"Arnold G. Reinhold" wrote:
>
> At 10:15 PM +0100 9/12/2000, Ben Laurie wrote:
> >"Arnold G. Reinhold" wrote:
> >>
> >> I had some more thoughts on the question of Man in the Middle attacks
> >> on PGP. A lot has changed on the Internet since 1991 when PGP was
> >> first released. (That was the year when the World Wide Web was
> >> introduced as well.) Many of these changes significantly reduce the
> >> practicality of an MITM attack:
> >>
> >> 1. The widespread availability of SSL.
> >> SSL might be anathema to the PGP community since it depends on a CA
> >> model for trust distribution, but it has become ubiquitous and every
> >> personal computer sold these days includes an SSL enabled browsers
> >> and a set of certs. If Bob fears he is under MITM attack, he can use
> >> SSL to tunnel out. Several companies, such as hushmail.com, are
> >> already using SSL to offer secure e-mail services. These can be used
> >> directly by Bob to ask people at random to verify the version of
> >> Bob's public key at the various PGP key servers.
> >>
> >> An even better approach would be to use SSL to secure connections to
> >> PGP key servers in different parts of the world. This would force an
> >> MITM to subvert all the key servers as a minimum.
> >
> >There's really nothing stopping an implementation of SSL that uses PGP
> >for key verification. All that's really required at the end of the day
> >is some ASCII (to check the server name) and a public key, verified
> >according to the requirements of the, err, verifier.
> >
>
> Allowing SSL to accept PGP keys might be handy in other contexts, but
> not here. If Bob wants to rule out a MITM attack and he somehow has
> an active PGP key (other than his own) that he trusts, he can simply
> send PGP-encrypted mail asking that key holder to verify Bob's public
> key at the key servers.
>
> The value of SSL in this context is that every PC comes with a set of
> certs that can be used to validate an SSL link. (Mine came with 66
> certs) Bob can walk into any computer store and buy a PC or a Windows
> disk off the shelf. Unless the MITM attacker has access to the
> private portion of these keys (perhaps a risk if your expected threat
> is United Spooks of Earth), and is willing to risk that compromise
> being exposed, his electronic bubble is pierced.
I was addressing "SSL might be anathema to the PGP community since it
depends on a CA model for trust distribution".
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
