OK here because you can configure the database to store > the Key ID and that makes lookups easier (if there are no duplicate Key > ID's). I am confused about whether you are talking about decryption or encryption. The OpenPGP message formats only allow for using keyids to indicate which key should decrypt. If you are decrypting, isn't looking up by keyid the only possibility? There is no userid to tell you which key to decrypt with. > From my understanding of the Public and Private Keyring structures, > you can only have a Key ID for the highest level key (self sig.) and cannot > store the Key ID's for the subkeys. No, subkeys can have keyids too. A PKESK packet should use the keyid of the specific subkey which can decrypt it. > For our client software, we are not doing lookups via the Key ID (as it > isn't stored in the public/private keyrings), however the server version > will support lookups via Key ID's. > > We have found it better just to do lookups via the User ID - at least you > can store that within the private /public keyring structures. > > If anyone can tell me otherwise regarding the storage of Signing and > Encryption Key ID's within the private/public keyrings, it would be great. If you are talking about decryption, I don't see how you do it. And what about signature verification? Again in that case the OpenPGP message only has the signing keyid. Don't you have to do a lookup by keyid to verify the sig? Hal Received: by ns.secondary.com (8.9.3/8.9.3) id MAA12604 for ietf-openpgp-bks; Tue, 22 Aug 2000 12:44:55 -0700 (PDT) Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA12595 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 12:44:49 -0700 (PDT) Received: from localhost (rabbi@localhost) by thetis.deor.org (8.9.3/8.9.3) with ESMTP id MAA20530; Tue, 22 Aug 2000 12:45:04 -0700 Date: Tue, 22 Aug 2000 12:44:57 -0700 (PDT) From: "L. Sassaman" <rabbi@quickie.net> To: "William H. Geiger III" <whgiii@openpgp.net> cc: sen_ml@eccosys.com, ietf-openpgp@imc.org, Terje Elde <terje@elde.net> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients In-Reply-To: <200008221827.OAA03394@domains.invweb.net> Message-ID: <Pine.LNX.4.21.QNWS_2.0008221241010.19552-100000@thetis.deor.org> X-AIM: Elom777 X-icq: 10735603 X-No-Archive: yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your point is valid, but in some cases requires that the authors of the email programs do The Right Thing as well as the authors of the OpenPGP program/plugin. (For instance, I don't believe that the PGP Outlook plugin could be written in such a way that multiple single recipient messages were sent out. That's an Outlook limitation.) The speculative key-id feature would be something over which the OpenPGP implementors could have full control (in just about all cases). - --Len. On Tue, 22 Aug 2000, William H. Geiger III wrote: > In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org>, on 08/22/00 > at 01:43 AM, "L. Sassaman" <rabbi@quickie.net> said: > > >Why don't we make the "wild card" or "speculative" key id support a > >SHOULD? I at least want to see all the client's being able to properly > >decrypt messages that use this feature. > > I don't have a problem with the speculative keyID support but it does not address the underlying problem: Implementors not understanding basic concepts of e-mail encryption. I came across the issue of KeyID leakage back in '96 and documented it at: > > http://www.openpgp.net/pgpemail_5.html > > Automated PGP processing can be a powerfull tool but there are complex issues involved and an application developer needs to spend the time at the design stage to do it properly. > > -- > --------------------------------------------------------------- > William H. Geiger III http://www.openpgp.net > Geiger Consulting > > Data Security & Cryptology Consulting > Programming, Networking, Analysis > > PGP for OS/2: http://www.openpgp.net/pgp.html > E-Secure: http://www.openpgp.net/esecure.html > --------------------------------------------------------------- > __ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." http://sion.quickie.net | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5otg/PYrxsgmsCmoRAqb+AKDmykHO1lauFw7QdpX+1j2leKQfngCg9vYu Vmaa8f8K1Y34rmcOv+BM1Us= =82Ar -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id LAA09867 for ietf-openpgp-bks; Tue, 22 Aug 2000 11:27:04 -0700 (PDT) Received: from domains.invweb.net (root@domains.invweb.net [198.182.196.32]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA09863 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 11:27:03 -0700 (PDT) Received: from whgiii (root@openpgp.net [199.184.252.29]) by domains.invweb.net (8.9.3/8.9.3) with SMTP id OAA03394; Tue, 22 Aug 2000 14:27:12 -0400 Message-Id: <200008221827.OAA03394@domains.invweb.net> From: "William H. Geiger III" <whgiii@openpgp.net> Date: Tue, 22 Aug 2000 13:20:19 -0500 To: "L. Sassaman" <rabbi@quickie.net> In-Reply-To: <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org> Cc: sen_ml@eccosys.com, ietf-openpgp@imc.org, Terje Elde <terje@elde.net> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.19zg/19zg Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org>, on 08/22/00 at 01:43 AM, "L. Sassaman" <rabbi@quickie.net> said: >Why don't we make the "wild card" or "speculative" key id support a >SHOULD? I at least want to see all the client's being able to properly >decrypt messages that use this feature. I don't have a problem with the speculative keyID support but it does not address the underlying problem: Implementors not understanding basic concepts of e-mail encryption. I came across the issue