Semi-off-topic - Netiquette ?

Marc Mutz
Wed Jul 18 12:10:01 2001

Hash: SHA1

On Tuesday 17 July 2001 14:47, Lionel Elie Mamane wrote:

> On Tue, Jul 17, 2001 at 04:40:27PM +0200, Marc Mutz wrote:
> > I don't think that adding your fingerprint to your (mail)
> > signature/footer is wise. It only leads people to believe it and
> > not check it properly.
> Hmm... Obviously (as you can see in my signature) I don't agree. I
> have been putting mey key's fingerprint in my signature for some time
> now. Yes, mail can be faked. But if Mallaury decides today he wants
> to impersonate me in front of you, he can't change all the mail I
> have already sent in various lists, and in various newsgroups. Nor
> can he change old private e-mail I sent you and that is on your
> computer. (At least, I believe no one that has that much manpower
> wants to impersonate me) Thus, if he tries to induce you into using
> another public key as mine, this will (if you are a bit security
> minded) trigger an alarm for you: My key fingerprint has changed!
> Even if you don't formally know which one of the keys (the former or
> the "new") is the right one, you know something is wrong. That's
> valuable.
Your considerations have the following flaw: You can't argument with past sent mails, because they can also be forged (in archives, etc.). Given, it's not easy to do this, but it is possible. Also, you forgot about the factor "human". If you put your fingerprint into you mail's footer, it is of course saying nothing without the context of many mails. Only if all the mails you have sent have an identical fingerprint value in their footer, one can begin to be sure that it's the right one (only begin, because Mallory, sitting on a smtp relay near you, could have forged all the messages you've sent from the beginning on. You wouldn't have guessed anything, because Mallory of course would send back the unforged mails to you). BUT: Who in the world does this? Right, nobody. This leads people to sign your key based on the fingerprint in your footer. Now, in the best case, this signature is not considered at all because no-one out there trusts it, but in the worst case, people rely on this single signature to validate the wrong key and - bingo. Mallory is where he wants to be. The only secure way to exchange signatures is when you have the passport of the person - and the person ! - in front of you and she gives you her public key, or the key id with the fingerprint. You're paranoid enough to use a 4kbits key and include your fpr in your footer ;-) Marc - -- Marc Mutz <> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQE7VJNs3oWD+L2/6DgRApZgAJwO0P+zf5Mb28Nsc0uTDij08k42qwCeIqSZ f/bO73q/Yk8GTYepkL2YBg8= =w3CY -----END PGP SIGNATURE-----