Semi-off-topic - Netiquette ?
Marc Mutz
Marc.Mutz@uni-bielefeld.de
Wed Jul 18 12:10:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 17 July 2001 14:47, Lionel Elie Mamane wrote:
> On Tue, Jul 17, 2001 at 04:40:27PM +0200, Marc Mutz wrote:
> > I don't think that adding your fingerprint to your (mail)
> > signature/footer is wise. It only leads people to believe it and
> > not check it properly.
>
> Hmm... Obviously (as you can see in my signature) I don't agree. I
> have been putting mey key's fingerprint in my signature for some time
> now. Yes, mail can be faked. But if Mallaury decides today he wants
> to impersonate me in front of you, he can't change all the mail I
> have already sent in various lists, and in various newsgroups. Nor
> can he change old private e-mail I sent you and that is on your
> computer. (At least, I believe no one that has that much manpower
> wants to impersonate me) Thus, if he tries to induce you into using
> another public key as mine, this will (if you are a bit security
> minded) trigger an alarm for you: My key fingerprint has changed!
>
> Even if you don't formally know which one of the keys (the former or
> the "new") is the right one, you know something is wrong. That's
> valuable.
Your considerations have the following flaw:
You can't argument with past sent mails, because they can also be
forged (in archives, etc.). Given, it's not easy to do this, but it is
possible.
Also, you forgot about the factor "human". If you put your fingerprint
into you mail's footer, it is of course saying nothing without the
context of many mails. Only if all the mails you have sent have an
identical fingerprint value in their footer, one can begin to be sure
that it's the right one (only begin, because Mallory, sitting on a smtp
relay near you, could have forged all the messages you've sent from the
beginning on. You wouldn't have guessed anything, because Mallory of
course would send back the unforged mails to you). BUT:
Who in the world does this?
Right, nobody.
This leads people to sign your key based on the fingerprint in your
footer. Now, in the best case, this signature is not considered at all
because no-one out there trusts it, but in the worst case, people rely
on this single signature to validate the wrong key and - bingo. Mallory
is where he wants to be.
The only secure way to exchange signatures is when you have the
passport of the person - and the person ! - in front of you and she
gives you her public key, or the key id with the fingerprint.
You're paranoid enough to use a 4kbits key and include your fpr in your
footer ;-)
Marc
- --
Marc Mutz <Marc@Mutz.com>
http://marc.mutz.com/
http://www.mathematik.uni-bielefeld.de/~mmutz/
http://EncryptionHOWTO.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7VJNs3oWD+L2/6DgRApZgAJwO0P+zf5Mb28Nsc0uTDij08k42qwCeIqSZ
f/bO73q/Yk8GTYepkL2YBg8=
=w3CY
-----END PGP SIGNATURE-----