PGP/MIME considered harmful for mobile

[Robert J. Hansen]

> I think we're missing each other here.  We have Martin (the real one), the fake Martin (let's call him "Marty"), and various other people on a mailing list.  Martin always signs his messages.  One day Marty shows up and tries to pretend to be Martin.  Martin, not wanting someone else to pretend to be him, can easily say: "You're not Martin.  I am Martin, and I can prove it: I have signed this message with the same key that I've used for all my other messages".

Then we're at an impasse, because that claim wouldn't fly with me.  Let's imagine Fake-Martin and Real-Martin (FM and RM).


FM: [message]
RM: Hey, that's not me!  I'm me.  See?  I've signed this with the same cert I've used for everything else on this list.
FM: No, I'm the real Martin.  I didn't sign up for this mailing list until last week.  You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me!
RM: But I'm the real Martin!  I've been posting here for months!
FM: Prove it.  You can't!  Therefore, I'm the real Martin.
RM: But you can't prove it either!


We like to view signatures as purely mathematical things.  If certain preconditions are met, then a signature has this semantic meaning, etcetera.  Unfortunately, signatures are also social constructs, and social machinery tends to be full of people behaving irrationally.  Given this, I would have to say, "I don't know who's real and who's fake.  They both make very credible claims.  If I wanted to do a credibility attack on Martin, you'd better believe I'd make it a point to get on the mailing list first."