Robot CA at

Kyle Hasselbacher
Thu Dec 5 23:02:01 2002

Hash: SHA1

On Thu, Dec 05, 2002 at 09:52:39PM +0100, Volker Gaibler wrote:
>On Thu, Dec 05, 2002 at 11:43:12AM -0600, Kyle Hasselbacher wrote:
>> bogus-but-signed key.  Challenge/response systems have the same problem,
>> however.  In a sense, if the attacker can intercept the victim's email, the
>> verification is working--the attacker DOES have access to that email
>> address, and that's all the robot is trying to find out.  From the robot's
>> point of view, there's no difference between this and two (or more) people
>> who legitimately and knowingly share an email address.
>But why use encryption at all in that case? Slightly simplified:
>If someone can read your unencrypted mail (sysadmin or somebody sniffing
>network traffic) - and that's what you want to prevent - also can create
>bogus-but-signed keys.

That situation is made no worse by having non-working encryption.
Hopefully the user gets a key working BEFORE people start sniffing.  When a
doppleganger shows up, hopefully people will notice.  There's some optimism
there, I know.

Do you not bother to lock your bicycle when you know there are people with
bolt cutters?  Envelopes can be steamed open, but I still use them.  What
I'm proposing is "better than nothing".  It is NOT absolute security.  It's
merely better than the (terrible) security that's there now.  Knowing this,
you're welcome not to use it.  People who are none-the-wiser will get some
benefit, perhaps without knowing it.  If not, they're no worse off.

I don't think I can prevent unsophisticated users from falling victim to
sophisticated attackers.  It's just a given.  The determined attacker will
get through this simple security.

What I can do is stop the more casual attackers.  If it's harder to get the
opportunity to violate someone's privacy, it won't happen as often.
- -- 
Kyle Hasselbacher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see