of KeyID leakage back in '96 and documented it at: http://www.openpgp.net/pgpemail_5.html Automated PGP processing can be a powerfull tool but there are complex issues involved and an application developer needs to spend the time at the design stage to do it properly. -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Data Security & Cryptology Consulting Programming, Networking, Analysis PGP for OS/2: http://www.openpgp.net/pgp.html E-Secure: http://www.openpgp.net/esecure.html --------------------------------------------------------------- Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id LAA09760 for ietf-openpgp-bks; Tue, 22 Aug 2000 11:19:10 -0700 (PDT) Received: from domains.invweb.net (root@domains.invweb.net [198.182.196.32]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA09756 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 11:19:09 -0700 (PDT) Received: from whgiii (root@openpgp.net [199.184.252.29]) by domains.invweb.net (8.9.3/8.9.3) with SMTP id OAA02610; Tue, 22 Aug 2000 14:19:12 -0400 Message-Id: <200008221819.OAA02610@domains.invweb.net> From: "William H. Geiger III" <whgiii@openpgp.net> Date: Tue, 22 Aug 2000 13:03:23 -0500 To: Erron Criddle <ejc@comasp.com> In-Reply-To: <4.3.2.7.0.20000822163657.00af8850@mail.comasp.com> Cc: ietf-openpgp@imc.org, sen_ml@eccosys.com Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.19zg/19zg Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> In <4.3.2.7.0.20000822163657.00af8850@mail.comasp.com>, on 08/22/00 at 02:43 AM, Erron Criddle <ejc@comasp.com> said: >At 01:33 PM 22/08/2000 +0900, sen_ml@eccosys.com wrote: ><snip> >> since this means that each recipient receives a message containing a >> public key encrypted session key packet for each recipient, each recipient >> is able to tell who all of the recipients were (assuming no use of >> speculative key ids) -- or at least all key ids. >> >> even if speculative key ids were to be used, a recipient would likely >> be able to tell that there were other recipients than those implied >> in the headers of a message. also, afaik, nai pgp doesn't support >> speculative key ids, so in terms of interroperability it's not a great >> option at this point. >As far as I'm concerned the Key ID is a complete waste of time unless a >lookup is being made on a server that is automatically decrypting each >message. This is OK here because you can configure the database to store >the Key ID and that makes lookups easier (if there are no duplicate Key >ID's). From my understanding of the Public and Private Keyring >structures, you can only have a Key ID for the highest level key (self >sig.) and cannot store the Key ID's for the subkeys. >For our client software, we are not doing lookups via the Key ID (as it >isn't stored in the public/private keyrings), however the server version >will support lookups via Key ID's. >We have found it better just to do lookups via the User ID - at least you > can store that within the private /public keyring structures. >If anyone can tell me otherwise regarding the storage of Signing and >Encryption Key ID's within the private/public keyrings, it would be >great. IMHO using the userID is *not* the way to go. While userID lookups can be used the first time you are encrypting a message to a new e-mail address precautions need to be made. A dialog between the user should be established to verify that this is the actual key that should be used (anyone can create a key with any userID, multiple keys with the same userID may be present, ...ect). Key lookups need to be based on the 64bit keyID, it's the only way to insure that you are getting the correct key (for signature verifications it is the only way to find the key). Once a user has selected a key to use for a new e-mail address the application should store the 64bit keyID & the e-mail address in a table. For subsequent encryptions to that address the application should lookup the e-mail address in the table and then extract the PGP public key from the keyring using the corresponding keyID. Now granted the keyID is not stored in the key itself, this is not really that big of an issue. I can currently process a 1Gb keyring, calculating all the keyID's, in a couple of mins. For an average size keyring the processing time is less that a second. If you find your application needs to work with large keyrings maintaining a simple external index on the keyring by keyID will greatly improve performance. -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Data Security & Cryptology Consulting Programming, Networking, Analysis PGP for OS/2: http://www.openpgp.net/pgp.html E-Secure: http://www.openpgp.net/esecure.html --------------------------------------------------------------- Received: by ns.secondary.com (8.9.3/8.9.3) id BAA02742 for ietf-openpgp-bks; Tue, 22 Aug 2000 01:56:10 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA02738 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 01:56:07 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id A348197102A6; Tue, 22 Aug 2000 16:56:56 0800 Message-Id: <4.3.2.7.0.20000822163657.00af8850@mail.comasp.com> X-Sender: ejc@mail.comasp.