Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files

To: Buddha Buck <bmbuck@acsu.buffalo.edu>
Cc: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Mon, 14 Dec 1998 13:38:10 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.981214133515.4746D-100000@wakko>
In-reply-to: <[🔎] E0zpYsy-0004yd-00@resnet217-203.resnet.buffalo.edu>

On Mon, 14 Dec 1998, Buddha Buck wrote:

> If this isn't the case, then signed email is worthless, since many 
> people can (and to a limited extent, do) write to and modify the 
> message in transit.

Email you know who was supposed to sign it (the sender) and you trust the
content based on that tag in an intelligent way. So yes someone could
hijack your mail, remove the signature, resign it with another key and
change the from address but you would notice that! With an embedded
signature that can be one of many choices all the attacker has to do is
break one of the many keys and resign it that one, or insert his key into
the keyring and sign, etc. This is why digital signatures that we
distribute with packages have little worth.

Jason

Reply to:

Follow-Ups:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Oscar Levi <elf@buici.com>

References:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Buddha Buck <bmbuck@acsu.buffalo.edu>

Prev by Date: Re: TAO license - Debian misinterpretation
Next by Date: Re: DPLs : what do you think about ...
Previous by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Index(es):
- Date
- Thread