Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Stefan Claas stefan.claas at posteo.de
Tue Jun 6 18:39:50 CEST 2017

On 06.06.17 18:07, Stefan Claas wrote:
> On 06.06.17 04:11, Daniel Kahn Gillmor wrote:
>> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>>> what does "bullet-proof" mean, specifically? 
>>> For me it means that the idendicons should be visually easy to read
>>> and cryptographically secure. Sorry that i have no better explanation.
>> here's one way to try to frame the question: Imagine the situation as a
>> game, where you have two players on one team, "defense" named Alice and
>> Bob; Alice wants to send a message to Bob.  Another player on the
>> opposing team, "offense", is named Mallory, is trying to send a message
>> to Bob as well, but trying to trick Bob into thinking that the incoming
>> message comes from Alice.
>> The way the game is played, either Alice or Mallory gets to send a
>> message.  Bob has to decide whether the message actually came from
>> Alice.  If Bob gets it right, the "defense" wins.  If Bob gets it wrong,
>> the "offense" wins.  The game is played multiple times.
>> Is that the scenario you're thinking of?  If so, does the defense need
>> to win 100% of the time over thousands of games?  or is it acceptable
>> for offense to win occasionally?
>> In any case question is: how much work does Mallory need to do to get
>> Bob to make a mistake?  How frequently can Mallory trick Bob into
>> accepting mail from her as though it were from Alice?  Conversely, how
>> many messages that were actually from Alice can Bob accidentally reject
>> without making Alice upset enough to give up on the entire
>> communications scheme?
> In old times I would say if Bob and Alice don't know each other and they
> have no clue how that particular security software works it should be that
> the second message send to one person the security software already detects
> forgeries and reports that to a person. However, with that thinking it does
> not guarantee that Bob knows that Alice is not Eve. Therefore qualified CA's
> in my opinion are mandatory where each user in each country has to register
> with his/her id-card so that it's guaranteed that Alice is not Eve.
> Regards
> Stefan
Correction... instead "has" to register "may register"...


More information about the Gnupg-users mailing list