Subject: |
Re: Making releases |
From: |
[email protected] (Alan K Biocca) |
Date: |
Tue, 14 Feb 95 14:13:20 PST |
Tony Cox writes:
> PGP has a more secure method for doing what we want. You encrypt the file for
> multiple users like this:-
>
> pgp -e R3.12.0.Tar Bob Chip Tony Alan Janet Uncle-Tom-Cobbly ...
First, a few notes here for collaborators not 'up' on this pgp-stuff:
Pgp -e uses public key encryption for a list of recipients. It actually
encrypts the message using private-key (IDEA algorithm) based encryption,
and then it uses public-key encryption to encrypt the random private key that
it selected for this particular message. Thus any intended recipient can
decrypt using his/her private key. Pgp automates all this detail so it
is easy to use.
Using public key encryption is not exactly 'more secure', but different
in the sense of key management.
What Tony is proposing is a good way of handling the problem as well, let's
take a look at the mechanics of each approach:
Private Key System:
Distributor:
initial preparation:
1. setup ftp-only account with password
2. get and install pgp
3. tar up the release
4. choose passphrase and encrypt
5. copy into account
6. notify & reveal account/passwd/file/key to recipients (if changed)
for each new customer:
1. verify customer, reveal account/passwd/file/key
Customer:
initial prep:
1. obtain and install pgp
for each release:
1. convince distributor to give access information (if changed)
2. ftp encrypted file
3. decrypt
Public Key System:
Distributor:
initial preparation:
1. setup anon ftp account & directory
2. get and install pgp
3. tar up the release
4. encrypt with current list of recipients
5. copy into anon ftp directory
6. notifiy recipients
for each new customer:
1. get & verify customer's public key
2. add to keyring
3. add customer's key id to encryption script
4. re-encrypt tarfile (keep copy of unencrypted tarfile or decrypt/encrypt)
5. notify customer
Customer:
initial preparation:
1. obtain and install pgp
2. generate a public key - private key pair
3. convey public key to distributor
4. convince distributor that it is the correct customer's key
5. wait for re-encryption
for each release:
1. access anon ftp and obtain encrypted file
2. decrypt
Summary:
Effort of public-key encryption is greater at startup for both distributor
and customer but new-key distribution is eliminated. The hard part in either
case is key management - in one case giving the correct parties the key, in
the other accepting public keys from the correct parties. The difficulty of
doing these are essentially equivalent. Even though public keys can be
emailed or posted without loss of security the verification process still
requires the same kind of secure channel and confidence that passing the
private keys requires.
I like Tony's public-key solution but it appears to be somewhat more work.
The private key system minimizes the distributor's effort for each new
customer.
The final choice should be by the distributor.
Alan K Biocca
- Navigate by Date:
- Prev:
Re: Making releases Jeff Hill
- Next:
Re: Making releases Bob Dalesio
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Making releases Jeff Hill
- Next:
Re: Making releases Bob Dalesio
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|