Anne & Lynn Wheeler wrote:
> the issue then is what level do you trust the recipient, what is the
threat model, and what are the countermeasures.
if there is a general trust issue with the recipient (not just their key generating capability) ... then a classified document compromise could happen after it has been transmitted. you may have to do a complete audit & background check of the recipient before any distribution of classified document.
If the recipient cannot in good faith detect a key-access ware, or a GAK-ware, or a Trojan, or a bug, why would a complete background check of the recipient help?
Talking about trust, it is important to note that when the email is sent the recipient is already trusted not to disclose. But even though the recipient is trustworthy his environment may not be. It is not a matter of personal trust or "complete background checks". This may all be fine and, unknown to the recipient, the key might be weak, on purpose or by some key-access "feature" included in the software (unknown to the user). Or, the PKC software may have a bug (as PGP recently disclosed).
Loss from disclosure is also something that is much more important for the sender. If the recipient's public-key fails to be effective in protecting the sender, the sender's information is compromised. That's why I make the point that PKC for email has it backwards: the sender should not be at the recipient's mercy.
PKC for email also reverses the usual business model, because the recipient is not so interested in protecting the sender or paying for the sender's security. The sender would.
Regarding the use of PKC to sign emails, I see no problems using PKC. The sender has the private-key, has the incentive to keep it secure, and uses it to sign when he so desires. The sender does not need to rely on the recipient, or receive anything from the recipient, in order to sign an email. The problem with PKC email signature is PKI. However, email signature can also be done without PKI, by PGP.
Cheers, Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]