PGP Article?

PGP Article?

Post by Barna8 » Sat, 07 Jun 2003 00:33:12



A financial company we are beginning to do business with is requesting
secure end-to-end e-mail (authentication not encryption).  We
suggested using PGP to sign our e-mails.  They balked stating PGP was
for encryption and not a good solution for authentication (or
verifying sender).  I know that is incorrect, but am looking for a
good article or white paper (from a respected source) on that aspect
of PGP.  Have looked on the various PGP sites, but most deal with the
strength of the encryption, etc which is not exactly what I'm looking
for.  Any help is appreciated!

Thanks

Barna8us

 
 
 

PGP Article?

Post by Billie H. Clee » Sat, 07 Jun 2003 03:21:17


Check out page 16

http://www.pgp.com/products/whitepapers/pgp_introtocryptography.pdf

 
 
 

PGP Article?

Post by David Ros » Sat, 07 Jun 2003 13:06:17


See my <http://www.rossde.com/PGP/pgp_signatures.html>.  

--

David E. Ross
<http://www.rossde.com/>  

Concerned about someone snooping into your E-mail?
Use PGP.  See my <http://www.rossde.com/PGP/>

 
 
 

PGP Article?

Post by Andrew Gideo » Sat, 07 Jun 2003 23:30:02



> See my <http://www.rossde.com/PGP/pgp_signatures.html>.

The "California Regulation" section was interesting.  But I was surprised
that there was no mention of "deep authentication".  That is, how is it
known that the fingerprint, keytype, and key size were actually provided by
the party in question (as opposed, for examaple, to someone committing a
"man in the middle" type of attack)?

I know that this was addressed by your paper further down, in the "trust"
section.  But what I'm interested in what the CA regulation requires.

I'm going through the regulation at
<http://www.ss.ca.gov/digsig/regulations.htm>, but I'm little confidence in
my reading of this.  I see that 22003.a.1.D.v specifically approves PGP.  
However, 22003.a.1.D is written such that all of the conditions must be
met, and 22003.a.1.D.iv mentions the requirement for a CA.

So...it looks like PGP can be used, but iff the public key has been signed
by an approved CA.  

Do any of those CAs approved by the state sign PGP keys?

        - Andrew

 
 
 

PGP Article?

Post by Andrew Gideo » Fri, 13 Jun 2003 03:04:16


I didn't get a response to this, so I thought perhaps it should get its own
- more descriptive - subject line.  The question is about California's
"approval" of PGP use colliding with California's specification that an
approved certificate authority must be involved.

        - Andrew

[...]

Quote:> I'm going through the regulation at
> <http://www.ss.ca.gov/digsig/regulations.htm>, but I'm little confidence
> in
> my reading of this.  I see that 22003.a.1.D.v specifically approves PGP.
> However, 22003.a.1.D is written such that all of the conditions must be
> met, and 22003.a.1.D.iv mentions the requirement for a CA.

> So...it looks like PGP can be used, but iff the public key has been signed
> by an approved CA.

> Do any of those CAs approved by the state sign PGP keys?

>         - Andrew

 
 
 

PGP Article?

Post by Thomas Vincen » Fri, 13 Jun 2003 06:42:17


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alot of government agencies I have seen will use PGP even when they
have a CA. Or are waiting for a CA. Just because PGP is more widley
deployed and supported then digital certificates are. Plus, things
like the Federal Bridge Certificate Authority (allows different
Federal agencies CA's to communicate) seem to be even less widley
supported.

To sum it up, PGP is used when either a) CA's are not yet supported,
b) you are communicating with a 3rd party that doesn't support
digital certificates.

Cheers,
Tom



> I didn't get a response to this, so I thought perhaps it should get
> its own  - more descriptive - subject line.  The question is about
> California's  "approval" of PGP use colliding with California's
> specification that an  approved certificate authority must be
> involved.

>         - Andrew


> [...]
> > I'm going through the regulation at
> > <http://www.ss.ca.gov/digsig/regulations.htm>, but I'm little
> > confidence in
> > my reading of this.  I see that 22003.a.1.D.v specifically
> > approves PGP. However, 22003.a.1.D is written such that all of
> > the conditions must be met, and 22003.a.1.D.iv mentions the
> > requirement for a CA.

> > So...it looks like PGP can be used, but iff the public key has
> > been signed by an approved CA.

> > Do any of those CAs approved by the state sign PGP keys?

> >         - Andrew

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPueiLrinvnTMZ1jLEQKNfQCglHSF3GVKeGlEsSEzDKn6B5kKo6cAn1Lz
7QbY69/Yr0bzDdNGcFAUPrjj
=QQCg
-----END PGP SIGNATURE-----

--


SteelHouse Labs                http://www.steelhouselabs.com
Mac OS X Security Blog:    http:/www.steelhouselabs.com/blog/macsec

 
 
 

PGP Article?

Post by Andrew Gideo » Fri, 13 Jun 2003 06:55:14



> Alot of government agencies I have seen will use PGP even when they
> have a CA. Or are waiting for a CA. Just because PGP is more widley
> deployed and supported then digital certificates are. Plus, things
> like the Federal Bridge Certificate Authority (allows different
> Federal agencies CA's to communicate) seem to be even less widley
> supported.

> To sum it up, PGP is used when either a) CA's are not yet supported,
> b) you are communicating with a 3rd party that doesn't support
> digital certificates.

I'm sorry, but I don't understand.  For example, as far as I know,  
certificate authorities are not excluded by PGP.  What is not done, at
least in GnuPG, is the inclusion of CA certificates with the application
and with a predefined trust level.  

But there is nothing which prevents, for example, Verisign from publishing a
PGP key and encouraging people to trust it.

So PGP can be used with or without the involvement of certificate
authorities.  And this was the crux of my question.  California appears to
both (1) permit the use of PGP and (2) require the use of an approved
certificate authority.  But for this to have meaning, at least some subset
of the approved certificate authorities must be willing to sign PGP keys.

I checked the websites of a couple, and found no mention of this.  In fact,
I also found no page from which those CAs' certificates (in any format)
could be downloaded.  That entire exercise left me confused about the
California-approved certificate authorities, and what support they provide
for PGP.

        - Andrew

 
 
 

PGP Article?

Post by Thomas Vincen » Sat, 14 Jun 2003 06:01:18


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> I'm sorry, but I don't understand.  For example, as far as I know,
>  certificate authorities are not excluded by PGP.  What is not
> done, at  least in GnuPG, is the inclusion of CA certificates with
> the application  and with a predefined trust level.  

> But there is nothing which prevents, for example, Verisign from
> publishing a  PGP key and encouraging people to trust it.

PGP is based on a web-of-trust model where the level of trust is
defined by the community. Verisign is based on a centeralized model
where the trust is based on the credibility of the CA.

Quote:> So PGP can be used with or without the involvement of certificate
> authorities.  And this was the crux of my question.  California
> appears to  both (1) permit the use of PGP and (2) require the use
> of an approved  certificate authority.  But for this to have
> meaning, at least some subset  of the approved certificate
> authorities must be willing to sign PGP keys.

The fact that a CA signs a PGP cert means nothing unless I trust that
CA. It is no different then you signing Tom M.'s key. If don't trust
you it is worthless.

Lots of state and federal agencies in the US use PGP because they are
still rolling out Entrust or some other vendor. The spirit of the law
I think is that, you can use PGP but we prefer you use a CA.
Something is better then nothing. The law though has room for
clarification by the legislator.

Quote:> I checked the websites of a couple, and found no mention of this.
> In fact,  I also found no page from which those CAs' certificates
> (in any format)  could be downloaded.  That entire exercise left me
> confused about the  California-approved certificate authorities,
> and what support they provide  for PGP.