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 22 Aug 2000 16:43:43 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients Cc: sen_ml@eccosys.com In-Reply-To: <20000822133357T.1001@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At 01:33 PM 22/08/2000 +0900, sen_ml@eccosys.com wrote: <snip> > since this means that each recipient receives a message containing a > public key encrypted session key packet for each recipient, each recipient > is able to tell who all of the recipients were (assuming no use of > speculative key ids) -- or at least all key ids. > > even if speculative key ids were to be used, a recipient would likely > be able to tell that there were other recipients than those implied > in the headers of a message. also, afaik, nai pgp doesn't support > speculative key ids, so in terms of interroperability it's not a great > option at this point. As far as I'm concerned the Key ID is a complete waste of time unless a lookup is being made on a server that is automatically decrypting each message. This is OK here because you can configure the database to store the Key ID and that makes lookups easier (if there are no duplicate Key ID's). From my understanding of the Public and Private Keyring structures, you can only have a Key ID for the highest level key (self sig.) and cannot store the Key ID's for the subkeys. For our client software, we are not doing lookups via the Key ID (as it isn't stored in the public/private keyrings), however the server version will support lookups via Key ID's. We have found it better just to do lookups via the User ID - at least you can store that within the private /public keyring structures. If anyone can tell me otherwise regarding the storage of Signing and Encryption Key ID's within the private/public keyrings, it would be great. Cheers. Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id AAA28406 for ietf-openpgp-bks; Tue, 22 Aug 2000 00:43:17 -0700 (PDT) Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA28388 for <ietf-openpgp@imc.org>; Tue, 22 Aug 2000 00:43:11 -0700 (PDT) Received: from localhost (rabbi@localhost) by thetis.deor.org (8.9.3/8.9.3) with ESMTP id AAA02398; Tue, 22 Aug 2000 00:43:23 -0700 Date: Tue, 22 Aug 2000 00:43:16 -0700 (PDT) From: "L. Sassaman" <rabbi@quickie.net> To: sen_ml@eccosys.com cc: ietf-openpgp@imc.org, Terje Elde <terje@elde.net> Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients In-Reply-To: <20000822133357T.1001@eccosys.com> Message-ID: <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org> X-AIM: Elom777 X-icq: 10735603 X-No-Archive: yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why don't we make the "wild card" or "speculative" key id support a SHOULD? I at least want to see all the client's being able to properly decrypt messages that use this feature. On Tue, 22 Aug 2000 sen_ml@eccosys.com wrote: > through some testing of existing mail clients, Terje Elde > <terje@elde.net>, other members of the pgp-users@cryptorights.org > mailing list, and i have noticed that bcc-ed recipient key id > information can be leaked to non-bcc-ed recipients. > > it's probably obvious what the problem is, but for the sake of clarity: > > for the purposes of sending a message to a group of recipients, some > mail clients create a single encrypted message body which is sent > out to all recipients, including bcc-ed recipients. > > since this means that each recipient receives a message containing a > public key encrypted session key packet for each recipient, each recipient > is able to tell who all of the recipients were (assuming no use of > speculative key ids) -- or at least all key ids. > > even if speculative key ids were to be used, a recipient would likely > be able to tell that there were other recipients than those implied > in the headers of a message. also, afaik, nai pgp doesn't support > speculative key ids, so in terms of interroperability it's not a great > option at this point. > > we've found 5 mail clients that suffer this problem so far, so it > seems like it may be a common implementation "choice". > > [ we have also received reports that at least a couple of mail clients > actually encrypt to each recipient separately and thus do not suffer > this problem. ] > __ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." http://sion.quickie.net | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5oi8aPYrxsgmsCmoRAnxyAJ0bAqYcrJDUEUVwIRJ6uz4jsX56kQCgqZkn pqNTNhWyWSduOPkPWIeWbIQ= =XnBR -----END PGP SIGNATURE----- Received: by ns.secondary.com (8.9.3/8.9.3) id VAA15587 for ietf-openpgp-bks; Mon, 21 Aug 2000 21:34:38 -0700 (PDT) Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id VAA15570 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2000 21:34:25 -0700 (PDT) From: sen_ml@eccosys.com Received: (qmail 27014 invoked from network); 22 Aug 2000 04:32:03 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 22 Aug 2000 04:32:03 -0000 To: ietf-openpgp@imc.org Cc: Terje Elde <terje@elde.net> Subject: mail client implementations problem? bcc and encrypting to multiple recipients X-Mailer: Mew version 1.94.2 on Emacs 20.7 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000822133357T.1001@eccosys.com> Date: Tue, 22 Aug 2000 13:33:57 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 28 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> through some testing of existing mail clients, Terje Elde <terje@elde.net>, other members of the pgp-users@cryptorights.org mailing list, and i have noticed that bcc-ed recipient key id information can be leaked to non-bcc-ed recipients. it's probably obvious what the problem is, but for the sake of clarity: for the purposes of sending a message to a group of recipients, some mail clients create a single encrypted message body which is sent out to all recipients, including bcc-ed recipients. since this means that each recipient receives a message containing a public key encrypted session key packet for each recipient, each recipient is able to tell who all of the recipients were (assuming no use of speculative key ids) -- or at least all key ids. even if speculative key ids were to be used, a recipient would likely be able to tell that there were other recipients than those implied in the headers of a message. also, afaik, nai pgp doesn't support speculative key ids, so in terms of interroperability it's not a great option at this point. we've found 5 mail clients that suffer this problem so far, so it seems like it may be a common implementation "choice". [ we have also received reports that at least a couple of mail clients actually encrypt to each recipient separately and thus do not suffer this problem. ] Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA07287 for ietf-openpgp-bks; Tue, 8 Aug 2000 08:25:55 -0700 (PDT) Received: from picard.noroff.no ([212.20.204.