Ed Gerck wrote:

Anne & Lynn Wheeler wrote:

 > the issue then is what level do you trust the recipient, what is the

threat model, and what are the countermeasures.

if there is a general trust issue with the recipient (not just their key generating capability) ... then a classified document compromise could happen after it has been transmitted. you may have to do a complete audit & background check of the recipient before any distribution of classified document.

If the recipient cannot in good faith detect a key-access ware, or a
GAK-ware, or a Trojan, or a bug, why would a complete background
check of the recipient help?

Let's assume for a moment that a solution exists that satisfies your requirements. Since the recipient _must_ be able to read the document in the end, and is assumed to be incapable of securing their software, then the document is still available to third parties without the consent of the sender, is it not?

It seems to me that fixing the PK "problem" would in no way improve the senders situation given that threat model.



ApacheCon! 13-17 November! http://www.apachecon.com/

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to