Re: Security Problems

Barton E. Schaefer (schaefer@z-code.ncd.com)
Wed, 6 Mar 1996 10:18:26 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dave Crocker: "Re: Draft of workshop notes"
In reply to: Raph Levien: "Re: Draft of workshop notes"

On Mar 6, 2:14am, Terry Ritter wrote:
} Subject: Re: Security Problems
}
}  I argue that *enciphered* data is *not* just another data type, 
}  but an inherently different *level* of description.  [...]
} 
}  [...]  The extension of email to carry binary objects was an
}  important and long-overdue development.  MIME is thus both
}  desirable and necessary to *carry* the enciphered payload.
}  I would like to see this as some sort of untyped binary blob.

That is at the very heart of the conflict.  MIME explicitly does NOT
support transmission of untagged payloads!  As soon as you assert
that the payload must be untagged, you've removed MIME processing
from the equation.

The tag need only be something like application/penknife, with no
details of what that entails, but the tag must be there.  I repeat
what I said before:  Arguing about this on cryptographic grounds
is getting us nowhere.

} >2.  The client MUST be able to identify those cases in which any given
} >    extension should be applied, and MUST NOT be required to apply
} >    processing for such an extension in cases where it is irrelevant.
} 
}  I have no problem with this.  I would like to see an untyped, 
}  unlabelled binary object which the user then deciphers using a 
}  cipher and key known to him or her.  Hopefully that binary object 
}  would also have other uses.

If the object is untyped and unlabeled, a user *agent* cannot know
to decipher it without explicit user intervention.  If the user
*agent* doesn't know to decipher it, it doesn't know that it should
apply MIME processing within the deciphered object.  If you remove
the ability of the user *agent* to automatically perform this kind
of recursive processing, you've stepped outside the MIME system and
therefore outside the scope of what I believe we're attempting to
accomplish with the current discussion.

} >It's a waste of everyone's time to debate on cryptographic grounds the
} >merits of a system that cannot meet the above criteria.  
} 
}  I believe that the only criteria my proposals do not meet are those
}  which are not MIME and which you newly introduced.

I don't believe I've introduced anything new, nor anything that is not
MIME.  Does anyone other than Mr. Ritter disagree with me?

On Mar 6,  5:39am, Brad Knowles wrote:
} Subject: Re: Security Problems
}
} >  Perhaps you could explain to me what *you* mean by "*some*
} >  degree of security":

I agree generally with everything Brad said, with one exception:

} >  Does it mean that those who use secure e-mail must necessarily
} >  and by design announce this fact in plaintext headers?
} 
}     To the degree that RFC 1847 requires that the cryptographic
} algorithm be specifically named, yes.

I'd qualify that to say that it means that I believe that the standard
for use of secure email in a MIME framework has no choice but to support
this.  I do NOT assert that users who find this insufficient should
nevertheless be bound by it.  (Such an assertion would be unenforceable
anyway.)

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
schaefer@z-code.com                  Division of NCD Software Corporation
http://www.well.com/www/barts

Previous message: Dave Crocker: "Re: Draft of workshop notes"
In reply to: Raph Levien: "Re: Draft of workshop notes"