Verisign has no support for PGP. PGP and Verisign both can use the
certificate form x.509. That is the extent of their involvment,
period.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQD1AwUBPujqEtwA/esdIRr/AQLwZwb/afKXixo2qsJK2+FHfh+Q61yal9z6gKcf
m05w+zCf5hcNCO5sirLCgyCC4cUDIlWS/9LDd5GB/5I8vKQUCcBhvyJwVVx6xIEm
kh06sKqLBT8hd8Bt2HSXZXsfzw7eM8+d8fSdjEgOkwbvmZqZyxbjGU7GhUtrTXYY
NpUw4hzaeLvp6TfA2u6QTwDEEw+4zaMzFnhSs1nrfrSuZquQt/Fl6XzdNXp8whJg
bLyZeT6FCaG8aH8DSEZLNK3bNsZYU+Q6wC2DPpSDW4FjQAYE7GpNbJpDA2mHNcbn
wPi+/d1gfvs=
=6jgp
-----END PGP SIGNATURE-----

--


SteelHouse Labs                http://www.steelhouselabs.com
Mac OS X Security Blog:    http:/www.steelhouselabs.com/blog/macsec

 
 
 

PGP Article?

Post by Andrew Gideo » Sun, 15 Jun 2003 01:39:57



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1



>> I'm sorry, but I don't understand.  For example, as far as I know,
>>  certificate authorities are not excluded by PGP.  What is not
>> done, at  least in GnuPG, is the inclusion of CA certificates with
>> the application  and with a predefined trust level.

>> But there is nothing which prevents, for example, Verisign from
>> publishing a  PGP key and encouraging people to trust it.

> PGP is based on a web-of-trust model where the level of trust is
> defined by the community. Verisign is based on a centeralized model
> where the trust is based on the credibility of the CA.

But nothing - at least technically - prevents a certificate authority from
also participating in a community through which trust is defined.

Quote:>> So PGP can be used with or without the involvement of certificate
>> authorities.  And this was the crux of my question.  California
>> appears to  both (1) permit the use of PGP and (2) require the use
>> of an approved  certificate authority.  But for this to have
>> meaning, at least some subset  of the approved certificate
>> authorities must be willing to sign PGP keys.

> The fact that a CA signs a PGP cert means nothing unless I trust that
> CA. It is no different then you signing Tom M.'s key. If don't trust
> you it is worthless.

Of course.  But that's true whether we're speaking of a "web of trust" or
the centralized model in which certificate authorities prefer to operate.  
In the browser "market", for example, trust is defined by what is shipped
with the browser software.  Too few are too ignorant of how a new CA
certificate may be inserted.  In fact, the very idea is a black hole to
most people.

This is interesting because it establishes a barrier to the entry of new
root CAs.

Quote:> Lots of state and federal agencies in the US use PGP because they are
> still rolling out Entrust or some other vendor. The spirit of the law
> I think is that, you can use PGP but we prefer you use a CA.
> Something is better then nothing. The law though has room for
> clarification by the legislator.

I cannot speak to the "spirit" of the law, as I'm not in California so I'm
not aware of what discussions occurred prior to its passage.  But the
actual wording seems to define a market for certificate authorities:
signing PGP keys.

As we're speaking of state agencies, I could see "management" (ie.
California authorities) mandating that system administrators install and
mark as ultimately trusted the PGP certificates for the approved
certificate authorities.  

Again, going back to the actual wording of the law, PGP use would appear to
be precluded unless the public keys being used were signed by approved
certificate authorities.  Use of PGP with public keys not signed in this
fashion would appear to violate the law.

But is it possible to satisfy this requirement?  Are the approved
Certificate Authorities actually willing to (or required to) operate in the
PGP market?  I can see strong motivation why they'd *not* choose to do so.  
But the state *could* mandate this as a requirement for state approval.

Is this a law which appears to permit something, but which provides no means
through which that permission may be exercised?  If so, did the certificate
authorities sneak this past the state legislature?  Was it an accident
committed by nontechnical authors of the law?

