Problem with faked-system-time option
hugo.seifert at hushmail.com
Sun Jun 26 14:16:04 CEST 2011
Jerome Baum <jerome at jeromebaum.com> wrote in message
<BANLkTikQo=Qc9CTtNB3e7rFsNu=SqKyXow at mail.gmail.com>:
> >>> if you cheat your employer out of their money,
> > The scenario stated that a fluctuating work volume resulted in
> > when there was no work to do. Using that time for your own
> > does not look to me like cheating your employer.
> In that case you have nothing to fear from your timestamp.
> I personally hold the opinion that you should have a good work
> relationship with your employer (including your manager), and
> therefore when there is really no work to do, using it for
> new stuff, or yes even for reading /. or TDWTF, shouldn't lead to
> court case. But, of course, you should discuss with your manager
> there is no work to do, and get their permission first. If you go
> ahead and make this decision on your own, then yes you are
> your employer -- he might have had work for you to do if only you
> told him there's nothing left.
"In that case you have nothing to fear from your timestamp"???
Then why use encryption at all, when we're always honest, don't
plan evil things and have nothing to hide, nothing to fear? And
there arises the question who is privileged to determine what's
evil and what isn't?
Protection only to those who comply with your rules sounds like
censorship. Do you think GnuPG should only support people who
adhere to your social conventions and not OBL hiding in his "cave"?
If I understand you correctly, in that case being able to locate
the ill-affected originator of a message with the assistance of his
signatures' timestamps is acceptable. But how about a U.S. agent
acting undercover in enemy territory or someone participating in a
Usenet discussion on the HIV disease he suffers from? With such a
differentiation you're treading on thin ice, aren't you?
I read most of this lengthy thread and wondered why for some it
is so hard to accept that there are negative implications of exact
timestamps, which is why I venture one further example.
Have you ever heard of OmniMix (http://www.danner-net.de/om.htm)?
That's a tool aiming at freedom of speech by making it very easy
to address onion remailers with your mail and news client software.
I use it when posting anonymously to the Usenet, which means with
almost all of my newsgroup contributions.
No less than 4 years ago in gnupg-devel, message
<84uor29d9cc2r9ilnvt5bc16non5elup05 at domain.is.invalid>, its author
complained about security risks for not having a chance to alter
key and signature timestamps and argued the case for a GnuPG 1.4 --
: Is there a chance to get an additional GPG option that allows to
: the creation date of keys and signatures?
: I'm developing a Windows proxy server that works as a gateway to
: remailers and nym servers. For such an application it's mandatory
: disguise all timestamps within messages, as e.g. getting
: the exact shipping time would make it a lot easier for an
: compromise the author. Currently I see no alternative to a
: manipulation of the system time when such sensitive action takes
: place. But that strategy entails a lot of potential side effects,
: especially in a server environment.
If that's no valid reason to add such an option, what else would
be? In <87lkjkp7pz.fsf at wheatstone.g10code.de> Werner kindly
promised to act, but four years have passed and nothing happened.
Or is the agenda behind GnuPG to provide privacy but forget about
or even prevent anonymity ignoring the fact that we're living in a
world where escaping ubiquitous surveillance becomes harder and
Just my 2 cents.
More information about the Gnupg-users