Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site gatech.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!gatech!spaf
From: spaf@gatech.UUCP (Gene Spafford)
Newsgroups: net.news.stargate
Subject: Re: how to verify an article's submitter
Message-ID: <12022@gatech.UUCP>
Date: Thu, 14-Feb-85 10:58:19 EST
Article-I.D.: gatech.12022
Posted: Thu Feb 14 10:58:19 1985
Date-Received: Fri, 15-Feb-85 06:04:07 EST
References: <462@aquila.noao.UUCP>
Reply-To: spaf@gatech.UUCP (Gene Spafford)
Organization: The Clouds Project, School of ICS, Georgia Tech
Lines: 37
Keywords: public keys, cryptographic protocols
Summary: 

Jay presents a very nice solution to the verfication problem except for
a few problems -- one of which makes it unworkable.

Let's suppose for a moment that we do have a large enough, unique
enough key space.  Let us further suppose we have the appropriate
software to encrypt and decrypt mail, and a mail transport mechanism
which will pass encrypted mail and still adhere to the appropriate
Internet standards.  We'll also assume a reasonable encryption
function.

I write up an article which looks reasonable but which actually is
libelous in some form or another.  I encrypt it and send it to the
moderator.  It gets published.  As soon as I see it appear, I send
frantic sounding messages to the moderator, the keeper of the keys, and
my system administrator claiming that someone must have broken into my
account and found my key sitting in a file.  Better yet, I can claim
that I accidentally had the permissions on the file with my key set to
public-read.  Prove I didn't.  In fact, to cover myself, I don't
have to even send out those frantic-sounding messages.  I just have to
wait until someone complains.  The I can claim something like:
"I posted WHAT?  The entire Unix kernel?  Never!  I didn't do that!
Wait...now I understand why my news-key file was set to 644 (or
why the holder of "root" at my site was chuckling about how he
'was going to get even with me.'")

Don't put the key in a file, you say?  Make me.

Sorry.  Digital signature protocols generally assume that (at least)
the identity og the sender or the privacy of the key are a given.
We have a situation where both are not secure.  That turns the
situation into one that is much more difficult to deal with.

-- 
Gene "6 months and counting" Spafford
The Clouds Project, School of ICS, Georgia Tech, Atlanta GA 30332
CSNet:	Spaf @ GATech		ARPA:	Spaf%GATech.CSNet @ CSNet-Relay.ARPA
uucp:	...!{akgua,allegra,hplabs,ihnp4,linus,seismo,ulysses}!gatech!spaf