Mutt/GnuPG doc initial release

Owen Blacker owen@flirble.org
Tue Sep 25 17:08:01 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Horacio wrote (2001-09-24 T 23:27 +0200):

>

> > > So, it doesn't add anything which means that it's

> > > unneeded and thus poor netiquette.

> >

> > And I think you are wrong or haven't done proper threat

> > analysis. Case 1: someone impresonating Werner posts a

> > message about a bug in GnuPG and a patch to fix it. This

> > patch actually plants a backdoor. In your approach, you

> > have no way to tell nor it makes any difference to you.

>

> In that case signing the message would be the right thing to

> do.  And, rather than including the patch with the message,

> providing a pointer where to d/load the patch and a detach

> signature.


We're talking 251 bytes here.  I don't think 251 bytes per message is
gonna break anyone's metered dial-up bank.


> > Case 2 (real life example): a friend of mine is an active

> > usenetter, she also posts a lot to mailing lists. One day a

> > sexually suggestive (at the verge of explicit) forged

> > messaged attributed to her started to appear. PGP signing

> > was the simplest way to make a good distinction of which

> > messages come from her and which are forgeries.

>

> No, since most people will not have a system to check the sig

> (and most of those who have a pk system won=B4t have her key),

> this is useless at large.  But, MOST IMPORTANT, she could

> post nice messages to the ng pgp-signed, and yet SHE could

> at the same time post nasty ones without a signature.  What=B4s

> in her public key that I can use to verify that a non-signed

> message is not from her?  This is nonsense.


No, it's not nonsense.  What is nonsense is that you're trying to apply
the threat model wrongly.  That the message is unsigned doesn't prove
tht it's not from her, but it does imply that it might not be.


> > In saying about 'strangers' you forgot one thing: while on

> > everyday use of PGP there is little need to use it to

> > establish RL identity, it is a very good and a convenietnt

> > way of establishing origin. I don't care much if Werner's

> > name is actually Werner, but I do care if new GPG releases

> > come from its author.

>

> But this is just one example where a signature is needed.  We

> mostly deal with huge loads of people who flood mailing lists

> with pgp-signed messages just for asking how to unsubscribe

> from the list!!!


That's a problem with the people subscribing to the list, not those who
post to it.  I sign almost all my mail.  If I didn't sign it, then I
might not have sent it.  Whether it's a message to my boyfriend asking
what's for dinner tonight or a politically sensitive statement, I sign
it.  If it's unsigned or the signature doesn't verify, then check if
it's me.  I firmly believe that everyone should do the same.

Whether you know that I am a caucasian male living in London or not is
irrelevant.  You have a mental image of the user owen@flirble.org and it
is whether that user sent the message or not that is important, not
whether Owen Blacker is my real name or who or what I am.


> Long ago (at around gpg-0.X ... forgot), I asked Werner why

> he wouldn=B4t use signatures in his mails.  The answer was

> something like "nothing of what I=B4m writing is so important

> as to require a digital signature".  Then I realize this was

> not just a programmer=B4s toy.


That's merely a different ethos.  I think that anything anyone writes is
worth signing.  If it's not worth signing (and thus claiming attribution
for it, for example), then it's not worth saying.  Imho, of course  :o)


> > A good example is remailer-operator list. Anon remailer

> > operators need not to know each other's identities (I'm one

> > of the few who reveal their names) but need to know if

> > given remailer configuration changes come from the

> > remailer's operator (because of MITM).

>

> There are cases where it is needed or required, and that=B4s

> the point of it, to use it where needed/required.  Which does

> not equal to abuse it.


Indeed.  Showing an example of where things should definitely be signed
is tangential.

As I said, imho.  But are the extra 251 bytes really that big a deal?!

:o)



O x
- --=20
Owen Blacker | Senior Software Developer and InfoSecurity Consultant
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8  c520 6475 6239 3e20 56b9
- --
They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety --Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7sJ1aZHViOT4gVrkRArlBAJ4vdEmFpb2LQc8PwRB0Rq27BeaRlgCeL2/3
I4/GKLy1z5MXw/CE0boy0no=3D
=3DExbR
-----END PGP SIGNATURE-----