Anyone know what became of the Gaim-E Project?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Nov 4 21:15:00 CET 2008
On Mon, 2008-11-03 at 09:58 -0600, Kevin Hilton wrote:
> What value do signatures serve then however other than to provide data
> authentication but not sender authentication?
YASD (Yet Another Subtle Distinction). Signatures make it possible for
the sender to be authenticated. However, the sender still has to take
concrete steps so the recipient can enjoy sender authentication.
I like to put small personal details in my signed messages; if I talk
about "hey, I really enjoyed lunch the other day" and the recipient
didn't have lunch with me, that's a clear sign some kind of sender games
have been played. That's an example of what I'm talking about here.
> How can you be sure in
> any case that if you get an unsigned transmission, that the data is
> secure, was altered, or that a signature was just mistakingly not
> appended?
You can't. A bad signature conveys the exact same information as an
absent signature. Maybe the message was tampered with; maybe it wasn't;
maybe it was tampered with innocently; maybe it wasn't; maybe... etc.
The only information a bad signature conveys is that someone -- perhaps
the original sender, and perhaps someone else -- attempted to do a
signature operation. The informational content of that fact is pretty
much zero.
> So in the best case scenario if the private keys are kept truly
> private and secure, the signature mechanism works as designed. In
> unideal circumstances however, this "trust" mechanism falls apart
> however. Seems like somewhat of a quandary?
Yep. Like I said, I generally don't buy digital signatures. When used
correctly by people who understand the subtleties of what they can and
cannot do, digital signatures can be very useful. The rest of the time
I think they're a distraction.
A few years ago over on PGP-Basics, one list member was adamant that
signatures should be used for _everything_, regardless of whether the
recipients had validated your key, met you, or formed any opinion on
whether you were trustworthy. Speaking the Sweet Voice of Reason did
not dissuade this person, so John Moore, John Clizbe and I did a small
experiment.
I created a keypair, removed the passphrase from it, and shared it with
John and John. We did not upload it to the keyservers. We then used
this keypair to sign all of our traffic to the list... all three of us,
using the exact same key.
It was months before anyone noticed. Few people cared that our messages
kept on getting flagged as "no key available" and the key wasn't on the
keyserver. What people cared about was that it was signed, and as long
as it was signed, that was enough.
Now, remember, PGP-Basics is a pretty clueful group. It's very newbie
friendly, but there are a lot of people there who have years of
experience using OpenPGP. If they didn't notice the subterfuge, what
chance does a normal user have?
For all I know, someone on this mailing list could be repeating that
experiment right now. If so, I'm totally blind to it. This just goes
to show that I'm no more observant than anyone else.
... So yeah. I am not a believer in the usefulness of digital
signatures. They're very useful when you have:
* a correct signature
* from a validated key
* belonging to someone you trust
If any of those three conditions fail, I think digital signatures are
pretty much useless. Given how specific and exacting the "useful"
conditions are, I think the only conclusion to draw is that in the
general case digital signatures are magic crypto fairy dust. Sprinkle a
little on and you're safe from identity theft, message fraud and other
tampering! Pay no attention to the man behind the curtain!
More information about the Gnupg-users
mailing list