IETF Logo Mail Archive

Re: [Internet-Drafts@ietf.org:

"Theodore Y. Ts'o" <tytso@mit.edu> Sat, 05 October 1996 13:34 UTC

Received: from cnri by ietf.org id aa09727; 5 Oct 96 9:34 EDT
Received: from neptune.hq.tis.com by CNRI.Reston.VA.US id aa07810; 5 Oct 96 9:34 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa10201; 5 Oct 96 9:13 EDT
Date: Fri, 04 Oct 1996 16:37:34 -0400
Message-Id: <9610042037.AA11249@dcl.MIT.EDU>
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Peter Williams <peter@verisign.com>
Cc: "'Theodore Y. Ts'o'" <tytso@mit.edu>, 'Dave Crocker' <dcrocker@brandenburg.com>, "'pem-dev@tis.com'" <pem-dev@tis.com>
In-Reply-To: Peter Williams's message of Fri, 4 Oct 1996 12:20:23 -0700, <01BBB1EE.71940740@Peter.verisign.com>
Subject: Re: [Internet-Drafts@ietf.org:
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
Sender: pem-dev-approval@neptune.tis.com
Precedence: bulk

   From: Peter Williams <peter@verisign.com>
   Date: Fri, 4 Oct 1996 12:20:23 -0700

Umm.... wow.  I'm not sure how to respond to all of this.  Methinks
there is a lot of emotion and invective which has gotten stirred up.
Most of the time people accuse the PGP-partisans of being the ones who
serve up this sort of thing, but I see there are anti-PGP people who do
similar things. 

   An implementor of the PGP standards can choose
   the algoirhtms they desire, you say. Will theyl
   not be allowed to market it as PGP(TM)!

I don't know; you'd have to talk to PGP, inc. about that.  I know that
there has been talk of support alternative algorithms, and the pgplib
work that is on-going will have some alternatives.  (I'm not intimately
involved, so I don't know all of the details.)

   So that I get the algoirhtm technology switching capability established and
   framework choices, so I then use the math and key lengths which I choose
   and trust for my risks, rather than  that which Phil Z happen to
   believe in this month. I dont trust Phil Z, or anyone but myself or
   other Euro folk, to make cryptographic choices for my usage.

Actually, PGP has always allowed you to choose your own key length, as
you see fit.  I happen to use a 1024 bit PGP key for signatures, and a
768 bit key for encryption.  Am I being too paranoid?  Not paranoid
enough?  Each person can make their own choice.

As far as algorithm choice, all software has some limitations as to what
they support.

   If I do agree an algoirhtm for an application, I want a Euro based
   implemenation when I use it! Who knows what the Yanks have stuffed
   inside their exported implementations, to spy, or otherewise make
   insecure.

Actually, there is a euro-based implementation of PGP....  PGP was
actually developped outside of the U.S., and then re-imported back into
the U.S.  So, there are now two parallel implementation tracks; one
inside the U.S., and one outside the U.S.  Given that the source code is
available for anyone to look at, people can look at it and decide for
themselves whether or not there are any "trap doors" hidden in it.

Many of the concerns voiced about Clipper/fortezza simply don't apply
with PGP, because the source code is freely available for anyone to look
at.

   No Ted, we need algoirhtm choice, and multiple implementations,
   I suggest. Sure practical commercial parties will agree profiles to get on
   with real life and do trade with the rest of the work. There may even
   be a massive  US->Europe or US-> Asia export trade of crypto, for low
sensitivity
   material. Most material is after all very low sensitivity!

I agree that algorithm choice and multiple implementations are good.
However, even if most material is low sensitivity, that doesn't
necessary mean that they should use weak algorithms.  If there aren't
any downsides to using high grade crypto, it's of course better to
always use high grade crypto.  Otherwise, the traffic analysis
opportunities become... interesting.

   If PGP (the technical standard) is open and free for anyone to use and
   implement, then lets use it. I dont care about syntax; I care
   about use patterns, and personal management of risks, based on trust.

The protocol is freely available.  The trademark, though, is a red
herring.  Anyone can write to a protocol spec, and then claim that their
product is upwards compatible with (say) PGP without violating trademark
issues.  They might not be able to *call* their product PGP, but so
what?  You don't call your product PEM or S/MIME, you give it some
catchy name, like NetScape or Eudora, and then say that NetScape or
Eudora follows the following Internet standards.....

   Crypto is all about politics, Ted. Why do you think
   we dont have general availability of secure mail widgets everywhere,
   yet!! Its certainly nothing to do with technology issues.

I'd politely suggest that we take politics to alt.flame.  PGP certainly
has a perception problem amongst certain organization, just as PEM
became forever tainted with the "we accept nothing less than pissing-in-
a-bottle-and-get-a-drug-test level of security".  Given your
invectitude, it sounds like your mind is made up already, although I
would encourage you to do a little bit of research and perhaps open your
mind to other points of view.

However, there's little we can do about this and other politicla issues
on this list, short of wasting more bandwidth and time.  Bandwidth is
cheap.  Time, though, is not.

						- Ted

v2.23.0 | Report a Bug | By Email