----- Original Message -----
From: "Bram Cohen" <[EMAIL PROTECTED]>
To: "Russell Nelson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, November 29, 2000 10:55 AM
Subject: Re: Is PGP broken?
> What we really need is a system which just stops passive attacks. The best
> idea I've come up with so far is for all outgoing messages to have a
> public key attached, and if you have the public key of an email address
> you're sending to you use it. If you receive a different public key than
> one you saw before, you overwrite the old one.
Uhm, that sounds dangerous: what if Mallet sent me a mail faking your return
address, and attaching his public key? My reply to you would be readable by
him.
In S/MIME this trick of attaching the public keys works because the they are
signed by a trusted (well, sort of) third party, which rarely changes
keypair.
> This doesn't stop active attacks at all, but would be very easy to use.
Then, sending plaintext would be even easier :-)
If it may of any comfort (or perhaps enhanced desperation), the S/MIME
community has similar headaches: in these days, the [EMAIL PROTECTED] list
is debating whether, in S/MIME v.3, RSA should be made a MUST algorithm
together with, or in alternative to, DSS and D-H. At this moment (RFC2630)
neither RSA nor RC2 are MUST, so interoperability is not guaranteed with v.2
agents...
Enzo
