ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PGP evolving, improving

1997-11-24 01:56:36
from [Ian Grigg] [Permanent Link] 
David Sternlight wrote:


I became aware of the post below only indirectly. I'll comment.


David,
there are some things that are obviously wrong, and some things that
are, well, not quite absolutely wrong.  Regardless, this is not really a
forum for bashing PGP Inc and their product, although it seems like it
at times.

I'll just add what I know to your comments.


=====================8<===================



At 5:30 PM -0800 11/22/97, David Sternlight wrote:

And while you're introducing gratuitous issues unrelated to the

discussion,

why did PGP disable RSA key generation in Free PGP 5.0, and remove RSA
compatibility completely from Free PGP 5.5



Very simple.  How can we with good conscience allow users to generate
keys
which we don't feel meet our security standards?  We can't.  Case
closed.


This is a bogus explanation for two reasons:
1. PGP Inc. disabled RSA key generation in free PGP 5.0 but kept it in most
versions of pay PGP 5.0.


I agree that there are lot of questions here... 


2. Their "explanation" wasn't about RSA keys but the MD5 algorithm (see
below). Yet :
a. MD5 is a hash function not an encryption algorithm.


OK.  Actually there are concerns with PGP.  It is not with the RSA
algorithm, that remains strong, and it is not with the actual RSA
usage.  Rather, it is with the format of the 2.6 packets and
identifiers.

As I recall, the flaws are:

  * create an arbitrary ID, and therefore spoof a key server
  * create a key with the same fingerprint as another, under
    some conditions, and thus spoof the server/key.

For more detail, check out Gary's HIP-paper on
http://www.hotlava.com/doc/fag-pgp/  I should note that PGP Inc have
stated that all but one of the issues was known and fixed.

So there are problems with the old PGP system.  But, and it's an
important but, these (key) problems only effect keyservers in general. 
As most people don't use key servers, this is not a tremendous problem,
and certainly not justification for dropping the old formats.  It is of
course more important to PGP Inc as their products use key servers
automatically.

As to the MD5 weakness, yes, you are correct there: theoretical
weaknesses do not mean an unseemly dumping of the existing user base is
warranted.

-- 
iang                                      systemics.com

FP: 1189 4417 F202 5DBD  5DF3 4FCD 3685 FDDE on pgp.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PGP evolving, improving, David Sternlight
Next by Date:  Re: hand huffman encoding at PGP world HQ, David Formosa
Previous by Thread:  Re: PGP evolving, improving, David Sternlight
Next by Thread:  Re: PGP evolving, improving, Adam Back
Indexes:  [Date] [Thread] [Top] [All Lists]