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA07278 for <ietf-openpgp@imc.org>; Tue, 8 Aug 2000 08:25:54 -0700 (PDT) Received: by picard.noroff.no (Postfix, from userid 815) id 6B54122010; Tue, 8 Aug 2000 18:14:07 +0200 (CEST) Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by picard.noroff.no (Postfix) with ESMTP id 7B9DFB3802 for <magg@NOROFF.NO>; Tue, 8 Aug 2000 18:14:00 +0200 (CEST) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id KAA27062 for ietf-123-outbound.09@ietf.org; Tue, 8 Aug 2000 10:55:02 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id KAA26702 for <all-ietf@loki.ietf.org>; Tue, 8 Aug 2000 10:17:45 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03102; Tue, 8 Aug 2000 10:17:40 -0400 (EDT) Message-Id: <200008081417.KAA03102@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-multsig-01.txt Date: Tue, 08 Aug 2000 10:17:40 -0400 X-AntiVirus: scanned for viruses by AMaViS 0.2.1-pre2 (http://amavis.org/) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : Multiple Signatures using Security Multiparts Author(s) : D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-multsig-01.txt Pages : 6 Date : 07-Aug-00 This document describes how the Security Multiparts defined in RFC 1847 [1] can be used to transport multiple digital signatures. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to <ietf-openpgp-request@imc.org> with the single word 'subscribe' in the subject. A web site containing an archive of the list can be found at <http://www.imc.org/ietf-openpgp>. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-multsig-01.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-multsig-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-multsig-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20000807142032.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-multsig-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-multsig-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20000807142032.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA04725 for ietf-openpgp-bks; Tue, 8 Aug 2000 08:15:16 -0700 (PDT) Received: from picard.noroff.no ([212.20.204.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA04712 for <ietf-openpgp@imc.org>; Tue, 8 Aug 2000 08:15:14 -0700 (PDT) Received: by picard.noroff.no (Postfix, from userid 815) id 5F45C22010; Tue, 8 Aug 2000 18:03:27 +0200 (CEST) Received: from loki.ietf.org (loki.ietf.org [132.151.1.177]) by picard.noroff.no (Postfix) with ESMTP id B2289B3802 for <magg@NOROFF.NO>; Tue, 8 Aug 2000 18:03:24 +0200 (CEST) Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id KAA26984 for ietf-123-outbound.09@ietf.org; Tue, 8 Aug 2000 10:45:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id KAA26695 for <all-ietf@loki.ietf.org>; Tue, 8 Aug 2000 10:17:40 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03078; Tue, 8 Aug 2000 10:17:35 -0400 (EDT) Message-Id: <200008081417.KAA03078@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-02.txt Date: Tue, 08 Aug 2000 10:17:35 -0400 X-AntiVirus: scanned for viruses by AMaViS 0.2.1-pre2 (http://amavis.org/) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-02.txt Pages : 12 Date : 07-Aug-00 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to <ietf-openpgp-request@imc.org> with the single word 'subscribe' in the subject. An archive of the working group's list is located at <http://www.imc.org/ietf-openpgp>. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-02.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20000807142014.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20000807142014.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by ns.secondary.com (8.9.3/8.9.3) id HAA29328 for ietf-openpgp-bks; Tue, 8 Aug 2000 07:13:32 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA29320 for <ietf-openpgp@imc.org>; Tue, 8 Aug 2000 07:13:30 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03102; Tue, 8 Aug 2000 10:17:40 -0400 (EDT) Message-Id: <200008081417.KAA03102@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-multsig-01.txt Date: Tue, 08 Aug 2000 10:17:40 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : Multiple Signatures using Security Multiparts Author(s) : D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-multsig-01.txt Pages : 6 Date : 07-Aug-00 This document describes how the Security Multiparts defined in RFC 1847 [1] can be used to transport multiple digital signatures. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to <ietf-openpgp-request@imc.org> with the single word 'subscribe' in the subject. A web site containing an archive of the list can be found at <http://www.imc.org/ietf-openpgp>. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-multsig-01.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-multsig-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-multsig-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20000807142032.