Mutt/GnuPG doc initial release
Tue Sep 25 19:13:02 2001
On Tue, Sep 25, 2001 at 04:05:48PM +0100, Owen Blacker wrote:
> Horacio wrote (2001-09-24 T 23:27 +0200):
> > > > So, it doesn't add anything which means that it's
> > > > unneeded and thus poor netiquette.
> > >
> > > And I think you are wrong or haven't done proper threat
> > > analysis. Case 1: someone impresonating Werner posts a
> > > message about a bug in GnuPG and a patch to fix it. This
> > > patch actually plants a backdoor. In your approach, you
> > > have no way to tell nor it makes any difference to you.
> > In that case signing the message would be the right thing to
> > do. And, rather than including the patch with the message,
> > providing a pointer where to d/load the patch and a detach
> > signature.
> We're talking 251 bytes here. I don't think 251 bytes per
> message is gonna break anyone's metered dial-up bank.
[*] No, we are talking of a process which gets started
everytime one opens a message that=B4s been digitally signed,
and which is a case of 1 out X messages for each mailing list
one is subscribed to.
> > > Case 2 (real life example): a friend of mine is an
> > > active usenetter, she also posts a lot to mailing
> > > lists. One day a sexually suggestive (at the verge of
> > > explicit) forged messaged attributed to her started to
> > > appear. PGP signing was the simplest way to make a good
> > > distinction of which messages come from her and which
> > > are forgeries.
> > No, since most people will not have a system to check the
> > sig (and most of those who have a pk system won=B4t have
> > her key), this is useless at large. But, MOST IMPORTANT,
> > she could post nice messages to the ng pgp-signed, and
> > yet SHE could at the same time post nasty ones without a
> > signature. What=B4s in her public key that I can use to
> > verify that a non-signed message is not from her? This
> > is nonsense.
> No, it's not nonsense. What is nonsense is that you're
> trying to apply the threat model wrongly. That the message
> is unsigned doesn't prove tht it's not from her, but it
> does imply that it might not be.
Which is just what I wrote.
> > > In saying about 'strangers' you forgot one thing: while
> > > on everyday use of PGP there is little need to use it
> > > to establish RL identity, it is a very good and a
> > > convenietnt way of establishing origin. I don't care
> > > much if Werner's name is actually Werner, but I do care
> > > if new GPG releases come from its author.
> > But this is just one example where a signature is needed.
> > We mostly deal with huge loads of people who flood
> > mailing lists with pgp-signed messages just for asking
> > how to unsubscribe from the list!!!
> That's a problem with the people subscribing to the list,
> not those who post to it. I sign almost all my mail. If I
> didn't sign it, then I might not have sent it. Whether
> it's a message to my boyfriend asking what's for dinner
> tonight or a politically sensitive statement, I sign it.
> If it's unsigned or the signature doesn't verify, then
> check if it's me. I firmly believe that everyone should do
> the same.
I see, meaning you don=B4t give a monkey=B4s ass whether it=B4s a
bother for subscribers or not???
> Whether you know that I am a caucasian male living in
> London or not is irrelevant. You have a mental image of
> the user firstname.lastname@example.org and it is whether that user sent
> the message or not that is important, not whether Owen
> Blacker is my real name or who or what I am.
Who you are, where you live, your ethnic group, sex or sex
preferences, or your name is completely irrelevant to me if
it is all about reading an answer or question from you
related to a specific subject. So, I couldn=B4t care less if I
can verify any of the above or else from a digital signature.
You know, it=B4s like all those annoying vcards, or those long
signatures with ascii-disart included. They are not big
deal, but they are not good nettiquete either.
> > Long ago (at around gpg-0.X ... forgot), I asked Werner why
> > he wouldn=B4t use signatures in his mails. The answer was
> > something like "nothing of what I=B4m writing is so important
> > as to require a digital signature". Then I realize this was
> > not just a programmer=B4s toy.
> That's merely a different ethos. I think that anything
> anyone writes is worth signing. If it's not worth signing
> (and thus claiming attribution for it, for example), then
> it's not worth saying. Imho, of course :o)
Of course, iyho.
> > > A good example is remailer-operator list. Anon remailer
> > > operators need not to know each other's identities (I'm
> > > one of the few who reveal their names) but need to know
> > > if given remailer configuration changes come from the
> > > remailer's operator (because of MITM).
> > There are cases where it is needed or required, and
> > that=B4s the point of it, to use it where needed/required.
> > Which does not equal to abuse it.
> Indeed. Showing an example of where things should
> definitely be signed is tangential.
> As I said, imho. But are the extra 251 bytes really that big a deal?!
No, no big deal (but see [*]). Unwrapped long lines are a
worst nuisance than some added 251 bytes.