Mailing List Archive

Mailing List: techdiver

Banner Advert

Message Display

Date: Wed, 15 Nov 1995 01:28:56 -0500 (EST)
From: Phil Pfeiffer <phil@es*.ed*>
To: a-davnor@mi*.co*
Cc: techdiver@terra.net
Subject: RE: E-Mail letter of authenticity, was: IANTD(UK) - no way!

> Electronic verification is still in its infancy.  If you have a sure fire 
> way of making sure of identity, you're going to be a very rich person.

I'm sorry to post a follow-up to techdiver, but I don't think this remark 
should go unchallenged.

Mr. Davnor's comment, to me, implies that people don't know how to implement
workable schemes for verifying identity with a reasonably high probability.  
[**Sure fire** is probably unworkable in any case, given that any system can
be compromised, e.g., from within, as intelligence agencies and phone phreaks
have repeatedly demonstrated.]

If this was, indeed, the intent of Mr. Davnor's remark, then he is simply 
mistaken.  Public key encryption has been around since the mid-1970's, 
and at least one solid implementation of public key encryption has been 
in the public domain for the last few years:  Phil Zimmerman's PGP.  
[reference:  _PGP: Pretty Good Privacy_, Garfinkel, ISBN 1-56592-098-8, 
O'Reilly Press--and this book really is readable by a knowledgeable 
layperson]. 

Briefly, as other readers of this list have pointed out, you guarantee 
your e-mail's authenticity by 

-.  creating two "keys" (i.e., numeric passwords);  
-.  publishing one key as a public key;  
-.  getting trusted friends to vouch that the key you publish as a public 
    key really is your key; and
-.  encrypting part of your e-mail with your private key in a way that makes
    this encryption dependent upon the integrity of the message as a whole.

That encrypted part of your letter is your "digital signature".
And if others can't decrypt a digital signature on a note that you send
using your public key, then that note simply wasn't encrypted with your
private key--or the note was tampered with en route to its destination.

Several of my students routinely use digital signatures to guarantee the
authenticity of their more important notes.

And there is already at least one firm--a European firm other than 
Microsoft--that sells digital signature technology (that is, besides the 
firm established by the inventors of RSA).

The issue as I see it, unlike Mr. Davnor, is not one of technology, but 
one of marketing and patent rights.  The market, as a whole, isn't quite 
ready for digital signatures (not enough bad experiences with forged 
notes, and encryption does take a little time to do .... just how much is 
another issue not worth beating on in techdiver).  Furthermore, the original
public key encryption algorithm was patented through the late 1990's, I 
believe.  Expect to see technology marketing firms like Microsoft jump 
into digital signatures once the patent on the original RSA algorithm 
goes public.

Interestingly enough, as Manuel Blum (of Berkeley, or of USC, I think?) 
pointed out at a talk in April at Yale's annual comp sci symposium,
**any** reasonably complicated problem (e.g., graph isomorphism) could be 
used in place of factoring prime numbers--the public key algorithm's 
approach to guaranteeing security.

> But, nothing still beats the telephone call to the certifying agency if you 
> are in doubt.  A log book entry by a instructor is prove enough, with the 
> call.  

Here we agree.  As long as you're not paranoid about tampering with the 
phone system.

> Maybe the answer is electronic verification by secure e-mail link (direct 
> dial to certification agency).  

Or by marketing PGP (or the like) to the masses.  But this is not a 
technological problem.

======

By the way, on the subject of spoofing e-mail:  yes, any idiot with 
enough training can do it.  Many do:  witness postings to this group.  
My students have done it on occasion, and I've heard that there are 
CD-Roms that will instruct you in the art.

However, the spoofing of e-mail, to me, seems about as ethical as spreading
false rumors, forging checks, or other forms of not-so-petty dishonesty.
And since integrity is an important element of credibility, and since I 
teach for a living, I have not made a point of learning how to forge.

Just one other thought.  E-mail is such an eminently crackable protocol 
because it, like other TCP/IP tools, were invented in a day when people 
where primarily concerned with using computers to do work, and not with 
playing electronic CYA  [a relatively recent concern, given the explosion
and commercialization of the Internet.]  It should not suprise--or 
frankly impress--anyone on this list, therefore, that forging is possible...
just, perhaps, as it should not suprise anyone that the old conventions 
for filling tanks with gas--which were invented in an era before Nitrox 
became common and people started to fill tanks with any gas they damn 
well please to use--are apparently about to become much less workable.

-- Phil

=====
 Phil Pfeiffer, Computer Sci. Dept.  |  Kindness in thought leads to wisdom.
 East Stroudsburg University,        |  Kindness in speech leads to eloquence.
 East Stroudsburg, Pa.  18301-2999   |  Kindness in action leads to love.
 phil@es*.ed*    (717) 422-3820      |                            -- Lao-Tsu

Navigate by Author: [Previous] [Next] [Author Search Index]
Navigate by Subject: [Previous] [Next] [Subject Search Index]

[Send Reply] [Send Message with New Topic]

[Search Selection] [Mailing List Home] [Home]