Questions about generating keys

Janusz A. Urbanowicz alex at bofh.net.pl
Thu Aug 23 16:10:33 CEST 2007 

On Thu, Aug 23, 2007 at 12:40:02PM +0300, Oskar L. wrote:
> Robert J. Hansen wrote:
> > In the battle between armor and warhead, _always_ bet on the warhead.
> >
> > Playing defensively and trying to make an email address invisible is
> > going to be an exercise in frustration.  They always get seen.  They
> > always get spammed.  Play defensively and you lose.
> 
> Well if you need to have an e-mail address available to the general public
> then this is certainly true. Spammers have even been known to hire cheap
> labor to surf the web looking for e-mail addresses and filling in spam in
> forms, so even hiding your address in a blurred upside-down JPEG won't
> help.

[]

I'll tell you something. I have three public email addresses that I
use almost exclusively, and one doubles as my Jabber ID, and I never
used obsfuctaion or protection: all they do is irritate users and
decrease chance that someone who should be able to contact me, can't.

Yet, I receive much less spam to my mbox than for example to comments
on my blog. Why? I use some not very complicated
precautions. Actually, as I said before one of two spams slip in a
month, sometimes one more, sometimes none at all.

All those things that you describe involve lot of effort on your and
your correspondent's side, and are weak - if someone who has your
address gets a trojan, your address leaks out. If someone accidentally
puts server log files on the net, your address leaks out, when someone
writes to your wrong address (like sending private reply to email
address) the communication won't work.

What are you tring to do, is like full time wearing full biosafety
hazmat suit with closed air circulation just to avoid getting common cold. 

It won't work this way or another, the air will run out at some point
or the suit will wear and tear where and when you are not looking. And
you are a big inconvenience to your peers.

What I'm saying is that this approach is stupid, and wasteful of time
and resources. It seems secure, gives this warm and fuzzy feeling, but
it isn't. It is like taking your shoes in the airport, but what if
someone smuggles some C4 in a buttplug and blows it with electronics
of his ipod?

> If you have security unaware friends who type in your address on "send
> your friend an ecard" type of sites, or have you in their address book on
> their Windows box full with spyware, then the spammers will get your
> address, no matter what you do.

All people are security unconscious and some point.s

> But if you don't need a public address, and only have security conscious
> friends, then I would think you have a good change of staying of the
> spammers lists.

And what if I haven't such friends?

> > Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits
> > if you're so inclined--those are all active measures which force the
> > spammers to adapt to your actions.  That gives you a measure of
> > initiative back.  You're no longer playing pure defensive.
> 
> Those are all good things, but just because we have them does not mean
> that it's not a good idea to try to stay of the spammers list in the first
> place.  Personally I'd like to see more aggressive anti-spam measures,
> like the ones taken by Blue Frog.

It is not good idea, because you can't in the same way you can't quit
address lists of influenza viruses and meteorite strikes.

> User IDs do not provide any authentication, so security wise they are
> useless. The most secure thing would be not to have one at all, and have
> my friends remember that key number xxxxxxxx belongs to me. This way, if

heh

you are expecting big things of people

and if someone offers them chocolate[1] to give out your secret number?

[1] research shows that people are willing to give out actual
passwords in exchange for chocolate

> my friends get raided, it will be more difficult or impossible for the
> police to figure out that it's my key. But since this is very
> inconvenient, I decided to sacrifice a little security for convenience, by
> putting my first name in the user ID. I don't provide an e-mail address
> mainly because it's easier to change my e-mail address if I don't have to
> update my key, but this undeniably also makes things a little harder for
> spammers, since it's one less place they can find my e-mail address. It
> might also help in a deniability claim. I don't however think that it's
> too much to ask that people remember witch e-mail address goes with witch
> key.

if you do things that can get you raided by police, that changes the threat model

but on the other hand, surveillance usually means communication
intercepts so the interceptors will know that communciations encrypted
with this particular key and id go to you

Alex
-- 
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski

More information about the Gnupg-users mailing list