Anne & Lynn Wheeler wrote:

At 12:53 PM 9/16/2004, Ed Gerck wrote:

If the recipient cannot in good faith detect a key-access ware, or a
GAK-ware, or a Trojan, or a bug, why would a complete background
check of the recipient help?

a "complete audit and background check" ... would include an audit of the recipient ... not just the recipient person .... but the recipient ... as in the recipient operation.

I agree with you that more checks is usually better. But if you are talking about someone else verifying the recipient's machine, we're talking about what seems to me to be a much worse security risk. Who exactly would you trust to verify your machine and potentially read your decrypted email and other documents? A "neutral" third-party? Just allowing a third-party to have access to my machine would go against a number of NDAs and security policies that I routinely sign. Further, in terms of internal personnel doing it, we know that 70% of the attacks are internal. The solution to my email security problem should not be installing a back-door in your machine.

(snip) the leakage of a classified document wouldn't solely be restricted to technical subversion.

The leakage of a classified document has a number of aspects to consider in order to prevent it, as we all know. From the sender's viewpoint, however, what strategy should have the most impact in reducing leakage of a classified document? It seems clear to me that it is in avoiding anything that is not under control or cannot be directly verified by the sender. In other words, it should be more effective to eliminate the sender's reliance on the recipient's public-key (the sender cannot control or verify whether the key is weak or not) than do yet another background check of the recipient operation. Even if the recipient passes today, it may be vulnerable tomorrow. The sender can't control it.

Cheers--/Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to