auto sign files
atom at smasher.org
Thu Jan 20 07:52:42 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
there seems to be something that's being overlooked in this thread... what
key is being used to auto-sign with?
i personally have scripts that generate signed files without me typing a
passphrase (this is facilitated by a key with no passphrase). normally
this would be considered incredibly stupid, but there's one thing about it
that make it OK by my standards: i'm not using *my* key.
sure, i'm using a key that's exclusively under my control, but that key is
not part of *my* key (0xD9F57808) or the WoT. as a matter of fact, the key
isn't even distributed publicly. the UID is meaningless to anyone who
doesn't know what it is, and the key has no third party signatures.
if i have any reason to suspect that an auto-signing key is compromised i
can replace it with a new key. assuming that the public part of that key
is only being used by a small group of people it's probably overkill to
formally revoke it... just replace it.
i would *NEVER* use _my_ key or any subkey for signing on auto-pilot, but
for a key that's only used for a specific purpose it *can* increase
overall security... one example is a remote IDS scan that's run from my
desktop... every night it generates a report for each server that it
scans, and then emails the report to my mail server. the report then sits
on my mail server waiting to be read... but what if the mail server is
hacked? a hacker could change the report before i see it. by auto-signing
the report on my desktop before mailing it out, i will know immediately if
the report was altered in any way (after leaving my desktop). IMHO the net
effect is an increase in security.
and if my desktop is hacked? in that case i would have to consider *my*
compromised, strong passphrase and all.
this reminds me of a true story: someone from an unnamed internet bank
wanted a custom version of the "gpg_encrypt" php script that would add a
signature to the encrypted email. i tried to explain that it would be
creating a _sense_ of security, while probably not _actually_ increasing
security. they insisted that they required the signature. i gave them what
they wanted, and everything seemed fine on my end but they were having
problems getting it to work on their end. after a few rounds of tests that
i had them perform on their server, it turned out that they're running
their internet bank on a SHARED SERVER that's maintained by their hosting
company!!! they have *ZERO* control over the administration of the server!
i tried to explain that this was not only the cause of their problems but
also HORRIBLY INSECURE, but they just didn't get it. all of the strong
crypto in the world can't keep their customers' banking information
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"We cannot simply suspend or restrict civil liberties until
the War of Terror is over, because the War on Terror is
unlikely ever to be truly over... September 11, 2001,
already a day of immeasurable tragedy, cannot be the day
liberty perished in this country."
-- Judge Gerald Tjoflat, 16 Oct 2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-users