[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Example: PGP-aware mailer



At 03:45 PM 4/5/96 -0500, hallam@w3.org wrote:
>Subj: Re: My comments on the X/Open PKI requirements document 


>I n response to carl's point on the User Interfrace 
>
>I remember trying to set up the secude X.5000 directory. This proved to
>be impossible because the documentation assumed that you were already
>operating within an sestablished x500 dierectory. The software would not
>accept a key unless it was authenticated by a pre-existing key. There
>did not seem to be an easy way of voverriding this.
>
>The point I am making is that we must consider not only the steady t
>state when ther is a global infrastructure in esistende . We must consider the
>path to steady state, if this is infeasible than a global key infrastructure
>is.

Very good point.

Let me start with a concrete example.

I have a mail reader [Eudora Pro on both Mac and Windows] which I like very
much.  I get occasional clearsigned messages, using PGP.  I have mailboxes
full of such and would like to see even more signed messages.

Eudora isn't PGP-aware, however.  So -- let's hypothesize a modification to
Eudora to make it aware and have it use the PGP messages already in my
mailbox.  [Ie., let's not hypothesize a change to PGP.]

First, we would have Eudora automatically recognize the signed message and
extract KeyID and signature.  It would look up the KeyID and, if it has the
key or can find it, check the signature.  In the titlebar/toolbar area for
that message, it would indicate one of the following:

1. public key not available (on a red background)
2. key available but signature doesn't verify (on a red background)
3. signature checked (on a blue background)

Furthermore, rather than show a Hex keyID, I would have it indicate the key
by using a nickname of the user's choosing.  If he hasn't defined a nickname
yet, it would generate one for him, eg.: "New00035".  At any time, he could
edit that nickname box and change the (key->nickname) mapping -- but only to
an unused name.  [I don't know if this would be tied to Eudora's existing
nicknames -- maybe, maybe not.  KeyIDs are not necessarily 1:1 with e-mail
addresses.]

Now that I have nicknames attached to keys, strictly for the user's use, I
need to protect that list.  I mustn't allow some hacker to change the
(key,name) binding I use.  Therefore, I could:

a) sign my own database of mappings
b) encrypt that database under a password (ie., store it wrapped)
c) sign each entry

If I choose (c) then I'm making personal certificates.  However, for
efficiency, I'd probably opt for (b) or (a).

--------------------

Notice, this gives me a trusted binding between keys and
names-which-mean-something-to-me but doesn't use any central PKI and
certainly doesn't need any global database of DNs.

I can hear X.509 defenders now, madly typing that this mechanism doesn't
give a global database of (name,key) bindings that I can trust.  Of course
it doesn't.  However, it does meet my needs and I'm still not convinced that
it is possible (in a philosophic sense) to create a global database of
bindings that mean anything to me.

 - Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |
+--------------------------------------------------------------------------+


Follow-Ups: