[linux-elitists] Fwd: PGP signature attachments!

Karsten M. Self kmself@ix.netcom.com
Fri Sep 7 12:41:01 PDT 2001


on Fri, Sep 07, 2001 at 08:30:04PM +0100, Sean Neakums (sneakums@zork.net) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> begin  Karsten M Self quotation:
> 
> > on Fri, Sep 07, 2001 at 07:54:30PM +0100, Sean Neakums (sneakums@zork.net) wrote:
> >> I was not persuaded the first time you posted that, and I am not now.
> > 
> > Specifically, why not?
> 
> There is plenty in there that states why *you* think you should be
> allowed to sign with PGP/MIME but there is nothing to say why other
> people should do likewise.

They can choose to sign or not sign as they please.  I address why *I*
do this, and why it behooves the reader to have RFC 2015-enabled mail.

From the rant:

------------------------------------------------------------------------

So, Why Do You Insist On Signing Your Mail Anyway?

    Fair question.

    Part of the reason is for your benefit, where you are the reader
    of my mail.  It is your responsibility to ensure that what
    you are reading as attributed to me is in fact my own writing.
    While digital (or sometimes "electronic" signatures now carry
    some legal standing, I'm not vesting my GPG hash with this power.
    However, you can be pretty confident that words appearing over my
    signature, verified against my public key, were written by me,
    or by someone who has access to my computer, my private key,
    and the pass-key necessary to utilize it.

    Why is it your responsibility?  Simple:  you know you've
    received mail from me.  I may or may not know I've sent it.
    As is well known, email is an insecure, unauthenticated medium.
    It's quite possible that someone is sending something claiming
    to be someone they aren't.  In fact, this happens as a matter of
    course with spam.  Since you (the recipient) have the evidence
    in front of your eyes, and I've no idea it's been sent, if it's
    not from me, the burden of authentication lies with the recipient.

    If it's not signed by me, your assumption should be that it isn't
    *from* me.

<emphasis>    
    A large reason though is to encourage and advocate use and
    adoption of tools that support public key infrastructure (PKI)
    methods, both the ability to create and properly process signed
    and encrypted mail.  I've found myself at several times needing to
    send authenticated or encrypted mail to persons, only to find that
    the recipients did not have a public key, PKI support within their
    mailer, or even, at times, a mailer capable of supporting PKI.
</emphasis>    


    It's been suggested variously that I sign messages inline,
    or in some instances, that mailing lists drop all MIME-encoded
    attachments.  I believe this is the wrong solution for two reasons:

      - It breaks useful behavior.  MIME attachments *can*
        provide useful information, including support of non-ASCII
        charactersets, required for basic communications in much
        of the world.  In the case of signed messages, a recent
        SANS alert of the BIND exploit of the day was copied to a
        mailing list I'm subscribed to as cleartext-signed message.
        The body of the message was modified in two generations of
        distribution and the signature rendered invalid.  This is
        not immediately apparent as messages which are cleartext-
        signed must be verified as a separate, manual, step.  In the
        case of security exploits and announcements, such verification
        and authentication is of some importance.

      - It's not the root problem.  The root problem is mail clients
        which handle untrusted content in an insecure fashion.  This is
        like dousing 75% of the population with gasoline, then placing
        match-confiscating personnel at the doors of all public arenas.
        The problem isn't the matches.  It's the gasoline.

        Palliative measures to reduce the apparent risk without
        addressing the actual cause mask the problem without fixing it.
        If sufficient people feel the pain, we'll eventually see
        changes either to client behavior or choice.

------------------------------------------------------------------------

-- 
Karsten M. Self <kmself@ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010907/b7be34d6/attachment.pgp 


More information about the linux-elitists mailing list