Re: Is PGP broken?

2000-12-02 Thread Russell Nelson 

Stefan Kelm writes:
 > BTW, what do you mean by "point-source PGP signing"?

Instead of leaving your key signing up to your friends, PGP could
benefit from a policy-based signature.  You could come up with any
number of policies:
  o This keyholder is a Mason/Scout/Rotarian.
  o This keyholder is a Catholic/Mormon/Lutheran/Quaker.
  o This keyholder paid $X to sign their key (where X is a number large
enough that key abandonment has consequences).
  o This keyholder has $Y in escrow, to be paid out under some
circumstances.
  o This keyholder has identified themselves to a Notary Public.  A
photocopy of the identification is on file.
  o And last but not least: this keyholder publishes their key's
signature weekly in the Sunday New York Times.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com | If I knew the
Crynwr sells support for free software  | PGPok | destination of the
521 Pleasant Valley Rd. | +1 315 268 1925 voice | handbasket, I never would
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | have gotten into it!

GCHQ Challenge

2000-12-02 Thread Markus Kuhn 

For those who haven't managed yet to solve the new GCHQ crypto challenge
on

  http://www.gchq.gov.uk/challenge.html

I have quickly written up the solution we found yesterday on

  http://www.cl.cam.ac.uk/~mgk25/gchq-challenge.html

As GCHQ is surely able to log and trace accurately who accesses the
above URL on our server, it would be best not to look at it if you want
to apply and impress their recruiters with finding your own solution.

Markus

-- 
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org,  WWW:

Cryptography Publishing Project makes MIT Kerberos V5 release 1.2.1 available

2000-12-02 Thread Marc Horowitz 

In order to provide people outside the US with access to open source
cryptography, the Cryptography Publishing Project is making MIT
Kerberos V5 release 1.2.1 available without restriction, in compliance
with the changes in US export regulations since January, 2000.

The Project was started to make open source cryptographic software
freely available in situations where it difficult to obtain the
software from its original authors.

Please visit the web site at  if you
wish to download Kerberos or if you have suggestions for other
software for us to host.

Marc

Re: Is PGP broken?

2000-12-02 Thread Peter Gutmann 

"Enzo Michelangeli" <[EMAIL PROTECTED]> (or someone, the quoting makes it difficult to
  tell) writes:

>If it may of any comfort (or perhaps enhanced desperation), the S/MIME
>community has similar headaches: in these days, the [EMAIL PROTECTED] list is
>debating whether, in S/MIME v.3, RSA should be made a MUST algorithm together
>with, or in alternative to, DSS and D-H. At this moment (RFC2630) neither RSA
>nor RC2 are MUST, so interoperability is not guaranteed with v.2 agents...

S/MIME interoperability is guaranteed because everyone ignores the RFC and does
RSA and RC2 (for backwards-compatiblity only) and 3DES first and everthing else
only if they have the time and/or budget.  Actually barring the RC2/40 vs 3DES
duality imposed by export controls, S/MIME is a lot more interoperable than
PGP, and certainly for signed messages any S/MIME mailer can handle the output
of any other S/MIME mailer.  OTOH I can't get different versions of PGP 2.x,
5.x, and 6.x to interoperate, which is why I'm one of the people who's sticking
to 2.x as the least painful option - although I have multiple versions
available of which at least one will eventually process a message if I try them
all in turn, most of the people I correspond with can't do this and 2.x
provides the best guarantee of interoperability.

Peter.

/. Yahoo delivers encrypted email

2000-12-02 Thread Eugene.Leitl 


http://news.yahoo.com/h/cn/20001129/tc/yahoo_delivers_encrypted_email_1.html

Wednesday November 29 03:00 AM EST
Yahoo delivers encrypted email 

By Paul Festa, CNET News.com

Yahoo has quietly introduced a way for people to send scrambled messages through its
email service.

As first reported in August, Yahoo is providing its email encryption
option through a deal with Zixit, a Dallas-based email encryption
firm. Yahoo will rout encrypted email through Zixit's
SecureDelivery.com Web site.

Yahoo and Zixit representatives declined to comment on the public
availability of the service and would not say whether it was an
across-the-board launch or a temporary test.

In papers filed with the Securities and Exchange Commission, Zixit
disclosed that the service would launch in the fourth quarter.

Whatever its scope, the introduction of the service makes Yahoo the
first major Web portal to offer encrypted email. So far, data
scrambling has been the province of tech-savvy computer users willing
to use products that require a software download, such as Network
Associates' Pretty Good Privacy.

Yahoo's competition in the free, Web-based encrypted email arena comes
from smaller players including Hushmail and ZipLip.

Some analysts have questioned the value of a mass-market encryption
product, suggesting that the odds of an email message being
intercepted are infinitely smaller than the danger of compromising
sensitive data stored on a lost computer or on a hacked Web server.

Yahoo's free encryption option handles outgoing email messages in a
multi-step procedure that the portal warns is not foolproof.

