On Sun, 4 Feb 2007, Shachar Shemesh wrote:
Peter wrote:
3. Digitally sign your email. Not like the peasants do by adding four
lines of gpg crud, put it in a custom header instead.
Do NOT, under any circumstances, adopt a policy involving digitally
signing each and every outgoing email.
You mean *gasp* m$ mail agents which produce a message id that uniquely
identifies the sender, the machine, the time, and the message are ok,
but not a signature ?
According to the law in Israel (and in other countries too), digitally
signing an email is identical to snail mailing the recipient a letter
saying "I hereby commit to doing everything said in this email", bearing
your signature.
Can you quote this law please ? Here and 'elsewhere'.
Really, really bad idea.
Yeah, really bad. Everyone and their sisters already know you sent the
message, it is in your logs, it is in the recipient's logs, it is in the
ISPs logs, and then you deny that you meant to say what you said when
they come after you because it is not signed ? Really ?
Elbonian laws probably. Digital signatures simply ensure that the sender
can confirm that he has sent the email as it is (referenced to his - the
user's - logs, which are not public, and which he can delete at will).
The method need not be transparent to the recipient (and it should NOT
be transparent in fact, unless the sender specifically wants to let the
recipient to be able to check it - under normal circumstances if there
is a problem then the recipient will check the message with the sender
for authenticity), it is for use by the sender only in case an email
turns up which he did not send and is claimed to be by him (or mail that
was 'edited'). Like spam often does f.ex., and like phishing tries to
do.
Also digitally signing a document doesnt imply anything legal excepting
the fact that the envelope and the content is more tamper-proof than
usually. You are probably confusing a registered digital signature that
serves as authentication with a digital signature (hash, mark and log
entry) that ensures deniability for the sender while securing the
content against tampering.
Also to keep spooks and s**t like that on their toes it is every man's
duty to add a random hash to his outgoing messages. Like X-007:
YTfFYyyfDDk676 (different from time to time of course).
I even added some random noise to the https updates to dyndns for my
$HOME server ;-)
Ever since ISPs are obliged to keep and transfer logs to law enforcement
and some search engines cooperate with the law 'preventively' I have
'preventively' engaged in deliberate chaffing and I will automate it
soon (in fact I already did that in part). This implies surfing
nonkosher sites, actively searching for explosives and poison and smut
on the Internet from time to time and following links found about that
and more. Sometimes I find fun stuff.
Peter
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
