Semi-off-topic - Netiquette ?

Marc Mutz Marc.Mutz@uni-bielefeld.de
Wed Jul 18 12:10:01 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 17 July 2001 14:47, Lionel Elie Mamane wrote:

> On Tue, Jul 17, 2001 at 04:40:27PM +0200, Marc Mutz wrote:

> > I don't think that adding your fingerprint to your (mail)

> > signature/footer is wise. It only leads people to believe it and

> > not check it properly.

>

> Hmm... Obviously (as you can see in my signature) I don't agree. I

> have been putting mey key's fingerprint in my signature for some time

> now. Yes, mail can be faked. But if Mallaury decides today he wants

> to impersonate me in front of you, he can't change all the mail I

> have already sent in various lists, and in various newsgroups. Nor

> can he change old private e-mail I sent you and that is on your

> computer. (At least, I believe no one that has that much manpower

> wants to impersonate me) Thus, if he tries to induce you into using

> another public key as mine, this will (if you are a bit security

> minded) trigger an alarm for you: My key fingerprint has changed!

>

> Even if you don't formally know which one of the keys (the former or

> the "new") is the right one, you know something is wrong. That's

> valuable.


Your considerations have the following flaw:

You can't argument with past sent mails, because they can also be 
forged (in archives, etc.). Given, it's not easy to do this, but it is 
possible.

Also, you forgot about the factor "human". If you put your fingerprint 
into you mail's footer, it is of course saying nothing without the 
context of many mails. Only if all the mails you have sent have an 
identical fingerprint value in their footer, one can begin to be sure 
that it's the right one (only begin, because Mallory, sitting on a smtp 
relay near you, could have forged all the messages you've sent from the 
beginning on. You wouldn't have guessed anything, because Mallory of 
course would send back the unforged mails to you). BUT:

Who in the world does this?

Right, nobody.

This leads people to sign your key based on the fingerprint in your 
footer. Now, in the best case, this signature is not considered at all 
because no-one out there trusts it, but in the worst case, people rely 
on this single signature to validate the wrong key and - bingo. Mallory 
is where he wants to be.

The only secure way to exchange signatures is when you have the 
passport of the person - and the person ! - in front of you and she 
gives you her public key, or the key id with the fingerprint.

You're paranoid enough to use a 4kbits key and include your fpr in your 
footer ;-)

Marc

- -- 
Marc Mutz <Marc@Mutz.com>
http://marc.mutz.com/
http://www.mathematik.uni-bielefeld.de/~mmutz/
http://EncryptionHOWTO.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7VJNs3oWD+L2/6DgRApZgAJwO0P+zf5Mb28Nsc0uTDij08k42qwCeIqSZ
f/bO73q/Yk8GTYepkL2YBg8=
=w3CY
-----END PGP SIGNATURE-----