"Please be aware that this is not an end-to-end secure service," reads
an explanation of the service posted by Yahoo. "This option only
avails your recipient of a certain level of security in accessing and
reading the email message you are sending. Before your email message
is encrypted by SecureDelivery.com it is still subject to the inherent
limitations of a standard TCP/IP connection."

Yahoo's new system works like this: Once a message is composed, it
travels, unencrypted, to Yahoo, which sends it through a secure
connection to SecureDelivery.com. There, the message and any
attachments are scrambled.

SecureDelivery then sends the recipient the address to a Web page,
secured by Secure Sockets Layer ( SSL) and hosted by
SecureDelivery.com, where the message can be picked up and descrambled
for up to seven days.

Recipients first have to verify that they hold the specified email
account. They then can choose a "pass phrase" that will automatically
give them access to future messages.

Under the terms of the deal, Zixit will pay Yahoo at least $5.7
million during the next two years. On top of that, Zixit will give
Yahoo a cut of revenues "associated with Yahoo users."

Zixit this month landed a second major client, Entrust, which will let
people using its Entrust/Express encryption product send messages
through the SecureDelivery service if their email recipient doesn't
have an Entrust certificate. Under that deal, Entrust and Zixit will
divide usage fees and advertising revenues.

Yahoo delivers "secure" email

2000-12-02 Thread Ian Brown 

Why don't they use SSL between sender and Yahoo?!

http://news.cnet.com/news/0-1005-200-3901784.html?tag=st.ne.ron.lthd

Yahoo delivers encrypted email
By Paul Festa
Staff Writer, CNET News.com
November 28, 2000, 11:30 p.m. PT

Yahoo has quietly introduced a way for people to send scrambled messages
through its email service.

As first reported in August, Yahoo is providing its email encryption option
through a deal with Zixit, a Dallas-based email encryption firm. Yahoo will
rout encrypted email through Zixit's SecureDelivery.com Web site . . .

Yahoo's free encryption option handles outgoing email messages in a
multistep procedure that the portal warns is not foolproof.

"Please be aware that this is not an end-to-end secure service," reads an
explanation of the service posted by Yahoo. "This option only avails your
recipient of a certain level of security in accessing and reading the email
message you are sending. Before your email message is encrypted by
SecureDelivery.com it is still subject to the inherent limitations of a
standard TCP/IP connection."

Yahoo's new system works like this: Once a message is composed, it travels,
unencrypted, to Yahoo, which sends it through a secure connection to
SecureDelivery. There, the message and any attachments are scrambled.

SecureDelivery then sends the recipient to a Web page, secured by Secure
Sockets Layer (SSL) and hosted by SecureDelivery, where the message can be
picked up and descrambled for up to seven days.

Recipients first have to verify that they hold the specified email account.
They then can choose a "pass phrase" that will automatically give them
access to future messages . . .

Re: Is PGP broken?

2000-12-02 Thread Ian BROWN 

Bram Cohen wrote:
>What we really need is a system which just stops passive attacks. The best
>idea I've come up with so far is for all outgoing messages to have a
>public key attached, and if you have the public key of an email address
>you're sending to you use it

Indeed -- this is one of the current advantages of S/MIME over OpenPGP. 
Absolutely no reason why any PGP implementation shouldn't do it. This also 
allows you to do perfect forward secrecy: generate new short-life encryption
key pairs for each message, sign the public key with your longer-lived 
signature key, and include it in your message for the reply. See
http://www.ietf.org/internet-drafts/draft-brown-pgp-pfs-01.txt for an attempt 
by Adam Back, Ben Laurie and myself to standardise this and other PFS 
techniques for OpenPGP.

>The worst that could really happen is that I lose my key info, construct
>new stuff, and next time Russ sends me mail I respond 'sorry, but I lost
>my old private key, please send that last message again'.

A nice touch in a mailer would be to store sent messages in an "in transit"
folder until a signed receipt is received, either in an individual receipt
message or piggy-backed onto the reply, to help with this and other problems.

>The only real
>gotcha is that the first message is unencrypted, and that's not a big
>deal, especially when you know about it and always send a 'checking to
>make sure I got your address right' message to start things off.

Right. And we could all start putting our public keys into the DNS -- do NAI 
have any plans to put that functionality into their software (e.g. allow the 
key manager to communicate with an agent running on your local authoritative 
nameserver?)

Including your public signature key in signed messages also solves a 
gotcha with distributed keyserver systems, reverse lookup of keys by keyID.

Ian :0)

Re: Is PGP broken?

2000-12-02 Thread Ben Laurie 

Russell Nelson wrote:
> 
> Is it just me, or is PGP broken?  I don't mean any particular version
> of PGP -- I mean the fact that there are multiple versions of PGP
> which generate incompatible cryptography.  Half the time when someone
> sends me a PGP-encrypted message, I can't decrypt it.  Presuming that
> I'm right, is anyone attempting to fix PGP?
> 
> Not to mention anything about PGP keyservers, or the utter and
> complete absence of anybody doing point-source PGP signing.

Although it is broken the strategy I use is to use a 2.x generated key
with 5/6.x PGP versions. This seems to work pretty smoothly.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff