On message signing and Enigmail...

Christopher J. Walters cwal989 at comcast.net
Wed Feb 1 22:29:51 CET 2012

Hash: SHA512

On 2/1/2012 03:45 PM, Robert J. Hansen wrote:
> Except that it doesn't.  What's to prevent me from creating a
> certificate with your name and email address and making posts in your
> name, with a signature from a certificate that claims to be yours?
> Nothing -- and that signature is every bit as credible as the one that's
> from your own certificate.  You might say, "but that certificate's a
> fraud, my certificate's real!", but the Christopher Walters impersonator
> will say the same thing about you.  There's no way to check.

Nothing, true.

However, I disagree with your statement that there is no way to check: one can
check the headers of each message to see from where they originated.  If one
says it came from (my email name @ my ISP) and originated from my ISP, and the
other shows a different origin, then the one showing a different origin would
be suspect, while the one showing an IP address from my ISP, and showing that
it came from my username, would be more able to be trusted.  If neither
originated from my ISP, then both are suspect.  That is, unless you met the
real me, verified that I am who I say I am, and signed my key - then it would
add some very strong trust if you had signed one of those keys.  If they both
came from my ISP, and neither was signed by you or someone you trust, they
would both be suspect.  Before you mention it, I know that headers can be
spoofed, however, I very much doubt that a troll or spammer would go to the
trouble of creating a key-pair in my name to sign messages, as well as the
trouble to spoof the headers.

> I understand the desire to give people a way to verify the integrity of
> your message, but the way you're going about it has some glaring and
> obvious flaws.

That is your opinion, and I can respect that.  However, in showing the flaw in
your argument that "there is no way to check", I cannot agree with your
conclusion.  I could have understood and agreed with your argument if you had said:
1. I have never met you.
2. By the standard of trust I use, I have to meet you to sign your public key.
3. No one I have met, who uses my standard of trust, has signed your key.
Therefore, I do not know you well enough for your signature to have any meaning
to me.

To simply state that "the way you're going about it has some glaring and
obvious flaws", when the only argument you used against it has its own flaws,
does not meet my standard of logic in reasoned argument.

> I can't argue against a feeling.  No one can.  Feelings are what they
> are, and they are immune to the forces of reason.

I am always open to logical arguments.  However, in using logic alone, one must
realize that two opposing logical arguments can be equally valid.  As for
arguing with a feeling, I see people doing that all the time and it's usually
not pretty. ;)

I do not believe there is *One True and Correct Answer* to this issue.  I do
feel it germane to point out that this IS the gnupg-users list, and if anywhere
would be appropriate to sign messages, it would be here.


P.S.  I could show a proof of concept very easily, to support my premise that
the headers can be used to check which one is valid.  However, it is a good
deal of work for me, and it is really up to you to refute my argument.


avast! Antivirus: Outbound message clean.
Virus Database (VPS): 120201-0, 02/01/2012
Tested on: 2/1/2012 4:29:53 PM
avast! - copyright (c) 1988-2012 AVAST Software.

More information about the Gnupg-users mailing list