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-multsig-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-multsig-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20000807142032.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by ns.secondary.com (8.9.3/8.9.3) id HAA29316 for ietf-openpgp-bks; Tue, 8 Aug 2000 07:13:27 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA29309 for <ietf-openpgp@imc.org>; Tue, 8 Aug 2000 07:13:25 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03078; Tue, 8 Aug 2000 10:17:35 -0400 (EDT) Message-Id: <200008081417.KAA03078@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-mime-02.txt Date: Tue, 08 Aug 2000 10:17:35 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : MIME Security with OpenPGP Author(s) : M. Elkins, D. Del Torto, R. Levien, T. Roessler Filename : draft-ietf-openpgp-mime-02.txt Pages : 12 Date : 07-Aug-00 This document describes how the OpenPGP Message Format [1] can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847 [2]. This draft is being discussed on the 'ietf-openpgp' mailing list. To join the list, send a message to <ietf-openpgp-request@imc.org> with the single word 'subscribe' in the subject. An archive of the working group's list is located at <http://www.imc.org/ietf-openpgp>. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-02.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-mime-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-mime-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20000807142014.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-mime-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-mime-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20000807142014.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by ns.secondary.com (8.9.3/8.9.3) id PAA23393 for ietf-openpgp-bks; Fri, 4 Aug 2000 15:29:10 -0700 (PDT) Received: from mail.ec.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.201]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA23389 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 15:29:08 -0700 (PDT) Received: from kahu.cs.auckland.ac.nz (pgut001@kahu.cs.auckland.ac.nz [130.216.36.13]) by mail.ec.auckland.ac.nz (8.9.3/8.8.6/cs-master) with SMTP id KAA23528; Sat, 5 Aug 2000 10:32:50 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by kahu.cs.auckland.ac.nz (relaymail v0.9) id <96542836932543>; Sat, 5 Aug 2000 10:32:49 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ejc@comasp.com, hal@finney.org, ietf-openpgp@imc.org Subject: Re: OpenPGP as a standard Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on kahu.cs.auckland.ac.nz Date: Sat, 5 Aug 2000 10:32:49 (NZST) Message-ID: <96542836932543@kahu.cs.auckland.ac.nz> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> hal@finney.org writes: >What about S/MIME? It doesn't say anything about what you do when spooling >data to disk in order to calculate a signature on it, does it? Do these people >you know say that S/MIME shouldn't become a standard either? S/MIME is one-pass, it wouldn't spool anything to disk unless it's badly written (that doesn't mean it doesn't contain some serious braindamage, like the ridiculous base64 encoding at each level to bloat up the size and provide known plaintext for attackers, but forcing you to spool data to disk isn't one of its problems). Peter. Received: by ns.secondary.com (8.9.3/8.9.3) id OAA23014 for ietf-openpgp-bks; Fri, 4 Aug 2000 14:58:27 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA23009 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 14:58:25 -0700 (PDT) From: hal@finney.org Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id PAA08644; Fri, 4 Aug 2000 15:00:19 -0700 Date: Fri, 4 Aug 2000 15:00:19 -0700 Message-Id: <200008042200.PAA08644@finney.org> To: ejc@comasp.com, ietf-openpgp@imc.org Subject: Re: OpenPGP as a standard Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Erron Criddle writes: > From discussions with people who have been involved with the standards > process, they believe that the OpenPGP RFC has a long way to go before it > would be accepted as a standard because the processing requirements of > OpenPGP have been superficially regarded with respect to packet formats > such as the calculation of the length of a packet and the combined security > of the actual packet (ie as OpenPGP is a security standard, so NO data > should be spooled to disk unless it is encrypted somehow). What about S/MIME? It doesn't say anything about what you do when spooling data to disk in order to calculate a signature on it, does it? Do these people you know say that S/MIME shouldn't become a standard either? > For example, in order to calculate the length of a stream of literal data > (before it is prepended with a one pass sig and appended with a standard > sig, and subsequently compressed then encrypted), you have to spool the > data to the disk if it is a very large file. In order to maintain security, > the data SHOULD be encypted to disk, however when we want to build the > above packet, we would then have to decrypt the data so it could be > prepended with the 1P sig, appended with the normal sig and then compressed > then encrypted ONCE AGAIN...etc etc Actually, as I think you mentioned in a later mail, OpenPGP goes to some lengths to define data formats which will avoid this problem. This is why we added one-pass signatures, and why we added partial packet length specifiers. So your people are apparently not even that familiar with the standard. > This is one example I have been quoted and I cannot say there are > equivalent examples that "may" slow down the process of OpenPGP becoming a > standard. It sounds to me like your people are looking for excuses. The real problem I see with OpenPGP is simply that so few people implement it. Making it an internet standard will not suddenly make people rush to produce implementations, any more than making it a proposed standard did. Hal Finney Received: by ns.secondary.com (8.9.3/8.9.3) id OAA22519 for ietf-openpgp-bks; Fri, 4 Aug 2000 14:03:09 -0700 (PDT) Received: from natasha.sj.counterpane.com (natasha.sj.counterpane.com [63.196.29.