Re: Security Problems

Brad Knowles (brad@his.com)
Tue, 5 Mar 1996 01:27:57 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Brad Knowles: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"

At 6:48 PM 3/4/96, Terry Ritter wrote:

>  I'm not sure that this is my issue, but if it really has been
>  "hashed and rehashed" I would say the topic holds broad interest
>  and may not have been solved in a satisfying way.

    I would submit that the reason it has been rehashed multiple
times is that there are people who are either unwilling or incapable
of understanding why anyone in the Universe could ever possibly want
to have labelling of encrypted data available outside the object
itself.

>  *If*, however, "gateway and IMAP friendliness" *really do* depend
>  upon open labeling, then the gateway and IMAP may need to be
>  redesigned for friendly secure operation.

    In order to make intelligent decisions about objects (you're
across a 2400 baud modem line, and you really don't want to download
that 10MB video, whether it's encrypted or not), IMAP needs to be
able to get to the content-type information of as many of the objects
as it can.  Since gateways transform one data type into another, in
order for them to be able to make the most intelligent transforms
possible, they also need to have as much information about the
objects as can be made available.

    Now, in order to keep gateways and message store access protocols
like IMAP useful, you *really* don't want to store all your private
keys on those machines, do you?  I didn't think so....  The prospect
of encrypting your private keys, uploading them to the server so that
it can use them to temporarily decrypt the objects to make
intelligent decisions about them, and then trust that the server will
remove its in-memory cop{y/ies} of the key(s) in question is not a
particularly attractive one, either....



    Granted, there are times when you want nothing but an encrypted
object visible.  Then gateways and IMAP will just have to make their
best guess about something based on it's size or what little
information they do have.  But making the standard rigid and gateway
hostile guarantees that many people won't use it, and therefore your
work (and more importantly, mine) will have been wasted.  In theory,
we're all here to not only create a standard, but also to create a
standard that will actually get used by real people.


    See a previous post of mine regarding the nature of standards and
how important it is for them to refrain from being gateway-hostile
where possible (which is certainly the case here) and to even be
gateway friendly where feasible (which is arguably the case here, as
well).

--
Brad Knowles,                                  MIME/PGP: brad@his.com
    comp.mail.sendmail FAQ Maintainer     <http://www.his.com/~brad/>
        finger brad@his.com for my PGP Public Key and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>

Previous message: Brad Knowles: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"