RE: Context sensitive encryption

Michael Elkins (elkins@aero.org)
Fri, 16 Feb 1996 12:57:25 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Edward A. Russell: "RE: Context sensitive encryption"
In reply to: Edward A. Russell: "RE: Context sensitive encryption"

On Feb 16, "Edward A. Russell" <erussell@ftp.com> wrote:
> That makes my life absolutely miserable.
> 
> I am operating in a Win95 MAPI environment where I have no access to 
> the transports (I have no idea what transports I might be running over). 
> Any mime conversion is done by the transport.  But I want to handle PGP 
> up in my application so the messages STAY encrypted in the message 
> store until the user deletes them.
> 
> If I decrypt a message and I now have a mime  encoded object I won't 
> know what to do with it (that is, again, all the mime stuff was already 
> down in the transport).

This is a problem for clients that support IMAP as well.  I found this out
after I implemented a Unix IMAP client and I tried to implement the PGP/MIME
draft and couldn't do it, for two reasons: (1) I could not verify a
signature because I did not have access to the "content" headers, and (2)
my client did no MIME parsing.

> I wish PGP "objects" were simply wrapped or whatever as MIME objects.
> That way, the transport delivers to me PGP objects (as attachments or 
> message body) and I can deal with it under user control.
> 
> Someone said last week (and I may have gotten it wrong)  that part of 
> the reason for your scheme  is that you cannot encrypt or sign things 
> without converting it to 7-bit ascii, or 64 bit radix or whatever.  I still don't 
> understand that.

Just a minor clarification: it is _OK_ to encrypt 8-bit (or binary) data
without conversion to a 7-bit format (Q-P or B64) so long as you are not
signing it.  The reason for conversion to 7-bit in the case of signatures
is so that you can still transmit data across a 7-bit SMTP infrastructure if
you decide to strip off the encryption "layer" and still retain a valid
signature.

> I am taking binary files,  sign/encrypting them or signing 
> them using a seperate signature file,  then MIME encoding them and 
> sending them off.  When I receive them, they are de-MIMED and I have 
> either the encrypted binary which decrypts fine, or the seperate 
> signature which validates the binary file just fine.   I can PGP binary 
> objects safely and I can MIME binary objects safely afterwards.  Where's 
> the problem.  And if there is none, why do I have to have MIME objects 
> inside of PGP objects?

The _big_ problem with doing it that way is that any observer knows what
type of data is inside the encrypted block.  It is absolutely essential
that the content-type be hidden except to the recipient of the encrypted
data.  The issue is not that PGP can't do it, but that it's a security
hole to do it that way.

me
--
Michael Elkins <elkins@aero.org>    http://www.cs.hmc.edu/~me/index.html
 PGP mail preferred.  Key availible via web or 'finger -l me@cs.hmc.edu'
   Key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC
     "I could be wasting my time more productively than this." --me

Previous message: Edward A. Russell: "RE: Context sensitive encryption"
In reply to: Edward A. Russell: "RE: Context sensitive encryption"