-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Bob Rogers wrote: | From: Sean Quinlan <[EMAIL PROTECTED]> | Date: Thu, 06 May 2004 11:13:43 -0400 | | . . . | | I also digitally sign my emails, which I wish more people took advantage | of. I don't know of a virus yet that can fake a gpg signature . . . | | The virus wouldn't have to fake it. There is nothing that prevents a | virus author from creating a valid key for a fictitious individual and | signing the initial virus message. You wouldn't be able to find the | key, because it wouldn't exist on any key server (putting it there might | give away the identity of the author), so you could never prove that it | wasn't valid.
Don't confuse trust with validity. I can have a perfectly valid signature, for someone's identity whom I don't know and/or can't trust. For instance, I could generate a key right now for "Madonna" or "George W. Bush" and use it to sign this message, and the signature would come out absolutely valid, indicating that the message had not been altered/tampered with en route. But chances are, anyone receiving this mail would probably conclude that the trust was bogus.
This is what the web-of-trust addresses. That's why we look for proof of identity when signing other's keys. If I know someone, who knows someone, who ultimately knows the recipient, be it "Madonna" or whomever, then I can *trust* the signature. A good MUA makes doing this easy.
~ And just the fact that it was signed and not obviously | invalid would lead many people to drop their guard. Furthermore, as | long as the virus copies the entire *body* of the message exactly, any | signature it had acquired would still be just as valid on subsequent | retransmissions; the checksums don't include the headers, which often | get mangled in transmission. (Never send a signed message that just | says, "Sure, why not?" -- it could be retransmitted with a subject of | "Re: Sell me your house for $1?" !!!) | You are correct in that the subject is not part of the message digest; the signature attests to the hashed value of the *body* only. This should not obviate the utility of message signing predicated on a bogus and/or corrupt message header. That's why this message body for instance is blanketed by the "----Begin PGP Signed Message----" header/trailer and lists the hash algorithm used (e.g., SHA1)
| Another point: Do you really type your passphrase for each and every | outgoing email? If not, and your MUA has been instructed to sign all | outgoing messages with a cached passphrase, then any old virus that | happened to run during the cache lifetime would get your signature for | free. (Full disclosure: My MUA is set to cache my passphrase for 10 | minutes, since it usually takes me several attempts to type it. But I | don't sign email routinely.) | True. For serious work get yourself a smartcard or iButton and store your private key there. The contents are never transferred off the device as it does all key processing "onboard".
| You heard it here first (maybe): As soon as idiot-friendly mail | software makes automatic digital signing easy, we will start to see | virus messages with valid signatures from the victims.
Only if the keys are comprimised could this transpire. Comprimised keys should be revoked immediately to prevent just this type of occurrence. Of course, one should check key revocations in a timely manner for sensitive transactions.
And heaven help | any idiot who configures their MUA to open signed attachments | automatically. (Present company excepted, of course. ;-) | Very true. Again, don't confuse the validity of the signature with the trustworthiness of the key owners identity.
| As another aside, I remember reading a bugtraq post within the last | year or so from someone who said he gave up on verifying signed emails | years ago, because they often failed to verify, usually for stupid | reasons. These days, the mail infrastructure is probably more crypto- | friendly, not least because of MIME, but it's probably still hard to | check signatures routinely. | Word-wrapping is by far and away the worst culprit, especially with web-emailers (e.g., Hotmail, Yahoo, etc.,). Using a pgp-inline/pgp-mime compliant MUA like Thunderbird, The Bat!, etc., make correct signature handling a snap!
| | So there's a chicken-and-egg problem here: Validating signatures is | not very useful, which makes signing not very useful, which means there | aren't many signatures to validate. Which in turn is probably why virus | authors don't bother to fake signatures; I suspect most virus victims | have never even seen a signed email.
I call this the "Dancing Hamster" scenario: You can sign the executable code, and popup a dialogue box asking if the user really trusts the authenticity, veracity, integrity and Good Housekeeping Seal of some ActiveX control and even flash dire warnings of what could happen to their machine if they install it, but if Fred or Nancy in Accounting get an email offering them the chance to watch a video of "Dancing Hamsters" you can bet your sweet bippee that you'll be getting a support call from them shortly! :-)
Happy Signing!
Wren Thawte Digital Notary (http://www.thawte.com) CAcert Digital Assurer (http://www.cacert.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAmwhkA/qR4Uok1vQRArp7AJ9XlmSCSubkuYBGZ8G7CMM9542k+wCdHeOT fd3XhYdJNb9ACRRVT9PvjQg= =DFKw -----END PGP SIGNATURE----- _______________________________________________ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
