[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful

On Mon, Aug 04, 2003 at 01:18:18PM -0700, Alan Connor wrote:
> > From cmetzler@speakeasy.net Mon Aug  4 13:11:52 2003
> > On Mon, 4 Aug 2003 10:41:37 -0700 Alan Connor <alanc@localhost> wrote:

> Thanks Chris. Still doesn't make sense to me and I am seriously considering
> writing a stanza in my newsreaders filters that will dump any posts with
> PGP sigs.
> 1) Neither I nor anyone I know cares if you are who you say you are or not.

And you have already been informed that this is *not* the purpose of
PGP.  It verifies that all the messages signed with a certain key come
from the holder of that key.
A little example:
  Without PGP, a spammer harvests my address somewhere and sends spam
  to the list with me listed as the From address. I'm going to have a
  hell of a time proving that I'm not the spammer.
  With PGP, I can just point out that they're not signed with my key,
  and I've already established a precedent that all messages that are
  legitimately from me *are* signed.
  Someone chooses to misquote me as saying something offensive or
  damaging. I can just point to the original message and say "Check the
  signature." That's proof of what I *actually* said. Unless he can
  produce an original message --signed with my private key-- in which I
  actually did say what he's accusing me of, I'm clear.

It doesn't matter if I choose Jesus H. Christ as my identity for the
key. It simply indicates that all the messages signed with that
particular key really do originate from the same person, the keyholder.

>    ( In fact, someone could forge your PGP sig  because most people don't
>      have the software, and do you MORE harm that way. How would you prove
>      which of  two nearly simultaneous posts with the EXACT same PGP
>      sig on them was the real one. )

Did you actually *read* the references you were provided?
I get the feeling I'm arguing about cryptography with someone who has
never heard of a checksum...
If you copy the PGP sig onto a different message (or alter a signed
message) then the signature no longer matches the message and anyone
who checks the sig will get a pointed warning to that effect.
How would I prove it?  I would point out "that message is not from me,
check the signature!" Anyone who trusts a crypto signature without
having the software to verify it is too stupid to be allowed access to
a computer system.

> 2) They are a an extreme violation of netiquette

I don't know where you've been learning your netiquette. PGP-signed
messages have been widely regarded as acceptable (if not preferable)
for *at least* the past decade.

> 3) They are a waste of bandwidth on several levels

My signature shows up as a 0.2k attachment. Unless you're still using a
50 bps telephone-cradle type modem, I can't see that being a bandwidth
issue.  Really.

> 4) They make posts hard to read and ugly.

Only if you're reading them on a badly broken client (or User-Agent if
you prefer the term).
A properly designed program *even if it doesn't know PGP* will just
display the message text, leaving the signature alone it its own
Under my setup with mutt, the signature is automatically checked, and
each signed message is prefaced with a brief header telling me whether
the signature is valid (and matches the message contents) or not.
The very essence of convenience.

Of course, the old-fashioned "in-line" type of signature does add a few
lines in the body of the message, but those are (AFAIK) widely regarded
as deprecated, in favour of PGP-MIME with the sig as a separate

>   -ScruLoose-   |     He that breaks a thing to find out what it is     <
>  Please do not  |              has left the path of wisdom.             <
> reply off-list. |                    - J.R.R. Tolkien                   <

Attachment: pgp3v8mbTmiGg.pgp
Description: PGP signature

Reply to: