Newsgroups: sci.crypt
Path: msuinfo!caen!zaphod.mps.ohio-state.edu!rpi!batcomputer!cornell!wayner
From: wayner@CS.Cornell.EDU (Peter Wayner)
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan19.222518.1870@cs.cornell.edu>
Sender: news@cs.cornell.edu (USENET news user)
Nntp-Posting-Host: thokk.cs.cornell.edu
Organization: Cornell Univ. CS Dept, Ithaca NY 14853
References: <1992Jan17.152633.39874@camb.com> <1992Jan18.014412.8142@decuac.dec.com> <22554.Jan1820.14.0392@virtualnews.nyu.edu> <1992Jan19.180615.18929@decuac.dec.com>
Date: Sun, 19 Jan 1992 22:25:18 GMT
Lines: 28

mjr@hussar.dco.dec.com (Marcus J. Ranum) writes:

>	Is there any way that someone could prove in court that a
>chunk of random data I send to a friend is encrypted using a given
>technology? Would forcing me to decode it to prove that it was
>encoded with (say) DES be forcing me to testify against myself?
>What if I encode something with (for example) RSA and then Xor
>a bogus message with it, and then claim in court that what I had
>actually transmitted was the bogus message via a one-time pad?

Probably not, but public-key encryption loses a few of its features
when you can't broadcast your public key far and wide. It would be
nice if you could put your RSA numbers in your .signature file for the
world, but that would be a tacit admission of a violation. If you're
going to keep your encryption method a secret, there is no real reason
to use RSA. The only venue left is when you need to send your public
key by insecure means. If someone intercepts the public key, it
doesn't compromise your messages. So Not all of them by any means, but
some.



>mjr.
-- 
Peter Wayner   Department of Computer Science Cornell Univ. Ithaca, NY 14850
EMail:wayner@cs.cornell.edu    Office: 607-255-9202 or 255-1008
Home: 116 Oak Ave, Ithaca, NY 14850  Phone: 607-277-6678