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA22515 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 14:03:07 -0700 (PDT) Received: from natasha.sj.counterpane.com (root@localhost) by natasha.sj.counterpane.com with ESMTP id OAA16653; Fri, 4 Aug 2000 14:06:57 -0700 (PDT) Received: from [63.73.97.187] (eris.sj.counterpane.com [172.20.1.38]) by natasha.sj.counterpane.com with ESMTP id OAA16648; Fri, 4 Aug 2000 14:06:54 -0700 (PDT) Mime-Version: 1.0 X-Sender: jon@merrymeet.com Message-Id: <p04320403b5b0a66dde79@[63.73.97.187]> In-Reply-To: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> References: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> Date: Fri, 4 Aug 2000 13:59:23 -0700 To: Erron Criddle <ejc@comasp.com>, ietf-openpgp@imc.org From: Jon Callas <jon@callas.org> Subject: Re: OpenPGP as a standard Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At 3:49 PM +0800 8/4/00, Erron Criddle wrote: >To all, > >I'm e-mailing regarding the possibility of OpenPGP becoming a standard. > > From discussions with people who have been involved with the standards >process, they believe that the OpenPGP RFC has a long way to go before it >would be accepted as a standard because the processing requirements of >OpenPGP have been superficially regarded with respect to packet formats >such as the calculation of the length of a packet and the combined security >of the actual packet (ie as OpenPGP is a security standard, so NO data >should be spooled to disk unless it is encrypted somehow). > Huh? Which people? I agree with Werner. The only things that are needed are for some people to do some interoperability testing, and buffing and polishing on the spec. You and others have pointed out places where it's not as clear as it should be. Lots of us have been looking at it for so long we can't tell. All of the discussion about things lately has been great for clarifying the spec. >For example, in order to calculate the length of a stream of literal data >(before it is prepended with a one pass sig and appended with a standard >sig, and subsequently compressed then encrypted), you have to spool the >data to the disk if it is a very large file. In order to maintain security, >the data SHOULD be encypted to disk, however when we want to build the >above packet, we would then have to decrypt the data so it could be >prepended with the 1P sig, appended with the normal sig and then compressed >then encrypted ONCE AGAIN...etc etc > >This is one example I have been quoted and I cannot say there are >equivalent examples that "may" slow down the process of OpenPGP becoming a >standard. > You bring up an interesting issue, but it has nothing to do with OpenPGP becoming a standard. Sorry. It's always possible that you *can* come up with a situation where as an implementor, you have to spool data to disk while processing it. Cope. >Can anyone give me any information on the status of OpenPGP in becoming a >standard as this information would definitely be helpful for those who are >implementing the OpenPGP RFC. > As has been mentioned, there has to be some interoperability testing done. That's mainly what has to be done. Then we just need to agree whether 2440 or some later draft progresses, and then push it on the line. If it's a later draft, then that has to become an RFC. Jon Received: by ns.secondary.com (8.9.3/8.9.3) id DAA21482 for ietf-openpgp-bks; Fri, 4 Aug 2000 03:08:21 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id DAA21478 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 03:08:19 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id A9EB7D30188; Fri, 04 Aug 2000 18:12:11 0800 Message-Id: <4.3.2.7.0.20000804173800.02866e08@mail.comasp.com> X-Sender: ejc@mail.comasp.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 04 Aug 2000 18:00:12 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: Re: OpenPGP as a standard Cc: sen_ml@eccosys.com In-Reply-To: <20000804175351R.1001@eccosys.com> References: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At 05:53 PM 4/08/2000 +0900, you wrote: >From: Erron Criddle <ejc@comasp.com> >Subject: OpenPGP as a standard >Date: Fri, 04 Aug 2000 15:49:18 +0800 >Message-ID: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> > > > I'm e-mailing regarding the possibility of OpenPGP becoming a standard. > >i am very confused by what you mean by "becoming a standard". would you >mind elaborating? When I speak about a "standard", I am talking about OpenPGP becoming an IETF standard. Look at: http://www.imc.org/smime-pgpmime.html; it states: "The charter for the OpenPGP WG states clearly that the purpose of the group is to create protocols based on PGP that can become IETF standards" I have also satisfied the quoted persons concerns regarding the length specifier (ie OpenPGP as a standard) as OpenPGP can handle an unspecified length field quite nicely and thus there is no over processing required :) Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id CAA21055 for ietf-openpgp-bks; Fri, 4 Aug 2000 02:47:11 -0700 (PDT) Received: from djebel.gnupg.de (mail@djebel.openit.de [194.77.127.