Re: PGP 6.5/PGPnet Announcement!
At 01:14 PM 4/6/1999 -0700, Jim Gillogly wrote: >Michael Paul Johnson wrote: >>> Of course this is dangerous, but there is a demand for it. Not everyone >>> wants bomb-proof security. ... The real cure, of course, is to so >>> tightly and easily integrate security into email that it is as easy >>> as this to use, but not as risky. > >Steven M. Bellovin responded: >> There's bomb-proof security, and there's "security" that itself is a time >> bomb. I fear that self-extracting decryptors are much closer to >> the latter than to the former -- very much closer. > >I agree with Steve about this part. These programs are much like >the active email bogosities, which should never be allowed to >operate without the user's informed consent -- and I don't regard >accepting Windows defaults as constituting informed consent. But >supplying weak cryptography to people even with caveats can give >them a fatally false sense of security. If they could tell at a >glance that their communications were weak, they might use them >more safely. Of course. This problem can be solved by providing the recipient with a "real" security program instead of a "self-decrypting" executable, then sending the encrypted data separately. Of course, this is also subject to the very same active attack. The attacker merely forges a message from you, offering an upgrade to the "real" security program that sereptitiously also mails the password(s) and/or plaintext back to him, and hopes that the recipient doesn't notice the lack of a digital signature. ___ Michael Paul Johnson http://ebible.org/mpj
Re: PGP 6.5/PGPnet Announcement!
> > There's bomb-proof security, and there's "security" that itself is a time > > bomb. I fear that self-extracting decryptors are much closer to > > the latter than to the former -- very much closer. At this stage, it's hard to see much justification for self-extracting crypto any more. There are widely available MTAs including Microsoft's Outlook Express that do a decent job with S/MIME. Outlook Express lets you store correspondents' public keys in your address book, so it's literally one click to encrypt messages in a reasonably secure fashion. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: PGP 6.5/PGPnet Announcement!
Michael Paul Johnson wrote: >> Of course this is dangerous, but there is a demand for it. Not everyone >> wants bomb-proof security. ... The real cure, of course, is to so >> tightly and easily integrate security into email that it is as easy >> as this to use, but not as risky. Steven M. Bellovin responded: > There's bomb-proof security, and there's "security" that itself is a time > bomb. I fear that self-extracting decryptors are much closer to > the latter than to the former -- very much closer. I agree with Steve about this part. These programs are much like the active email bogosities, which should never be allowed to operate without the user's informed consent -- and I don't regard accepting Windows defaults as constituting informed consent. But supplying weak cryptography to people even with caveats can give them a fatally false sense of security. If they could tell at a glance that their communications were weak, they might use them more safely. > You encrypt things because you think someone is trying to read > them: if no one is trying to read a file, why protect it? However, I disagree strongly with this. If you encrypt only the most sensitive material and someone is trying to read your mail, they know exactly which bits to concentrate on. If you encrypt all your mail routinely, you've increased your opponent's traffic analysis problem immensely -- especially if there is no external indication of the relative importance of the messages. -- Jim Gillogly Sterday, 15 Astron S.R. 1999, 20:01 12.19.6.1.10, 12 Oc 3 Uayeb, Third Lord of Night
Re: PGP 6.5/PGPnet Announcement!
In message <[EMAIL PROTECTED]>, Michael Paul Johnson write s: > > Of course this is dangerous, but there is a demand for it. Not everyone > wants bomb-proof security. I wrote a self-decrypting archive program once, > and the people using it are happy with it. It would be easy, of course, to > substitute any malicious code you please, but sometimes that threat is much > less concern than the fact that some people just plain wouldn't use any > crypto at all without this option. The real cure, of course, is to so > tightly and easily integrate security into email that it is as easy as this > to use, but not as risky. There's bomb-proof security, and there's "security" that itself is a time bomb. I fear that self-extracting decryptors are much closer to the latter than to the former -- very much closer. You encrypt things because you think someone is trying to read them: if no one is trying to read a file, why protect it? Self-decrypting files are vulnerable to the simplest of active attacks. That in turn is likely to leak the password to all the other files. (Yes, one can come up with elaborate key management schemes to avoid that -- but if you're going to go to that much trouble, why not just install a real security package?) What you really have is a level of security about equivalent to rot13 or commercial telegraphy codes. You're safe against casual eyeballing -- someone happens to see it -- say, a system administrator working on the mail system -- but won't bother to decrypt it. You have no protection beyond that. Sure, there's demand for it. There's also demand for all sorts of other service that, if not illegal everywhere, aren't precisely looked upon with favor by most segments of society. More or less by definition, most folks on this list are in the security business. We're not helping our own reputations if we peddle snake oil. And if neither the moral aspect nor the practical aspect worry you, try the legal side of things -- explain the whole situation to a lawyer, and ask how strong a disclaimer and a warning you need to protect you against a lawsuit -- a lawsuit that may bankrupt you even if you win because your warning was strong enough. (As an aside, this morning I happened to see some other site peddling a similar product. But another product on the same Web page advertised versions of the software with algorithms approved for British government use by CESG. I wonder if they had to take out this particular misfeature from that version of the product...)
Re: PGP 6.5/PGPnet Announcement!
At 10:21 PM 4/5/1999 -0400, Steven M. Bellovin wrote: >The rest of the hype aside -- and without DNSsec, their claims about >securing the whole Internet through IPsec are overblown -- this part >strikes me as very dangerous: > > 2. Self-Decrypting Archives. You may now encrypt >>files or folders into Self-Decrypting Archives >>(SDA) which can be sent to users who do not >>even have PGP. The archives are completely >>independent of any application, compressed >>and protected by PGP's strong cryptography. > >How, pray tell, can this work? The only comparable products I've seen >work by incorporating the decryption software into a executable that you >mail to your victim, er, correspondent. This person then runs the program >they received in the mail, which then prompts them for the key... (As >an aside, I once had to explain to someone why this was an absurd >concept. "But how does your enemy know what sender to impersonate?" This, >in a threat environment sufficient to merit encrypting email) ... Of course this is dangerous, but there is a demand for it. Not everyone wants bomb-proof security. I wrote a self-decrypting archive program once, and the people using it are happy with it. It would be easy, of course, to substitute any malicious code you please, but sometimes that threat is much less concern than the fact that some people just plain wouldn't use any crypto at all without this option. The real cure, of course, is to so tightly and easily integrate security into email that it is as easy as this to use, but not as risky. ___ Michael Paul Johnson http://ebible.org/mpj
Re: PGP 6.5/PGPnet Announcement!
The rest of the hype aside -- and without DNSsec, their claims about securing the whole Internet through IPsec are overblown -- this part strikes me as very dangerous: 2. Self-Decrypting Archives. You may now encrypt >files or folders into Self-Decrypting Archives >(SDA) which can be sent to users who do not >even have PGP. The archives are completely >independent of any application, compressed >and protected by PGP's strong cryptography. How, pray tell, can this work? The only comparable products I've seen work by incorporating the decryption software into a executable that you mail to your victim, er, correspondent. This person then runs the program they received in the mail, which then prompts them for the key... (As an aside, I once had to explain to someone why this was an absurd concept. "But how does your enemy know what sender to impersonate?" This, in a threat environment sufficient to merit encrypting email) Most of us know that cryptography is only part of the answer to system security, and that back doors can render useless even the strongest ciphers. But this isn't a back door, it's the front gates wide open, to admit the most obvious of Trojan horses. I'm not sure where the impetus for this came from, though I'll note that one of NAI's competitors has a product with a similar "feature". Isn't bug compatibility wonderful?
PGP 6.5/PGPnet Announcement!