This is which is part of why I find the issue so very interesting.  

        - Andrew

 
 
 

PGP Article?

Post by Paul Henrichs » Mon, 16 Jun 2003 15:31:38



> So PGP can be used with or without the involvement of certificate
> authorities.  And this was the crux of my question.  California appears to
> both (1) permit the use of PGP and (2) require the use of an approved
> certificate authority.  But for this to have meaning, at least some subset
> of the approved certificate authorities must be willing to sign PGP keys.

> I checked the websites of a couple, and found no mention of this.  In fact,
> I also found no page from which those CAs' certificates (in any format)
> could be downloaded.  That entire exercise left me confused about the
> California-approved certificate authorities, and what support they provide
> for PGP.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fristly, I know of no CAs which support (or encourage) PGP use. Many X.509
certs are used for S/MIME encryption.  

It is possible to use an X.509 cert in PGP. There are however some caveats.
First, the cert as it comes from a CA is not self signed. It is only signed
by the CA.  When it is imported to PGP it thus shows as being invalid or
revoked (http://www.pgpsupport.com/displaydoc.asp?docid=172&CategoryId=6)
If the cert is signed in PGP and then distributed, it will be usable by
people using PGP.  

The PGP enterprise version has some additional capabilities when it comes to
interacting with a CA.

- --Paul
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GS d(-) s-; a C++(+)$ U L+ E? W+(+) N++ o? w++ !O M V PS+(--)
PE++ Y+ PGP++$ t+ 5 X+ R+(++) tv(--) b++(+) DI++ D G e h r% y
- ------END GEEK CODE BLOCK------

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPuwSwMAKPcpjJcATEQIKzgCfXNmH+jqwQEoq1BbZjN2tj4mjh8wAn0XM
gSmYpMqWWsGI95Qdg401anB6
=mkvd
-----END PGP SIGNATURE-----

 
 
 

PGP Article?

Post by Thomas Vincen » Wed, 18 Jun 2003 03:35:27




> But nothing - at least technically - prevents a certificate authority from
> also participating in a community through which trust is defined.

Very true.

Quote:> >> So PGP can be used with or without the involvement of certificate
> >> authorities.  And this was the crux of my question.  California
> >> appears to  both (1) permit the use of PGP and (2) require the use
> >> of an approved  certificate authority.  But for this to have
> >> meaning, at least some subset  of the approved certificate
> >> authorities must be willing to sign PGP keys.

> > The fact that a CA signs a PGP cert means nothing unless I trust that
> > CA. It is no different then you signing Tom M.'s key. If don't trust
> > you it is worthless.

> Of course.  But that's true whether we're speaking of a "web of trust" or
> the centralized model in which certificate authorities prefer to operate.  
> In the browser "market", for example, trust is defined by what is shipped
> with the browser software.  Too few are too ignorant of how a new CA
> certificate may be inserted.  In fact, the very idea is a black hole to
> most people.

Trust is not defined by which certificate authorities ship with the
browser. Trust is defined by you trusting the issuer.

Quote:> This is interesting because it establishes a barrier to the entry of new
> root CAs.

Sure, but when does to many Root CA's become a problem? We are
eventually going to get to the point that ever organization is going to
have a Root CA.

Quote:> > Lots of state and federal agencies in the US use PGP because they are
> > still rolling out Entrust or some other vendor. The spirit of the law
> > I think is that, you can use PGP but we prefer you use a CA.
> > Something is better then nothing. The law though has room for
> > clarification by the legislator.

> I cannot speak to the "spirit" of the law, as I'm not in California so I'm
> not aware of what discussions occurred prior to its passage.  But the
> actual wording seems to define a market for certificate authorities:
> signing PGP keys.

Ambiguity in the law.

Quote:> Again, going back to the actual wording of the law, PGP use would appear to
> be precluded unless the public keys being used were signed by approved
> certificate authorities.  Use of PGP with public keys not signed in this
> fashion would appear to violate the law.