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA21051 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 02:47:09 -0700 (PDT) Received: from wk by djebel.gnupg.de with local (Exim 2.05 #1 (Debian)) id 13Ke9x-0000sC-00; Fri, 4 Aug 2000 11:52:57 +0200 Date: Fri, 4 Aug 2000 11:52:57 +0200 From: Werner Koch <wk@gnupg.org> To: ietf-openpgp@imc.org Subject: Re: OpenPGP as a standard Message-ID: <20000804115257.F2885@djebel.openit.de> Mail-Followup-To: ietf-openpgp@imc.org References: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> <20000804175351R.1001@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.8i In-Reply-To: <20000804175351R.1001@eccosys.com>; from sen_ml@eccosys.com on Fri, Aug 04, 2000 at 05:53:51PM +0900 X-URL: http://www.openit.de X-PGP-KeyID: 621CC013 X-Request-PGP: finger:wkoch@sigtrap.guug.de Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Fri, 4 Aug 2000, sen_ml@eccosys.com wrote: > i am very confused by what you mean by "becoming a standard". would you > mind elaborating? Probably he wants to say: Moving from status Proposed Standard to Draft Standard. Several times we started to do the needed compatibility tests, but due to shortages of time we haven't moved any further :-(. Frankly it should be pretty easy do go to Draft - There are a few implemenations and they all interoperate; it is just that some folks sit down and do some actual testing. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de Received: by ns.secondary.com (8.9.3/8.9.3) id CAA21012 for ietf-openpgp-bks; Fri, 4 Aug 2000 02:45:57 -0700 (PDT) Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id CAA21007 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 02:45:56 -0700 (PDT) Received: from dopey.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP id <g.09416-0@bells.cs.ucl.ac.uk>; Fri, 4 Aug 2000 10:49:41 +0100 Message-ID: <398A916E.7C857451@cs.ucl.ac.uk> Date: Fri, 04 Aug 2000 10:48:30 +0100 From: Ian Brown <I.Brown@cs.ucl.ac.uk> X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: hal@finney.org CC: ietf-openpgp@imc.org Subject: Re: Forward secrecy References: <200008040100.SAA06859@finney.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Hal, Thanks for the comments :) We did include mechanisms for specifying the one-time pad to be used to decrypt a given message: -- 4.2 One-time pad reference ... - A four-octet date when the referenced one-time pad was created. - A four-octet offset specifying the first octet in the referenced pad that should be used as key. -- ie the creation time was meant to be a pseudo-ID. But I am quite happy to take out the OTP section if that's what people want: if anyone later feels they need it, they would be welcome to cannabalise our text as the starting point for a new RFC. What are other people's thoughts? > One is what has recently been discussed on the ukcrypto list, which is > to provide a mechanism in the client to surrender selected session keys > rather than public keys, under court order. This provides a minimal > way of complying with the new UK laws. I have added the following paragraph to the "Key Surrender" section: "The least compromising key required MUST be the one surrendered. The session key used to encrypt an individual message will often be sufficient. Otherwise, a subkey should be surrendered before a long-term top-level key. Signature keys should not be surrendered unless absolutely necessary." > Another idea, which would be much harder to specify clearly, was > something that PRZ proposed to me way back in 1992. Similar to the > one-use decryption keys, he proposed that communicating parties cache a > session key to be used over a series of messages, updating it for each > message transfer. You could get forward secrecy by doing something like > new_key = hash(old_key), with appropriate precautions. This would be a > lighter weight mechanism than the one-use decryption keys, but it would > be more of a change to the OpenPGP standard. This is nice, but does need a reasonable amount of work to specify. If people feel this would be valuable, we could discuss it further. Ian :) Received: by ns.secondary.com (8.9.3/8.9.3) id BAA17571 for ietf-openpgp-bks; Fri, 4 Aug 2000 01:50:18 -0700 (PDT) Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA17560 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 01:50:15 -0700 (PDT) From: sen_ml@eccosys.com Received: (qmail 26713 invoked from network); 4 Aug 2000 08:52:23 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 4 Aug 2000 08:52:23 -0000 To: ietf-openpgp@imc.org Subject: Re: OpenPGP as a standard In-Reply-To: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> References: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> X-Mailer: Mew version 1.94.2 on Emacs 20.7 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000804175351R.1001@eccosys.com> Date: Fri, 04 Aug 2000 17:53:51 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 9 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> From: Erron Criddle <ejc@comasp.com> Subject: OpenPGP as a standard Date: Fri, 04 Aug 2000 15:49:18 +0800 Message-ID: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> > I'm e-mailing regarding the possibility of OpenPGP becoming a standard. i am very confused by what you mean by "becoming a standard". would you mind elaborating? Received: by ns.secondary.com (8.9.3/8.9.3) id AAA12238 for ietf-openpgp-bks; Fri, 4 Aug 2000 00:57:14 -0700 (PDT) Received: from mail.comasp.com (dns2.techrron.com.au [203.38.66.