Re: [OT] Re: Things we should know about PGP

To: debian-user@lists.debian.org
Subject: Re: [OT] Re: Things we should know about PGP
From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
Date: Thu, 10 May 2012 17:25:38 +0200
Message-id: <[🔎] 1336663538.2307.58.camel@precise>
In-reply-to: <[🔎] jogkvn$qkr$9@dough.gmane.org>
References: <[🔎] 1336563132.7752.25.camel@precise> <[🔎] joe9cc$bci$16@dough.gmane.org> <[🔎] 1336584832.2994.64.camel@precise> <[🔎] joejm2$bci$19@dough.gmane.org> <[🔎] 1336598529.2994.141.camel@precise> <[🔎] jogkvn$qkr$9@dough.gmane.org>

On Thu, 2012-05-10 at 14:56 +0000, Camaleón wrote:
> On Wed, 09 May 2012 23:22:09 +0200, Ralf Mardorf wrote:
> 
> > On Wed, 2012-05-09 at 20:22 +0000, Camaleón wrote:
> 
> >> What is what you understand by "dirty"?
> >> 
> >> I can send the same spam, virus-inside or crap message with a signature
> >> or without it. That changes nothing.
> >> 
> >> 
> > dirty {adj} [fig.] e.g. remove words, add words.
> 
> So you meant that the content of the messages can't become "faked/
> manipulated" when they are signed. If that's what you wanted to say, then 
> yes, signatures are also aimed for that.
> 
> But the problem still remains: in the event you can check the validity of 
> the signature you still can't be sure about its real author.
> 
> >> You can still get false-positives that make the signature cannot be
> >> properly verified so you think the message is not legitimate while it
> >> is.
> > 
> > I did wrote something similar off-list to whomever, but it wasn't only
> > about computers and signing mails:
> 
> (...)
>     
> >         As I already pointed out. Somebody e.g. could hack the view of a
> >         mailing list archive, seemingly signed mails with edited
> >         contend. Than this wrong information is in the Internet,
> >         pretending to be the signed original. The mob will believe this
> >         is absolute truth. They are hungry for absolute truth. This is a
> >         loss of civilization.
> 
> It's even simpler than that, is that any piece of the software involved 
> in the message distribution chain can fail, i.e., they can have bugs that 
> render the signature verification proccess invalid.
>        
> > OTOH there are valid situations to sign messages.
> 
> Of course. Moreover, it should be "a must". 
> 
> As I see it, the concept of verifying the author of a message is 
> completely valid and right, it's the implementation that fails because of 
> the way you have to trust the user you want to validate (human beings 
> have not developed a system to differ between a fake and a true thing, 
> our brains are very limited in that field and also very influenceable by 
> external sources).
> 
> Greetings,

I guess we agree.

 - ralf

Reply to:

References:
- Things we should know about PGP
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- [OT] Re: Things we should know about PGP
  - From: Camaleón <noelamac@gmail.com>
- Re: [OT] Re: Things we should know about PGP
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: [OT] Re: Things we should know about PGP
  - From: Camaleón <noelamac@gmail.com>
- Re: [OT] Re: Things we should know about PGP
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: [OT] Re: Things we should know about PGP
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: [not sure if OT] empty DVD menus with k9copy and devede
Next by Date: Re: screwed up fonts and controls in both Iceweasel and Chromium
Previous by thread: Re: [OT] Re: Things we should know about PGP
Next by thread: Re: Things we should know about PGP
Index(es):
- Date
- Thread