At 03:13 AM 3/6/2006 +1300, Peter Gutmann wrote:

>Basically our customer required us to encrypt any team communications. So we
>used PGP with email.  I know the body of the email was encrypted, and I
>believe attachments were too.  The certs were used to "automate" the
>decryption.  Basically the PGP plugin would check the incoming mail's sender
>email name and try to find a local cert that had the same email name in it.

Hmm, that sounds like broken software then, since the (probabilistically)
unique keyID to locate the appropriate decryption or signature verification
key is included in the message/signature - you never have to look at the From:
address, and indeed trying to use it for key lookups would be a recipe for
disaster because of the problems you pointed out.

RFC 3280 states that an end entity's subject key id SHOULD be included. It is
not a MANDATORY extension field, see section 4.2.1.2.  So the software is
not technically broken.

Since the key id is derived from the raw public key itself, doesn't that defeat
the purpose of automatically authenticating that the encrypted email is really
from "[EMAIL PROTECTED]"?  I'm assuming a naive email user on the receiver
side that never manually maps the key id to "[EMAIL PROTECTED]".  Most
general users sort of understand the email name format, it's a bit much to force them to map a cryptic looking key id to it too. Especially considering the user might have dozens or hundreds of people on their mailing list. Mapping mistakes
would be common.

I won't mention the questions regarding certificate revocaton vs user email name.
:-)

- Alex


--

- Alex Alten


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to