ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: GAK/CDR workarounds

1997-10-27 10:06:18
from [David Hayes] [Permanent Link] 
At 08:35 AM 10/27/97 GMT, Lindsay Mathieson wrote:

PMJI, but to me, there seems to be a very simple fix for users, if they wish
to prevent their messages being decrypted by third-parties.
When replying with a GAK/CDR compliant applictaion, it would seem reasonably
easy to encrypt the message twice, i.e. embed a standard PGP encrypted
message inside a GAK/CDR encrypted message.


Yes, Lindsay, this does the job. It's called "superencryption". It is
difficult for any cryptosystem to stop this, because it's impossible to
predict what the user might select for the first, "inner" encryption. 

Of course, many likely encryption programs are known. If you choose
PGP-inside-GAK, the standard PGP headers are recognizable. While the
government will likely not be able to read your PGP-protected message, they
could know that it's there. Under the current proposal in [US] Senate bill
909, simply the existence of the PGP message would land you in prison. 

The trick is not to send messages that the adversary can't read, but to
send messages that the adversary can't _discover_. 

The government could know that the inner PGP message is there, if they
decode the outer GAK "wrapper". There are two ways they could learn this.
First, you could be the subject of an investigation. During the course of
this investigation, they present probable cause to a magistrate, obtain a
warrant, and decrypt your messages using your GAK key from their database.
The FBI promises me that they will always operate this way. 

The second method is that the government just routinely decrypt every
message, using some undocumented back door access to the GAK database. In
this case, they subsequently claim an "anonymous informant" tipped them
off, get a warrant, and  then legally open your message. "What's this,"
they ask? Why, an illegal PGP message! (Insert astonished look on faces of
government agents.) When they introduce the evidence at your summary trial,
they have a warrant to explain how they got the message in the first place. 

The opportunities for government corruption are staggering, which is one
reason many GAK opponents _are_ GAK opponents. Governments have never been
able to resist temptation for very long.

--
David Hayes                                       
David(_dot_)Hayes(_at_)MCI(_dot_)Com
Switch Systems Engineering                        voice: 972-918-7236
MCI Communications, Inc.                               VNET: 777-7236
--If these thoughts were MCI's official opinions, the line above would
--read "MCI - Law & Public Policy Department".
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MUST versus SHOULD in application decisions, Lutz Donnerhacke
Next by Date:  Re: KeyIDs and Key Fingerprints, stewarts
Previous by Thread:  Re: GAK/CDR workarounds, Lutz Donnerhacke
Next by Thread:  What this WG is doing, John W. Noerenberg
Indexes:  [Date] [Thread] [Top] [All Lists]