NPR : E-Mail Encryption Rare in Everyday Use

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Mar 5 20:03:04 EST 2006 

Alex Alten <alex at alten.org> writes:
>At 03:13 AM 3/6/2006 +1300, Peter Gutmann wrote:
>> >Basically our customer required us to encrypt any team communications. So we
>> >used PGP with email.  I know the body of the email was encrypted, and I
>> >believe attachments were too.  The certs were used to "automate" the
>> >decryption.  Basically the PGP plugin would check the incoming mail's sender
>> >email name and try to find a local cert that had the same email name in it.
>>
>>Hmm, that sounds like broken software then, since the (probabilistically)
>>unique keyID to locate the appropriate decryption or signature verification
>>key is included in the message/signature - you never have to look at the From:
>>address, and indeed trying to use it for key lookups would be a recipe for
>>disaster because of the problems you pointed out.
>
>RFC 3280 states that an end entity's subject key id SHOULD be included. It is
>not a MANDATORY extension field, see section 4.2.1.2.  So the software is not
>technically broken.

Uhh, what does RFC 3280 have to do with PGP, which is what you said you were
using?  In any case if you are using X.509 certs, you match by subject DN (or
issuerAndSerialNumber for S/MIME), all of which serve the same function as the
PGP key ID.

>Since the key id is derived from the raw public key itself,  doesn't that
>defeat the purpose of automatically authenticating that the encrypted email
>is really from "fred at company.com"?

You use the PGP keyID or X.509 issuerAndSerialNumber to look up the key or
certificate, then display as the signer the identity associated with the key
or certificate.  What's in the "From:" address never enters into it, although
your software may choose to warn if the From: address doesn't match the email
address associated with the key.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list