The CA could also be the state of California. PGP Enterprise allows
administrators to manage keys. So every organization could have its own
"CA's."

Quote:

> But is it possible to satisfy this requirement?  Are the approved
> Certificate Authorities actually willing to (or required to) operate in the
> PGP market?  I can see strong motivation why they'd *not* choose to do so.  
> But the state *could* mandate this as a requirement for state approval.
> Is this a law which appears to permit something, but which provides no means
> through which that permission may be exercised?  If so, did the certificate
> authorities sneak this past the state legislature?  Was it an accident
> committed by nontechnical authors of the law?

This is why we have lawyers.

Quote:> This is which is part of why I find the issue so very interesting.  

What it boils down to really is that attorney general needs to issue a
opinion for clarificaiton of the law.

--


SteelHouse Labs                http://www.steelhouselabs.com
Mac OS X Security Blog:    http:/www.steelhouselabs.com/blog/macsec

 
 
 

PGP Article?

Post by Andrew Gideo » Wed, 18 Jun 2003 06:37:52



> It is possible to use an X.509 cert in PGP.

Unless I'm missing something, this isn't really an issue.  A certificate
authority would be free to issue a public PGP key; it's not limited to
providing public keys in X.509 format.

        - Andrew

 
 
 

PGP Article?

Post by Andrew Gideo » Wed, 18 Jun 2003 06:36:08


[...]

Quote:>> Of course.  But that's true whether we're speaking of a "web of trust" or
>> the centralized model in which certificate authorities prefer to operate.
>> In the browser "market", for example, trust is defined by what is shipped
>> with the browser software.  Too few are too ignorant of how a new CA
>> certificate may be inserted.  In fact, the very idea is a black hole to
>> most people.

> Trust is not defined by which certificate authorities ship with the
> browser. Trust is defined by you trusting the issuer.

Most people have no idea that there are "certificates" in the software they
download or buy, much less an understanding of what a "certificate" is.  
That situation makes "trust" an interesting concept to define.  "Trust" is
normally a voluntary action, but in this case we see what could be called
"involuntary trust through ignorance".

I think it a reasonable approximation to state that trust, for those people,
is defined by what certificates their browser vendors include in the
software as "trusted".  I'm certainly open to different ways to phrase
this, though.

Quote:>> This is interesting because it establishes a barrier to the entry of new
>> root CAs.

> Sure, but when does to many Root CA's become a problem? We are
> eventually going to get to the point that ever organization is going to
> have a Root CA.

How would that come about?  It's easy for anyone to self-sign a certificate
and declare themselves a certificate authority, true.  But will those new
certificate authorities be trusted by a signficant portion of the
population?  

Perhaps I should ask a different question: what does it take to get a
certificate included, and marked as ultimately trusted, in software being
shipped?

Quote:>> > Lots of state and federal agencies in the US use PGP because they are
>> > still rolling out Entrust or some other vendor. The spirit of the law
>> > I think is that, you can use PGP but we prefer you use a CA.
>> > Something is better then nothing. The law though has room for
>> > clarification by the legislator.

>> I cannot speak to the "spirit" of the law, as I'm not in California so
>> I'm
>> not aware of what discussions occurred prior to its passage.  But the
>> actual wording seems to define a market for certificate authorities:
>> signing PGP keys.

> Ambiguity in the law.

As I read it, it's not so much "ambiguity" as it is an appearance of
permitting something without actually permitting it.  It may be accidental
or malicious, but - again, as I read it - this law does *not* permit the
use of PGP...unless one or more approved certificate authorities are
willing to sign PGP keys.

Quote:>> Again, going back to the actual wording of the law, PGP use would appear
>> to be precluded unless the public keys being used were signed by approved
>> certificate authorities.  Use of PGP with public keys not signed in this
>> fashion would appear to violate the law.

> The CA could also be the state of California. PGP Enterprise allows
> administrators to manage keys. So every organization could have its own
> "CA's."

