Craig Brozefsky on Thu, 21 Oct 1999 18:12:32 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> (fwd) risks@csl.sri.com: Risks Digest 20.62 {excerpted]


t byfield <tbyfield@panix.com> writes:

> [<...> = omissions. i'm glad someone finally noticed that this
>  supposedly 'self-destructing email' from disappearing inc. is
>  subject to a *very* subtle attack: cut and paste. and then of
>  course there's that famous security hole that hackers exploit
>  every day: 'Save As...' ([X] Include headers). must've been a
>  wily venture capitalist who invested in that one. --cheers, t]

Nearly every crypto system has this problem.  This is also knows as the
sabateur problem, and as I mentioned before, it is not something which DI
is attempting to solve. 

The RISKS letter had a much more subtle critique than what you are
implying above.  That is, that the requirement that I contact a remote
server to decrypt the email is friction introduced into the system, which
the user will attempt to minimize.  For workstation on a LAN with a
reliable connection to the key server friction is quite low, almost
unnoticeable.  For a jet-setting execs, or anyone else who handles mail
offline (most users outside the united states where local calls are time),
the friction can be quiet great.  They don't have a permanant connection
to a server wheneve they want to read a DI messge, and so they might save
local copies of the decrypted version, anticipating they will be operating
unconnected for awhile. 

This differs from PGP or other crypto systems where keys are stored
locally, because with PGP you can always decrypt the message, even 35k
feet above Germany in a 747. 

In these situations, users may agree to the policy DI is trying to
enforce, but as anyone who has attempted to set network usage policies,
you cannot make policy what you cannot enforce. 

It remains to be seen wether a system with these limitations can still be
a succesful legal tool.  My hunch is that this may be enough for the CTO
to deny that they have any copies of old email when the subpeonas come,
but common-sense is dangerous when thinking about the US legal system. 
The issues there are much different than in the realm of security.  I'm
interested in seeing the legal attacks against DI, as that is where it's
attempting to operate, and it's success hinges on that primarily. 

-- 
Craig Brozefsky                         <craig@red-bean.com>
Free Scheme/Lisp Software     http://www.red-bean.com/~craig
"riot shields. voodoo economics. its just business. cattle 
 prods and the IMF." - Radiohead, OK Computer, Electioneering

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net