Mailfilter for unknown signatures (Re: gpg --search-keys)
Thomas Sjögren
thomas at northernsecurity.net
Sun Mar 28 21:56:03 CEST 2004
On Thu, Mar 25, 2004 at 01:54:41AM +0100, Albert wrote:
> I think it is very unlikely to spread win-viruses with linux
> machines.
Well, yes, win-viruses/worms doesnt work on linux machines but i was
talking more generally. since linux has become more and more of a
desktop-os, malware will start to hit the end-users sooner or later.
we've already seen a couple of worms attacking and gaining root on servers.
See http://www.cert.org/advisories/CA-2002-27.html for more info.
> It depends on your email-strategies and on your _personal_ needs.
> Why shouldn't one use an email-address for signed/encrypted mails
> _only_?
Personally, i dont like to fiddle around with more email-addresses than
necessary. If people like a setup with two addresses, one
for signed/encrypted mails and one for "normal" mails, it's of course up
to them.
> I think the first filter I can setup at a freemailer like gmx, where
> I check for "application/pgp-signature" in the header, so unsigned
> emails are deleted there without downloading. Maybe I belong to the
> people who have no real security needs, but think where everything
> is monitored and manipulated, using gpg shouldn't be wrong.
>
> The next step after the redirection to a freemailer are the local
> filters.
If we're talking about a scenario wheres "everything is monitored",
sending mail thru various freemailers might not be such a good idea. The
more servers a mail is sent thru the more is the risk of someone
actually monitoring it. sure, this does not include the risk of the
message getting picked up by a signals intelligence system like Echelon.
> qpopper is also setup. So the users clients get their mails via a
> local POP3-server, using KMail and mails are stored there in
> maildir-format. At the end a valid email has to be forwared to the
> default mailbox in /var/spool/mail and maybe the user should get a
> note that an encrypted email from X was deleted.
i would put the encrypted mail in quarantine instead, maybe the system
got some flaws in it?
> The mail doesn't contain a key-ID, so I have to check if the
> email-address can be found in my local keys, or am I wrong?
> Using grep I should be able to get the from-address and with
> gpg --list-keys <email-address> I can check the public keys, the
> program mail could be used to inform of a deleted email.
Yes, that would work.
> I don't use it, but why are they broken? I know that
> www.keyserver.net shows a wrong fingerprint with my key, but with
> pgp.mit.edu it is ok.
wrong fingerprint? thats pretty serious imo.
the reason i told you is that they dont support subkeys.
/Thomas
--
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040328/170e381b/attachment-0001.bin
More information about the Gnupg-users
mailing list