--660480-228480878-1170598549=:5251
Content-Type: TEXT/PLAIN; charset=windows-1255; format=flowed
Content-Transfer-Encoding: 8BIT
Hi Peter,
Read the law:
çå÷ çúéîä àì÷èøåðéú, äúùñ"à - 2001
Shachar's claims are mostly correct.
On Sun, 4 Feb 2007, Peter wrote:
> Date: Sun, 4 Feb 2007 15:38:09 +0200 (IST)
> From: Peter <[EMAIL PROTECTED]>
> To: Shachar Shemesh <[EMAIL PROTECTED]>
> Cc: Ira Abramov <[EMAIL PROTECTED]>, ILUG <linux-il@linux.org.il>
> Subject: Re: ID theft (offtipicish)
>
> On Sun, 4 Feb 2007, Shachar Shemesh wrote:
>
>> Peter wrote:
>>> 3. Digitally sign your email. Not like the peasants do by adding four
>>> lines of gpg crud, put it in a custom header instead.
>
>> Do NOT, under any circumstances, adopt a policy involving digitally
>> signing each and every outgoing email.
>
> You mean *gasp* m$ mail agents which produce a message id that uniquely
> identifies the sender, the machine, the time, and the message are ok, but not
> a signature ?
You can still repudiate these messages by claiming that someone else sent
them from your computer.
>> According to the law in Israel (and in other countries too), digitally
>> signing an email is identical to snail mailing the recipient a letter
>> saying "I hereby commit to doing everything said in this email", bearing
>> your signature.
No, digital signatures are even stronger, they are non-repudiable by law.
Once you sign, that's it. When you sign with a pen you can claim forgery,
not so with a digital signature - that's the law now.
> Can you quote this law please ? Here and 'elsewhere'.
çå÷ çúéîä àì÷èøåðéú, äúùñ"à - 2001
>> Really, really bad idea.
>
> Yeah, really bad. Everyone and their sisters already know you sent the
> message, it is in your logs, it is in the recipient's logs, it is in the ISPs
> logs, and then you deny that you meant to say what you said when they come
> after you because it is not signed ? Really ?
Yes. You can deny it and you have a chance that the judges will accept
your argument. You argue that you left your PC open and your wife with
whom you are initiating divorce proceedings sent the email in order to
take revenge.
> Elbonian laws probably. Digital signatures simply ensure that the sender can
> confirm that he has sent the email as it is (referenced to his - the user's -
> logs, which are not public, and which he can delete at will). The method need
> not be transparent to the recipient (and it should NOT be transparent in
> fact, unless the sender specifically wants to let the recipient to be able to
> check it - under normal circumstances if there is a problem then the
> recipient will check the message with the sender for authenticity), it is for
> use by the sender only in case an email turns up which he did not send and is
> claimed to be by him (or mail that was 'edited'). Like spam often does f.ex.,
> and like phishing tries to do.
>
> Also digitally signing a document doesnt imply anything legal excepting the
> fact that the envelope and the content is more tamper-proof than usually. You
> are probably confusing a registered digital signature that serves as
> authentication with a digital signature (hash, mark and log entry) that
> ensures deniability for the sender while securing the content against
> tampering.
"Digital signing" as used by the general public usually means a digital
signature backed by a cert - this is also the sense used in the text of
the law. In this sense, digital signatures have all of the serious
implications that Shachar mentions and more.
>
> Also to keep spooks and s**t like that on their toes it is every man's duty
> to add a random hash to his outgoing messages. Like X-007: YTfFYyyfDDk676
> (different from time to time of course).
Doesn't fool anyone.
>
> I even added some random noise to the https updates to dyndns for my $HOME
> server ;-)
>
> Ever since ISPs are obliged to keep and transfer logs to law enforcement and
> some search engines cooperate with the law 'preventively' I have
> 'preventively' engaged in deliberate chaffing and I will automate it soon (in
> fact I already did that in part). This implies surfing nonkosher sites,
> actively searching for explosives and poison and smut on the Internet from
> time to time and following links found about that and more. Sometimes I find
> fun stuff.
You underestimate "them". You are just wasting bandwidth.
- yba
--
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- [EMAIL PROTECTED] - tel: +972.2.679.5364, http://www.tkos.co.il -
--660480-228480878-1170598549=:5251--
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