Ah, I did miss that.  Yes, that makes a huge difference.

Quote:>> But is it possible to satisfy this requirement?  Are the approved
>> Certificate Authorities actually willing to (or required to) operate in
>> the
>> PGP market?  I can see strong motivation why they'd *not* choose to do
>> so. But the state *could* mandate this as a requirement for state
>> approval.

>> Is this a law which appears to permit something, but which provides no
>> means
>> through which that permission may be exercised?  If so, did the
>> certificate
>> authorities sneak this past the state legislature?  Was it an accident
>> committed by nontechnical authors of the law?

> This is why we have lawyers.

I think instead that this is why we've lobbyists, but that's not a happy
thought.

Quote:>> This is which is part of why I find the issue so very interesting.

> What it boils down to really is that attorney general needs to issue a
> opinion for clarificaiton of the law.

Hmm.  

        - Andrew

 
 
 

1. An accurate article on PGP, S/MIME, IETF

Computerworld, a good, gray, non-sensationalistic journal which checks its
stories carefully, has published a factual article about the PGP and S/MIME
standardization efforts with respect to the IETF in
http://cwlive.cw.com:8080/home/online9697.nsf/All/970919email18222
Note that this article is more recent than the wild exaggerations and
inaccurate assertions published earlier by others.

The article confirms one report here that all the nonsense about S/MIME being
rejected was just that--baloney (and I assert, in part a propaganda attempt by
PGP supporters). As one poster here commented, the only problem was that the
S/MIME backers missed a deadline to submit a request to form a working group
with the IETF.

"Seizing the opportunity, a rival group, led by RSA competitor Pretty Good
Privacy, Inc. in San Mateo, Calif. quickly assembled and proposed a new
specification, dubbed Open PGP. But S/MIME backers held a developers' workshop
earlier this month, and sources who attended that meeting said the S/MIME work
will be submitted to the IETF within a month."

Industry watchers now think the outcome will be dual specifications.

I have been corresponding with one of the senior people in the PGP working
group, and as a consequence it is my opinion that PGP will likely fall apart
on the following basis:

1. Either they use IDEA as a required element or they don't.
2. If they do, they have no basis for trying to get the IETF to reject RSA. In
fact Pretty Good Privacy Inc. has less control over IDEA (it's not theirs)
than RSADSI has over RSA (that IS theirs, in effect).
3. If they don't it's a totally new crypto-system (as far as the coding and as
far as any field experience and testing). Might as well be called "Fred" as
"Open PGP". The group will not be able to appeal to PGP's popularity nor its
field experience as a basis for IETF support--instead they will have to start
from scratch.
4. Since S/MIME has considerable field experience and is out there in
significant numbers, this gives S/MIME a big head start despite PGP's tactical
attempt. Before the IETF can approve Open PGP there would need to be
considerable field experience (as there would with S/MIME), particularly since
this is a crypto system. (Classical PGP fans are very fond of this argument
when it cuts their way with respect to PGP vs. some new system.) Since S/MIME
will be ahead in that race, it will (other things being equal) likely be
approved first if the responsible IETF process is conducted fairly and not
cooked to favor PGP. That, plus the massive commercial installed base, should
be decisive in the mass market.

David

2. Is it legal to throw exceptions from ?: expressions?

3. Forbes article on Zimmermann, PGP, Microsoft hardening of the arteries?

4. x-box beta, yet no x-box

5. ask zero article testing and first article testing

6. Notice to my customers

7. vi and pgp (was: mutt & pgp 6.5.8)

8. Backup/Cartridge Drives

9. Command Line PGP or PGP DLLs

10. PGP plugin 4.9.5 [PGP 7 crash fix and more] for Pegasus Mail released

11. PGP plugin 4.9.4 [improved PGP/MIME and QP handling] for Pegasus Mail released

12. PGP 8.0 Enterprise: PGP standards for key creation process

13. PGP plugin 4.9.1 [PGP 8 support] for Pegasus Mail released