( ESNUG 329 Item 9 ) --------------------------------------------- [9/22/99]
Subject: ( ESNUG 327 #8 328 #10 ) Fundamental Hole With PGP IP Encryption
> PGP uses "Public Key Encryption" rather than the traditional "Private
> Key" mechanism. Rather than having a single key for the document, the
> PGP uses two keys: 1 public and 1 secret. Data may be encrypted with
> either key, and decryption requires the opposite key.
>
> - David Black
> Qualis Design Austin, TX
From: [ Play It Again, Sam ]
John,
There's an important issue related to IP encryption which hasn't been
addressed. We have determined that since users cannot be trusted, the key
has to be embedded into the tool. We are also saying that not all tool
vendors can be trusted with the key... The reality is that a tool vendor
doesn't even need a key to steal the IP! Remember, the tool always needs
to read the decrypted source. And no one can prevent a tool vendor from
making the tool write out a decrypted IP. The vendor could, for example,
trigger the 'write' based on some secret command line option!
This problem can't be solved by using an encryption scheme, but nevertheless
needs to be dealt with before IP encryption can used effectively.
Assuming this problem doesn't exist, and the tool vendor cannot be trusted
with key, an alternative encryption scheme would be to split the key between
the tool vendor and the user. (i.e one portion of the key is embedded in
the tool, and the other portion is with the user.) This way neither of them
can steal the IP on their own.
- [ Play It Again, Sam ]
P.S. John, if you decide to publish this, please keep me anonymous.
|
|