--- begin forwarded text Date: Mon, 05 Apr 1999 16:58:51 -0700 From: Will Price <[EMAIL PROTECTED]> Subject: PGP 6.5/PGPnet Announcement! To: [EMAIL PROTECTED] Sender: <[EMAIL PROTECTED]> List-Subscribe: <mailto:[EMAIL PROTECTED]?subject=subscribe%20mac-crypto> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PGP 6.5 was released today to much fanfare. This afternoon at the Network Associates Colliseum "The Net" in Oakland prior to the opening of the baseball season there, Network Associates announced its Active Security product line of which PGP 6.5 is the client desktop solution. There are a number of exciting new features in PGP 6.5, the highlights of which are summarized below. This message is being sent to the users, and may have more details than our press releases. For more information, you may wish to read the long list of NAI press releases from today. PGPnet is clearly the lion's share of the additions in PGP 6.5. The summary below cannot possibly do it justice. PGPnet is a complete IPSec implementation for Windows and Mac. Total TCP/IP security, interoperable with other vendors and even interoperable with X.509 certificates and other PKIs. PGPnet is not just a VPN (Virtual Private Network) solution. PGPnet is, to use a phrase that I believe John Gilmore coined, a RPN (Real Private Network). It allows secure connections to any other PGPnet/IPsec host on the internet regardless of whether you have communicated with that host previously, without preconfiguration of that host. If everyone ran PGPnet or another RPN client, the whole Internet could be secure. PGPnet supports authentication with OpenPGP keys, X.509 certificates from the Network Associates Net Tools PKI, VeriSign OnSite, and Entrust (in beta), and also supports non-certificate based authentication with Shared Secret where both parties simply hold a common passphrase. Unlike TLS/SSL and other transport layer security protocols, PGPnet sits at the IP layer, and thus is able to encrypt and authenticate all traffic rather than just web traffic. Indeed, PGPnet can even be used to secure third party videoconferencing apps, file transfers, web sites, email servers, and pretty much anything you can run over TCP/IP. Some details: * Today's announcement coincides with the immediate availability of PGP Desktop Security 6.5 for Windows NT 4.0 only, and only the Desktop Security version has been released. This product is mainly for enterprise level users. * The Windows 95/98 and Macintosh versions will ship later this quarter, Q2 '99 as PGP 6.5.1. All the usual Personal and Freeware versions will be available then, and source code will be printed. All of the features below are implemented on all the platforms, although the wording below may be somewhat Windows-specific because today's release is only for NT. _ NEW FEATURES IN 6.5.0 1. PGPnet. PGPnet is a landmark product in the history of PGP. PGPnet secures all TCP/IP communications between itself and any other machine running PGPnet. It is also fully interoperable with the Gauntlet GVPN gateway providing a complete solution for corporate remote access VPNs using the industry standard IPSEC (Internet Protocol Security) and IKE (Internet Key Exchange) protocols. It is also interoperable with other IPSEC products that implement the standard. 2. Self-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDA) which can be sent to users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography. 3. X.509 Certificate and CA Support. PGP is now able to interoperate with the X.509 certificate format. This is the format used by most web browsers for securing the transfer of web pages. PGP supports the request of certificates from Network Associates' Net Tools PKI, and VeriSign certificate authorities. X.509 certificates are analogous to a PGP signature, so you can even request X.509 certificates on your existing PGP key. This feature can also be used to interoperate with existing VPN solutions based on X.509. 4. Automated Freespace Wiping. PGP's Freespace Wipe feature now allows you to use the Windows Task Scheduler to schedule periodic secure wiping of the freespace on your disk. On the Macintosh, this feature is implemented through AppleScript support. 5. Hotkeys. The Use Current Window feature has been significantly enhanced by the addition of Hotkeys. By pressing the configured key combination, the Encrypt/Decrypt/Sign functions can be automatically invoked in 0 clicks without using PGPtray. On the Macintosh, this feature adds the ability to use Command key equivalents to PGPmenu. - -- Will Price, Architect/Sr. Mgr., PGP Client Products Total Network Security