Anyone know what became of the Gaim-E Project?

Robert J. Hansen rjh at sixdemonbag.org
Mon Nov 3 16:12:43 CET 2008


>     The pidgin-encryption plugin provides encryption and
> authentication, but not deniability or perfect forward secrecy. If an
> attacker or a virus gets access to your machine, all of your past
> pidgin-encryption conversations are retroactively compromised.
> Further, since all of the messages are digitally signed, there is
> difficult-to-deny proof that you said what you did: not what we want
> for a supposedly private conversation!"

This is increasingly off-topic from GnuPG; let's bring this thread to  
a close pretty soon.

I don't buy OTR's hype, which is basically what you're quoting here.   
What they're saying is simple: if an attacker eavesdrops on your  
secured communications and gets copies of them, then if the attacker  
is able to compromise your box, the attacker can get your GnuPG key  
and use it to decrypt previously sent Gaim-E traffic.

I also don't buy the argument that an OpenPGP signature is difficult  
to deny.  Or, perhaps, the problem is that I _do_ buy the argument.   
Signature semantics are the most pernicious part of OpenPGP, if you  
ask me.  I can count my hands the number of people I know whom I think  
have a good grip on signature semantics.

A correct signature from a valid key belonging to a trusted party  
means the reader can feel confident the message is in the same state  
as the signer saw it.  That's all.  Nothing else.

Imagine that Alice sends Bob a very short note.  "I love you."  Bob,  
who wants to gloat about his romantic victory to his archrival  
Charlie, forwards Alice's message on to Charlie... but Bob's mailer  
appends a signature to the message.  Now Charlie has a signed message  
from Bob in which Bob appears to swear his love for Charlie.  Major  
embarrassment ensues because everybody thinks the signature is proof  
that Bob wrote the message, when he actually didn't.

The absence of a signature is also not proof of anything other than  
the absence of a signature.  Imagine that I'm concerned about people  
forging my messages, so I make it a point to sign everything.  A  
malicious undergrad, upset over the grade I gave, decides to ruin my  
reputation anyway by posting vitriolic, hate-filled messages to a  
white supremacist mailing list using my name.  When the Dean summons  
me to explain my actions, I say "... but that's not me!  I sign  
everything!  I have a years-long history of signing everything!"  The  
Dean, who is a smart mathematician, will say "ah, but perhaps you  
deliberately left your signature off these messages so you could deny  
them later if they surfaced.  You understand that we have to open an  
investigation into you, Rob, correct?"

So my objection to OTR's characterization of OpenPGP signatures as  
"difficult-to-deny proof" is that it's simply not so.  The public  
misconceptions around signatures are so vast that I seriously doubt  
the utility of signatures.  Most people don't understand them and  
don't especially want to, either.



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the Gnupg-users mailing list