tech-security: Re: bpg request for comments

Subject: Re: bpg request for comments
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Curt Sampson <cjs@cynic.net>
List: tech-security
Date: 07/22/2005 11:02:25
On Thu, 21 Jul 2005, Steven M. Bellovin wrote:

> First, I suspect that there's some necessity to keep the (seriously
> ugly) gpg command line interface.

Why do you think so? I have a couple of thoughts on the matter.

The gpg command line interface is not congruent with how PGP actually
works. I would say that, though not a true expert in the field,
amongst the word population of computer technical people (programmers,
sysadmins), I know more than most about cryptosystems and the security
thereof, particularly asymmetric ones. It took me a relatively long time
and a lot of work to comprehend what GPG is actually doing, and mapping
that to the standard model of asymmetric cryptography. This leads me to
the following conclusions.

     1. The interface makes even experts more likely to make bad security
     decisions; non-experts are probably doomed to make bad security
     decisions. The interface is a big security problem.

     2. It's not possible to learn the standard model of asymmetric
     cryptography from the user interface, so non-experts are unlikely
     ever to understand what they are doing with GPG, which again creates
     security problems.

This in turn leads me to conclude that we should take explicit steps to
avoid replicating the GPG interface, and instead design a new interface,
one more transparent to how the whole system actually works, that will
avoid these problems. That one task would seem to me to be one of the
biggest contributions to the PGP world that this project could make.

> I'd very much prefer a set of much-simpler commands, with the
> gpg-compatible commands just as wrappers around the underlying
> better-designed primitives.

It might well probably be possible to write a more-or-less
gpg-compatable interface over the toolkit, if that were really desired.
I'm not sure how compatable in the end, you could really get; it's easy
to emulate "encrypt with the encryption key associated with primary key
associated with the ID identified by this string"; emulating the "key
management" (such as it is) is probably more difficult.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA