PGP/MIME considered harmful for mobile
dshaw at jabberwocky.com
Mon Feb 28 04:02:08 CET 2011
On Feb 27, 2011, at 9:38 PM, Robert J. Hansen wrote:
>> I disagree with this. Obviously a bad signature doesn't say much (except perhaps "check your mail system - it's breaking things"), but there is still value in the continuity between multiple signed messages. It's important to not make of that more than it is: for all I know there are 200 people all sharing key 1CF3A917, but it does raise the bar for someone who wants to claim to be Martin.
> I used to believe this, up until John Moore, John Clizbe and I did a small experiment on PGP-Basics. We all shared a certificate and used it to sign our emails. It was literally weeks before anyone noticed.
> Continuity is a great idea, but based on my own (limited and anecdotal) experience, it does not play a significant role in the real world. Unfortunately, I don't have anything more empirical to stand upon than that one ad-hoc experiment!
I'm not at all surprised that you had those results. A limited subset of people have support for OpenPGP signatures. A limited subset of those people actually verify signatures. A limited subset of those people actually pay attention to what those signatures say.
Still, that experiment doesn't exactly measure what I'm suggesting. In your experiment, you all kept quiet and waited for other people to notice. It is reasonable that if someone was being masqueraded, that person would speak up and challenge the forger (e.g. "Hey, you're not Martin! I'm the real Martin, and I can prove it by signing this message with the same key I've used all along...."). If the real Martin waited for someone else to notice, well, he may end up waiting for a long time.
More information about the Gnupg-users