On Wed, Mar 25, 1998 at 07:26:16PM -0800, William Lewis wrote:
I may be missing something here, but it seems to me that
attempting to write this specification to completely
disallow subliminal/covert channels is a fool's errand.
It's already necessary that the PGP implementation be
trusted. Adding requirements such as this one (specifying
that the MessageID be externally verifiable) makes the
spec more complicated and more difficult to implement, but
doesn't actually increase security at all.
I completely agree. But those parts of the spec which are
already trying to shut down such channels should be
written in a more thorough fashion. I'd be quite happy
with _random_ Message IDs - if an implementation has a bad
random generator, you are in trouble anyways.
tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1