Semi-off-topic - Netiquette ?
Lionel Elie Mamane
Wed Jul 18 13:46:02 2001
Content-Type: text/plain; charset=us-ascii
On Tue, Jul 17, 2001 at 09:34:59PM +0200, Marc Mutz wrote:
> > > adding your fingerprint to your (mail) only leads people to
> > > believe it and not check it properly.
> > Hmm... Obviously (as you can see in my signature) I don't agree.
> > But if Mallaury decides today he wants to impersonate me in front
> > of you, he can't change all the mail I have already sent in
> > various lists, and in various newsgroups. Nor can he change old
> > private e-mail I sent you and that is on your computer. (At least,
> > I believe no one that has that much manpower wants to impersonate
> > me)
> Your considerations have the following flaw:
> You can't argument with past sent mails, because they can also be
> forged (in archives, etc.). Given, it's not easy to do this, but it
> is possible.
Everything lies in "I believe no one that has that much manpower wants
to impersonate me". Even if this statement were not true, at least it
rises the cost to impersonate me. That's valuable.
> Only if all the mails you have sent have an=20
> identical fingerprint value in their footer, one can begin to be sure=20
> that it's the right one
Begin to have reasonable belief ;-)=20
> (only begin, because Mallory, sitting on a smtp relay near you,
> could have forged all the messages you've sent from the beginning
> on. You wouldn't have guessed anything, because Mallory of course
> would send back the unforged mails to you).
Hmm... "Easy" for my ISP, and this will be though for anyone but my
ISP. Has some effect against 99% of Mallory's. Valuable.
In my particular case, it's not that easy: I do direct MX delivery,
and get mail... Wait. Yes, my ISP could alter the IP packets I send
and receive. Yup. Not only for mail, but also for http (web based
archives, anyone?), FTP (if I get the whole archive by FTP), ... Well,
theoretically possible, but a lot of work...
Btw, my Internet Access provider isn't my e-mail host, and
communication to the POP mailbox is encrypted (ssh tunneled). Thus
Mallory would have to have both my Internet Access Provider and my
e-mail host's cooperation. Makes it harder.
And what if I happen to be at my parent's and use their Internet
access to see something in an archive, and stumble on a faked message?
Right, another ISP must cooperate. And my first aunt's one. And my
second aunt's one. And...
Or a router near each and every mailing list I'm subscribed
to. Theoretically possible. Hard to do.
I don't claim to have achieved total security. Just having raised the
cost to impersonate me.
> This leads people to sign your key based on the fingerprint in your
With stupid users you are screwed anyway. Anyone (non-locally) signing
my key because they saw the fingerprint in an e-mail footer will sign
it because I (at least it seems it's me) sent him the key per e-mail,
or ... because he got it from a keyserver or got it from my website or
> The only secure way to exchange signatures is when you have the
> passport of the person - and the person ! - in front of you and she
> gives you her public key, or the key id with the fingerprint.
Passport forgery, anyone?
> You're paranoid enough to use a 4kbits key and include your fpr in your=
> footer ;-)
Well, that's another story... If I were to create a key today, I most
probably would't make it 4 kbits.
Lionel Elie Mamane
OpenPGP DH/DSS 4096/1024 Key Fingerprint (KeyID: 3E7B4B73):
9DAD 3131 3ADA F50B D096 002A B1C4 7317 3E7B 4B73
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----