Mutt/GnuPG doc initial release

Horacio homega@wanadoo.es
Mon Sep 24 23:31:01 2001


On Mon, Sep 24, 2001 at 07:49:54PM +0200, Janusz A. Urbanowicz wrote:

> Alexander Skwar wrote/napisa=B3[a]/schrieb:
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > So sprach _Janusz A. Urbanowicz_ am 2001-09-24 um
> > 13:44:47 +0200 :
> > > Len Sassaman wrote/napisa?[a]/schrieb:
> > > > Frankly, it's poor netiquette to post PGP/MIME
> > > > messages to mailing lists, for one,
> > >=20
> > > Why?
> >=20
> > Because normally it's not that terribly important to see
> > from which person a mail orginated. You know, I don't
> > know you, so even if your mail would have been signed, it
> > wouldn't mean more to me. Also Werner's mails to this
> > list wouldn't mean more to me if they were signed,
> > because he's also just a stranger.
>=20
> I don't think so.
>=20
> > So, it doesn't add anything which means that it's
> > unneeded and thus poor netiquette.
>=20
> And I think you are wrong or haven't done proper threat
> analysis. Case 1: someone impresonating Werner posts a
> message about a bug in GnuPG and a patch to fix it. This
> patch actually plants a backdoor. In your approach, you
> have no way to tell nor it makes any difference to you.
In that case signing the message would be the right thing to do. And, rather than including the patch with the message, providing a pointer where to d/load the patch and a detach signature.
> Case 2 (real life example): a friend of mine is an active
> usenetter, she also posts a lot to mailing lists. One day a
> sexually suggestive (at the verge of explicit) forged
> messaged attributed to her started to appear. PGP signing
> was the simplest way to make a good distinction of which
> messages come from her and which are forgeries.
No, since most people will not have a system to check the sig (and most of those who have a pk system won=B4t have her key), this is useless at large. But, MOST IMPORTANT, she could post nice messages to the ng pgp-signed, and yet SHE could at the same time post nasty ones without a signature. What=B4s in her public key that I can use to verify that a non-signed message is not from her? This is nonsense.
> In saying about 'strangers' you forgot one thing: while on
> everyday use of PGP there is little need to use it to
> establish RL identity, it is a very good and a convenietnt
> way of establishing origin. I don't care much if Werner's
> name is actually Werner, but I do care if new GPG releases
> come from its author.
But this is just one example where a signature is needed. We mostly deal with huge loads of people who flood mailing lists with pgp-signed messages just for asking how to unsubscribe from the list!!! Long ago (at around gpg-0.X ... forgot), I asked Werner why he wouldn=B4t use signatures in his mails. The answer was something like "nothing of what I=B4m writing is so important as to require a digital signature". Then I realize this was not just a programmer=B4s toy.
> A good example is remailer-operator list. Anon remailer
> operators need not to know each other's identities (I'm one
> of the few who reveal their names) but need to know if
> given remailer configuration changes come from the
> remailer's operator (because of MITM).
There are cases where it is needed or required, and that=B4s the point of it, to use it where needed/required. Which does not equal to abuse it. --=20 Horacio