Re: Security Problems

Brad Knowles (brad@azathoth.ops.aol.com)
Mon, 4 Mar 1996 17:19:45 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Terry Ritter: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"

On Mar 4,  1:50pm, Terry Ritter wrote:

>  It is one thing to know that a message is ciphertext, and something 
>  else again to know what sort of file the deciphered data actually 
>  represent.
> 
>  My point is that the ciphertext payload can include inside it the
>  information needed to define the data as a particular type, and 
>  that this is separate and distinct from knowing that the payload 
>  has been enciphered.  
> 
>  If the standards really are about labeling the data, they should 
>  be applied *under* the cipher.

    Once again, this gets back to the opaque labelling issue.  This
has been hashed and rehashed multiple times.  It is patently obvious
that, for encrypted data, the labelling of the type of data that is
encrypted should itself be available inside the encrypted
object/message.

    However, what is not necessarily obvious is that there may be
times when the user doesn't care if people know what type of data it
is that is encrypted, and for these users, we should explicitly allow
them to have that information available outside the ciphertext object.
This is for gateway and IMAP friendliness.


    The default should be for this data to be opaque inside the
encrypted object, but that default should be able to be over-ridden.
Just like some documents within the federal government have classified
titles (and whose very existance is classified), and some are
classified themselves but whose titles are not classified, it should
be possible to force the content-type labelling to be either opaque or
transparent as the situation and user demand.

    The standard should err on the side of security (opaque), but we
must not allow this to be a straightjacket on the user, because the
second-worst security of all is security that doesn't get used because
it is too restrictive.  Of course, the worst security of all is
that which gives the user a false sense of security, because of either
inherent flaws in the protocol or because of inherent weaknesses in
the underlying cryptography.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator          <http:www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148

Previous message: Terry Ritter: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"