Newsgroups: sci.crypt
Path: msuinfo!caen!sdd.hp.com!think.com!paperboy.osf.org!osf.org!karger
From: karger@osf.org (Paul A. Karger)
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan24.144351.1471@osf.org>
Sender: news@osf.org (USENET News System)
Organization: Open Software Foundation
References: <VLADIMIR.92Jan19174508@ronnie.Eng.Sun.COM> <XoFZeB2w163w@coyote.datalog.com> <15015@ncar.ucar.edu> <10541@lectroid.sw.stratus.com>
Date: Fri, 24 Jan 1992 14:43:51 GMT
Lines: 30

In article <10541@lectroid.sw.stratus.com>, cme@ellisun.sw.stratus.com (Carl Ellison) writes:
|> In article <15015@ncar.ucar.edu> prz@sage.cgd.ucar.edu (Philip Zimmermann) writes:
|> >as its weakest link.  Many lay people mistakenly believe that RSA is
|> >intrinsically stronger than any conventional cipher.  It's not.  RSA
|> >can be made weak by using weak keys, and conventional ciphers can be
|> >made strong by choosing good algorithms.
|> 
|> 
|> More to the point, conventional ciphers are often attacked through their
|> key management -- or key re-use for lack of a way to secretly communicate
|> fresh, randomly chosen keys each message.  RSA gives a secure way to 
|> communicate those fresh keys with each message -- making the conventional
|> system stronger than it would otherwise have been.

Sloppy key management can be just as bad a problem with public key as it can
with conventional ciphers.  For example, assume that everyone's public key
is printed in the telephone book (or equivalent).  How do you know that you
are reading the REAL telephone book?   The public keys have to be digitally
signed by some trusted authority, so that you know they are real.  What if
you lose the private key that corresponds to your public key?  You now need
a new pair of keys, and the telephone book must be updated.  What if the 
signature authority gets compromised?  How do you find out the new public key of 
the signature authority?  etc, etc...

The point is that using cryptography of any kind is a tricky business and 
simple errors can compromise the best ciphers.  Public key definitely makes
some aspects of key management easier and less prone to simple errors.  The 
fact that the public key does not need special protection is the heart of 
that advantage.  However, that does not mean that actual use of public key
is trivially easy - just somewhat easier than conventional ciphers.
