E-mail with deniable authentication
Mario Castelán Castro
marioxcc.MT at yandex.com
Tue Aug 29 21:04:15 CEST 2017
On 29/08/17 13:33, Robert J. Hansen wrote:
> This is not true except in a theoretical mathematical sense.
> For instance, several people in the community (I know I have, and I
> recall Werner saying he as well) have seen PGP-signed spam mails that
> are the result of a home user using Symantec's PGP mail proxy, then
> getting infested by malware which sends out spam. Since all mail goes
> through the proxy and the credentials are cached, the spam mails were
Ha. OpenPGP-signed spam. That is a really amusing incident.
> You can prove origination *only if* you can prove the originating PC was
> not compromised. Given how common compromise is today -- a few years
> ago Vint Cerf estimated one in four desktop PCs was compromised -- this
> is a very high threshold to clear.
> In a theoretical sense, OpenPGP is a nonrepudiable protocol. But in a
> practical sense, it is not.
I want to note that I said “somebody in the possession of the private
key”. I am aware of the “somebody stole my private key” trick for
signature repudiation. I did not consider the possibility of malware
(thanks for bringing that into my consideration), but the problem is the
The problem is that credible repudiation of signatures done that way
requires that the legitimate key owner (that would be myself) stops
using that key and moreover claims that (at least) all the signatures
more recent (meaning the actual date –for which in many cases only an
upper bound is known–, not by the date claimed in the signature) than
the one he wants to repudiate are illegitimate.
This is something undesirable. Ideally, there should be no need to throw
Do not eat animals, respect them as you respect people.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users