Re: encryption

Subject: Re: encryption
From: WJCarpenter (bill-abisource@carpenter.ORG)
Date: Wed Apr 25 2001 - 15:49:43 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: InSaNe: "Margins"
• Previous message: Tomas Frydrych: "Re: encryption"
• In reply to: Tomas Frydrych: "Re: encryption"
• Next in thread: Tomas Frydrych: "Re: encryption"
• Next in thread: Aaron Lehmann: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"

tomas> but I am not saying so much that we should exclude plain text
tomas> headers to increase security, but rather that there is no
tomas> technical need for such headers.

If you have an architecture where all the encryption is provided with
the AbiWord distribution, and it is not arbitrarily extensible, then I
agree with you.

I don't think that's the best architecture (for crypto and for a lot
of other things).

I think it is better to have an architecture that lets people add
things of their own divising. I would imagine something along the
lines of a few plaintext parameters and then a big blob of binary
stuff representing the object to be acted on.

OTOH, there is no reason that one of those "extensions" couldn't be
something like your built-in Blowfish stuff. It makes life simpler
for people who have the very common use case of just wanting to
protect love letters or whatever. Making that follow the same rules
of the road as the "true extensions" just gives symmetry and actually
enables those other extensions for people who have unusual use cases
(e.g., people who want to use a particular public key algorithm, for
example).

It would even be possible to have multiple embedded chunks of
encrypted stuff in a document with different parameters, analogous to
having different kinds of embedded graphics. I could make, for
example, a document to send to a few people with selected paragraphs
only decipherable to selected readers.

BTW, I completely understand your technical argument about a file with
nothing but encrypted data "can't be proved to hold encrypted data",
but I doubt it holds much legal weight. Even if the user did
something as simple as store them with extension ".eabw" or keep them
all in a directory called "MyDocs", I think it would lose in a
subpoena fight. And in places with traditions of human rights abuses,
it would matter even less.

PS:- Just in case my comments are seeming overly critical (instead of
appropriately critical), let me here applaud the fact that you've gone
as far as a prototype of this sort of stuff. Even if it went not much
further, the common use case of read-protecting a document so only the
author can read it is a pretty good feature. And I can prove that
it's not sour grapes because I long ago implemented a different
mechanism for unbreakable encryption for AbiWord:

  http://www.abiword.org/mailinglists/abiword-dev/00/July/0118.html

-- 
bill@carpenter.ORG (WJCarpenter)    PGP 0x91865119
38 95 1B 69 C9 C6 3D 25    73 46 32 04 69 D6 ED F3

• Next message: InSaNe: "Margins"
• Previous message: Tomas Frydrych: "Re: encryption"
• In reply to: Tomas Frydrych: "Re: encryption"
• Next in thread: Tomas Frydrych: "Re: encryption"
• Next in thread: Aaron Lehmann: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"

This archive was generated by hypermail 2b25 : Wed Apr 25 2001 - 15:48:47 CDT