On Sun, Jun 12, 2005 at 12:10:15AM -0700, Steve Langasek wrote: > On Sun, Jun 12, 2005 at 07:49:51AM +0100, Andrew Suffield wrote: > > On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote: > > > > What are we setting out to achieve? > > > > > > - To verify that the person so identified controls a specific email address > > > What does 'control' mean here? Given this: > > > > Many people consider all of options a), b), and c) to be inappropriate, and > > > will instead encrypt each of the uid signatures individually and mail them > > > to the corresponding email address, to verify that you control each address. > > > I presume that you just mean 'is capable of receiving mail sent to the > > address', but that is anybody at all with an internet connection and a > > copy of woody, which contains all you need to capture other people's > > mail. I'm not sure why you're bothering to verify that the person so > > identified falls into this group. > > Yes, and might I say, your personal email is particularly juicy. The only explanation I can come up with for that being 'juicy' is that your wife has made you sleep outside again. > Oh -- or did you mean to say anybody at all with an Internet connection, a > copy of woody, and *access to one of the networks/hosts in the path of travel > of the email*? No. The path is easily redirected for short periods of time to a host which you do have access to. There's a variety of methods for doing this which are commonly used by the script kiddies and phishers, but for obvious reasons I'm not going to go into details on a public mailing list. It's been said that email is like a postcard, but really it's more like going to your window and shouting across the valley. Odds are that nobody is listening or would give a damn if they were, but they can easily listen to a given person if they want to. > > Mail delivery is nothing remotely resembling secure. That's why we > > need keys in the first place (and all you people waving smtp-tls > > around, go back and think about how useful that's going to be without > > signing keys). > > This is an argument that there is no such thing as perfect security. No, it's an observation that there is not even an attempt at security here. > Verifying that the signee has control over the email address is exactly that > -- that's why I didn't say that it was verifying who *owned* the email > address. Knowing this may be of limited value, but that doesn't mean it's > not worth doing. What value exactly do you gain by verifying that the signee has an internet connection and a handful of basic tools? I can't think of a reason why you'd go to all this trouble just to verify that. I thought it was obvious from the fact that they use both email and gpg. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature