Path: utzoo!utgpu!watmath!att!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: news.software.b
Subject: Re: public key cryptography to eliminate/detect forged messages
Keywords: crypt kerberos usenet cancel
Message-ID: <12007@ulysses.homer.nj.att.com>
Date: 10 Aug 89 02:16:33 GMT
References: <1038@anise.acc.com>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 32

Sure, public-key cryptography would work, though the implementation
details can get tricky.  We knew that way back when, when we designed
the very first release of netnews.  It deliberately had no control
messages because we knew that short of cryptography there was no way to
authenticate them.

Why didn't we implement one?  Well, it's harder than you might think.
Bear in mind that what is needed is a system good enough to stand up to
a hacker or malicious legitimate user willing to crunch for a week in
the background on {spare|stolen} cycles on a large machine, while still
being cheap enough to run on a small one.  (If I need to, I can use
a Cray.  I'm not the only one.)

It's also unclear what algorithm to use.  RSA is patented (though the
patent hadn't been granted at the time).  Knapsack has been broken.
Other schemes are proposed regularly, but their worth is unclear.
Incidentally, we don't need public-key cryptography; what we need is
digital signatures, i.e., something that provides a (public key)
cryptographic checksum without necessarily providing secrecy.  The
distinction is important; there are a number of algorithms that provide
just the signature function.

I suspect that the best bet for the near term is to piggyback off of
the privacy-enhanced electronic mail being adopted for the Internet.
See RFC 1040 for details.  An agreement has been negotiated to use RSA
(*with* payment of licensing fees, thank you).  It may be both
technically easy and legitimate given the terms of the agreement with
RSA Data Security, Inc., to use much of the same code, formats, etc.
Unfortunately, I have not seen any public statement on just how the
licensing will work.

		--Steve Bellovin