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id AAA12234 for <ietf-openpgp@imc.org>; Fri, 4 Aug 2000 00:57:11 -0700 (PDT) Received: from pc.comasp.com [203.38.66.8] by mail.comasp.com with ESMTP (SMTPD32-4.06) id AB3D8A950210; Fri, 04 Aug 2000 16:01:17 0800 Message-Id: <4.3.2.7.0.20000804153640.00b98a70@mail.comasp.com> X-Sender: ejc@mail.comasp.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 04 Aug 2000 15:49:18 +0800 To: ietf-openpgp@imc.org From: Erron Criddle <ejc@comasp.com> Subject: OpenPGP as a standard Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> To all, I'm e-mailing regarding the possibility of OpenPGP becoming a standard. From discussions with people who have been involved with the standards process, they believe that the OpenPGP RFC has a long way to go before it would be accepted as a standard because the processing requirements of OpenPGP have been superficially regarded with respect to packet formats such as the calculation of the length of a packet and the combined security of the actual packet (ie as OpenPGP is a security standard, so NO data should be spooled to disk unless it is encrypted somehow). For example, in order to calculate the length of a stream of literal data (before it is prepended with a one pass sig and appended with a standard sig, and subsequently compressed then encrypted), you have to spool the data to the disk if it is a very large file. In order to maintain security, the data SHOULD be encypted to disk, however when we want to build the above packet, we would then have to decrypt the data so it could be prepended with the 1P sig, appended with the normal sig and then compressed then encrypted ONCE AGAIN...etc etc This is one example I have been quoted and I cannot say there are equivalent examples that "may" slow down the process of OpenPGP becoming a standard. Can anyone give me any information on the status of OpenPGP in becoming a standard as this information would definitely be helpful for those who are implementing the OpenPGP RFC. Regards Erron Criddle Comasp Ltd. Level 2, 45 Stirling Hwy NEDLANDS WA 6009 Australia Fax: 08 9386 9473 Tel: 08 9386 9534 http://www.comasp.com ejc@comasp.com Received: by ns.secondary.com (8.9.3/8.9.3) id RAA07501 for ietf-openpgp-bks; Thu, 3 Aug 2000 17:58:44 -0700 (PDT) Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA07493 for <ietf-openpgp@imc.org>; Thu, 3 Aug 2000 17:58:42 -0700 (PDT) From: hal@finney.org Received: (from hal@localhost) by finney.org (8.9.3/8.9.3) id SAA06859; Thu, 3 Aug 2000 18:00:12 -0700 Date: Thu, 3 Aug 2000 18:00:12 -0700 Message-Id: <200008040100.SAA06859@finney.org> To: I.Brown@cs.ucl.ac.uk Subject: Re: Forward secrecy Cc: ietf-openpgp@imc.org Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> A comment on http://www.ietf.org/internet-drafts/draft-brown-pgp-pfs-00.txt, "Forward Secrecy Extensions for OpenPGP". The ideas here are good, but I object to the inclusion of the one time pad as a new cryptographic method for OpenPGP. Although OTPs can provide forward secrecy, this is not their main purpose (which is to provide absolute secrecy). And to use them primarily for this purpose requires some care which the proposed mechanism doesn't really address. In particular, there is nothing in the proposal for distinguishing multiple OTPs, or for indicating which ones should be used for a given decryption. Also, there is no mechanism for selectively erasing just part of a given OTP. The assumption seems to be that there is one OTP, and it is used to decrypt one message, then it is deleted. Given the tremendous difficulty of distributing a OTP, this is not a practical mode of operation. But rather than fixing this up by providing OTP identifiers, storage modes, ways to keep track of which parts of a OTP should be deleted, etc., I think this whole section should be removed. It goes too far beyond the claimed scope of the document. Adding a OTP is a whole new area of functionality for OTP. It doesn't belong in a document like this, IMO. There are some other ideas you might want to consider. One is what has recently been discussed on the ukcrypto list, which is to provide a mechanism in the client to surrender selected session keys rather than public keys, under court order. This provides a minimal way of complying with the new UK laws. The document proposes that when you export a private key in the clear, it should be automatically revoked with an appropriate reason-for- revocation flag set. This is reasonable, although it is obviously easy to force someone to give you their key without triggering this mechanism, by having them export it encrypted but tell you the passphrase. Another idea along these lines is to have a mode to export the private part of only the subkeys, or perhaps a single subkey, while exporting only the public part of the top level signature key. Perhaps rather than triggering a revocation, it could set the bit in the self-signature key flags meaning "the private component of this key may be in the possession of more than one person". Then you'd want to have the clients display keys with this bit set in some special way. Another idea, which would be much harder to specify clearly, was something that PRZ proposed to me way back in 1992. Similar to the one-use decryption keys, he proposed that communicating parties cache a session key to be used over a series of messages, updating it for each message transfer. You could get forward secrecy by doing something like new_key = hash(old_key), with appropriate precautions. This would be a lighter weight mechanism than the one-use decryption keys, but it would be more of a change to the OpenPGP standard. Hal
- FlowerFunds - Fund Raising Program sfaquestions