Semi-off-topic - Netiquette ?

Lionel Elie Mamane
Wed Jul 18 13:46:02 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 17, 2001 at 09:34:59PM +0200, Marc Mutz wrote:

> > > adding your fingerprint to your (mail) only leads people to
> > > believe it and not check it properly.

> > Hmm... Obviously (as you can see in my signature) I don't agree.

> > But if Mallaury decides today he wants to impersonate me in front
> > of you, he can't change all the mail I have already sent in
> > various lists, and in various newsgroups. Nor can he change old
> > private e-mail I sent you and that is on your computer. (At least,
> > I believe no one that has that much manpower wants to impersonate
> > me)

> Your considerations have the following flaw:

> You can't argument with past sent mails, because they can also be
> forged (in archives, etc.). Given, it's not easy to do this, but it
> is possible.
Everything lies in "I believe no one that has that much manpower wants to impersonate me". Even if this statement were not true, at least it rises the cost to impersonate me. That's valuable.
> Only if all the mails you have sent have an=20
> identical fingerprint value in their footer, one can begin to be sure=20
> that it's the right one
Begin to have reasonable belief ;-)=20
> (only begin, because Mallory, sitting on a smtp relay near you,
> could have forged all the messages you've sent from the beginning
> on. You wouldn't have guessed anything, because Mallory of course
> would send back the unforged mails to you).
Hmm... "Easy" for my ISP, and this will be though for anyone but my ISP. Has some effect against 99% of Mallory's. Valuable. In my particular case, it's not that easy: I do direct MX delivery, and get mail... Wait. Yes, my ISP could alter the IP packets I send and receive. Yup. Not only for mail, but also for http (web based archives, anyone?), FTP (if I get the whole archive by FTP), ... Well, theoretically possible, but a lot of work... Btw, my Internet Access provider isn't my e-mail host, and communication to the POP mailbox is encrypted (ssh tunneled). Thus Mallory would have to have both my Internet Access Provider and my e-mail host's cooperation. Makes it harder. And what if I happen to be at my parent's and use their Internet access to see something in an archive, and stumble on a faked message? Right, another ISP must cooperate. And my first aunt's one. And my second aunt's one. And... Or a router near each and every mailing list I'm subscribed to. Theoretically possible. Hard to do. I don't claim to have achieved total security. Just having raised the cost to impersonate me.
> This leads people to sign your key based on the fingerprint in your
> footer.
With stupid users you are screwed anyway. Anyone (non-locally) signing my key because they saw the fingerprint in an e-mail footer will sign it because I (at least it seems it's me) sent him the key per e-mail, or ... because he got it from a keyserver or got it from my website or =2E..
> The only secure way to exchange signatures is when you have the
> passport of the person - and the person ! - in front of you and she
> gives you her public key, or the key id with the fingerprint.
Passport forgery, anyone?
> You're paranoid enough to use a 4kbits key and include your fpr in your=
> footer ;-)
Well, that's another story... If I were to create a key today, I most probably would't make it 4 kbits. --=20 Lionel Elie Mamane OpenPGP DH/DSS 4096/1024 Key Fingerprint (KeyID: 3E7B4B73): 9DAD 3131 3ADA F50B D096 002A B1C4 7317 3E7B 4B73 --LZvS9be/3tNcYl/X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQE7VXdPscRzFz57S3MRAiVyAKCUtdfQmqdgQiC3M/PKXJof3i88YACeM5PR SdgU8IZgd5lUQKIeSAlkO/E= =Qoe2 -----END PGP SIGNATURE----- --LZvS9be/3tNcYl/X--