Re: comments on PGP *5*
Joseph Carter writes:
> [1 <text/plain; us-ascii (quoted-printable)>]
> On Mon, Sep 14, 1998 at 09:42:25AM -0600, Neale Pickett wrote:
>> >> IIRC PGP5 can be configured, by your sysadmin, to automatically
>> >> encrypt a outgoing message session key with a "corporate
>> >> public-key" in addition to the recipient's public-key. And that
>> >> PGP5 can be configured to refuse to decrypt messages when the
>> >> session key was not encrypted with the "corporate public-key". As
>> >> I understand it this NOT key-escrow.
>> >>
>> >> AFAIK PGP5 does not provide a mechanism to force you to send a
>> >> copy of your private key to an "Offical Key Escrow Authority". And
>> >> that the "key-recovery" feature has no effect on users of "PGP For
>> >> Personal Provacy" (the non-corporate version).
>> >>
>> >> Please correct me if I am wrong...
>>
>> > I believe you are, but I haven't got (nor do I want) a windoze box
>> > to test it.
>>
>> He isn't wrong about the escrow. Nobody gets your key. What happens
>> is that your business key also gets the corporate key added on to it.
>> So when someone encrypts to your business key, they're also
>> encrypting to the corporation. This is not key escrow.
> You guys are right. I found the old report I was sent which warns of
> this. The wording was different, emphasizing the forced compromise
> and pointing out that the non-commercial 5.x versions enforce this,
> while the 2.x versions never would.
The non-commercial version only forces you to encrypt to all public keys
in a selected public key block. It has no notion of adding a second key
to your own public (or private) key.
> The danger of a version which you cannot stop the gov't from getting
> transparent access to your encrypted mail (worse than key escrow) is
> there, but the good news is that we can always be sure this isn't the
> case by using the source---ohno! WHAT source?? This version of pgp
> rarely offers you source with which to protect yourself!
Well, you can write off and get the printed source code mailed to you in
bound volumes. This is how PGP5i was born. You can now download the
source code at www.pgpi.com. In any case, the key format is well
documented. It would be easy to check to see if you have just one key,
or one key and a mystery key you've never seen before, in your public
key.
> Hint: NEVER EVER accept binary-only encryption.
This is good advice, but please check the facts before you go making
claims. The entire (stated) reason that PGP 5's source is available in
printed form is to deal with this very problem.
>> > The problem you outline still allows your employer (or anyone with
>> > access to the corporate private key, whether authorized or not--do
>> > you trust your pointy-hair's security methods and
>> > pass{words,phrases}?) to view any mail encrypted to you.
>>
>> This is true. This is why you don't want to use the commercial
>> version of PGP for personal mail, because only the commercial version
>> does this. If you're trying to receive private email at work (and
>> that's okay with your employer), then just generate two seperate
>> keys--one with the commercial version, and one with the personal
>> version.
> You don't want to use the personal version with the key you use at
> work either.
Well, no, you wouldn't want to use your work key for personal use, would
you? Since it is, after all, your *work* key. You would probably want
to use your *personal* key for personal use. If you really want to
shoot yourself in the foot, though, you can probably find a way.
>> > Essentially it circumvents the security provided by PGP.
>>
>> No, it allows your company to take reasonable steps to accessing
>> corporate data. You wouldn't object to the company giving you a safe
>> to keep the aircraft designs locked in if they wanted to have the
>> combination, would you? The safe is provided for company use only.
>> If you want your own safe, nobody's stopping you from going out to
>> Wal-Mart and buying one, and then you don't have to share the
>> combination with anyone. This is exactly what the situation is with
>> PGP.
> ...by circumventing the purpose, that only someone with private key
> and pass phrase can decrypt mail. The proper way of allowing this
> would be to give a copy of the private key to your boss, extracting it
> in plain form directly to floppy (you DO NOT EVER put an unencrypted
> key on your hard drive unless you are EXTREMELY stupid) Your boss then
> encrypts the key with his or the company's pass phrase---which should
> be kept locked in a secure but offsite location.
Remember that with PGP the same key is used to sign as to encrypt.
Giving away your encryption key would also be giving away your signing
key, which would mean that you'd want another, seperate signing key. In
that case, you've just described key escrow, as used in products like
Entrust.
The purpose of what PGP5 does is not to let the government sniff your
files. Although it could be used for that purpose if you were to, say,
purchase the special "NSA" version of PGP5, which adds the govt. public
key to yours without telling you.
The purpose of what PGP5 *commercial* version does is to allow companies
to function in the event of a loss of you. When you generate a key with
the *commercial* version, and if the admin has set it up to do so, then
you get the corporate public key added to yours. When you generate a
key with the *personal* version, nothing like that happens. When you use
any version to send mail to a dual-keyed public key, it encrypts to both
of them.
So just make your own personal key. No problem. PGP had to market to
commercial users, who wanted some sort of key escrow-like mechanism for
very legitimate reasons. So they added this. IMHO and in the HO of
many others, it's a heck of a lot better than key escrow. But the real
point is that is has no bearing on you, the personal edition user, as
long as you can remember to encrypt suggestions for ITAR addendums with
the key for president@whitehouse.gov and the tawdry love-grams with the
key for billc@dc-isp.com.
> Congratulations, your boss or his successors may read email sent to
> your corporate key without compromise to the security of PGP or even
> to your pass phrase. You DID wipe or outright destroy that floppy
> didn't you? Probably an extended stay on a bulk eraser would
> eliminate any useful magnetic traces, even if you're paranoid. And
> the process can be automated with a batch file (or even a compiled
> batch file) to make sure nobody screws it up. And YES, you can have
> batch files in windoze! I used them all the time, they automate a
> great deal and are fairly powerful if you're running them under 4dos
> as I was.
> Oh wait. There's no way a pointy hair would understand all of that.
Really. PGP isn't out to get you. Remember, good ol' Phil had a nice
lengthy interchange with the government. The last thing he'd want to do
is let Uncle Sam compromise his baby. He (Phil) has come up with a very
reasonable solution to the problem.
--
Neale Pickett, propellerhead Contact information in headers
Los Alamos National Laboratory, Network Engineering Group (CIC-5)
Reply to: