Anyone know what became of the Gaim-E Project?
Robert J. Hansen
rjh at sixdemonbag.org
Mon Nov 3 16:12:43 CET 2008
> The pidgin-encryption plugin provides encryption and
> authentication, but not deniability or perfect forward secrecy. If an
> attacker or a virus gets access to your machine, all of your past
> pidgin-encryption conversations are retroactively compromised.
> Further, since all of the messages are digitally signed, there is
> difficult-to-deny proof that you said what you did: not what we want
> for a supposedly private conversation!"
This is increasingly off-topic from GnuPG; let's bring this thread to
a close pretty soon.
I don't buy OTR's hype, which is basically what you're quoting here.
What they're saying is simple: if an attacker eavesdrops on your
secured communications and gets copies of them, then if the attacker
is able to compromise your box, the attacker can get your GnuPG key
and use it to decrypt previously sent Gaim-E traffic.
I also don't buy the argument that an OpenPGP signature is difficult
to deny. Or, perhaps, the problem is that I _do_ buy the argument.
Signature semantics are the most pernicious part of OpenPGP, if you
ask me. I can count my hands the number of people I know whom I think
have a good grip on signature semantics.
A correct signature from a valid key belonging to a trusted party
means the reader can feel confident the message is in the same state
as the signer saw it. That's all. Nothing else.
Imagine that Alice sends Bob a very short note. "I love you." Bob,
who wants to gloat about his romantic victory to his archrival
Charlie, forwards Alice's message on to Charlie... but Bob's mailer
appends a signature to the message. Now Charlie has a signed message
from Bob in which Bob appears to swear his love for Charlie. Major
embarrassment ensues because everybody thinks the signature is proof
that Bob wrote the message, when he actually didn't.
The absence of a signature is also not proof of anything other than
the absence of a signature. Imagine that I'm concerned about people
forging my messages, so I make it a point to sign everything. A
malicious undergrad, upset over the grade I gave, decides to ruin my
reputation anyway by posting vitriolic, hate-filled messages to a
white supremacist mailing list using my name. When the Dean summons
me to explain my actions, I say "... but that's not me! I sign
everything! I have a years-long history of signing everything!" The
Dean, who is a smart mathematician, will say "ah, but perhaps you
deliberately left your signature off these messages so you could deny
them later if they surfaced. You understand that we have to open an
investigation into you, Rob, correct?"
So my objection to OTR's characterization of OpenPGP signatures as
"difficult-to-deny proof" is that it's simply not so. The public
misconceptions around signatures are so vast that I seriously doubt
the utility of signatures. Most people don't understand them and
don't especially want to, either.
This message was sent using IMP, the Internet Messaging Program.
More information about the Gnupg-users