Anne & Lynn Wheeler wrote:

> the issue then is what level do you trust the recipient, what is the
threat model, and what are the countermeasures.

if there is a general trust issue with the recipient (not just their key generating capability) ... then a classified document compromise could happen after it has been transmitted. you may have to do a complete audit & background check of the recipient before any distribution of classified document.

If the recipient cannot in good faith detect a key-access ware, or a GAK-ware, or a Trojan, or a bug, why would a complete background check of the recipient help?

Talking about trust, it is important to note that when the email is sent
the recipient is already trusted not to disclose. But even though the
recipient is trustworthy his environment may not be. It is not a matter of
personal trust  or "complete background checks". This may all be fine
and, unknown to the recipient, the key might be weak, on purpose or by
some key-access "feature" included in the software (unknown to the user).
Or, the PKC software may have a bug (as PGP recently disclosed).

Loss from disclosure is also something that is much more important for
the sender. If the recipient's public-key fails to be effective in
protecting the sender, the sender's information is compromised. That's
why I make the point that PKC for email has it backwards: the sender
should not be at the recipient's mercy.

PKC for email also reverses the usual business model, because the
recipient is not so interested in protecting the sender or paying
for the sender's security. The sender would.

Regarding the use of PKC to sign emails, I see no problems using
PKC. The sender has the private-key, has the incentive to keep it
secure, and uses it to sign when he so desires. The sender does not
need to rely on the recipient, or receive anything from the recipient,
in order to sign an email. The problem with PKC email signature is
PKI. However, email signature can also be done without PKI, by PGP.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to