> ...but still maintain that there is a functional difference between no > signature (nothing to see here; move along) and failed or faked > signature. Either of the latter may need to be investigated. The > former need not be, unless you were *expecting* a signature and didn't > get it.
You know, Phil, I wrote up a long email explaining why I disagreed, and along the way realized why I agree. But it's not for the reasons you specified. It's because, 99.9% of the time, a bad signature doesn't mean a hostile adversary -- it means a noisy network. It means an MTA may have mangled a PGP/MIME attachment, it means a cosmic ray flipped a bit, whatever. I don't like the language "bad signature" because people tend to leap straight to believing Vladimir Putin is reading their emails. The Russian Foreign Intelligence Service isn't going to be tampering with your email and leaving a bad signature on it -- they're going to remove the signature altogether. So a bad signature is, in reality, a *really really awful* way of detecting malicious interference. And that's what motivates me to say that, from an attack perspective, we shouldn't draw much distinction between no signature and a bad signature. But the information that "the network is mangling things" might be really useful, particularly for PGP/MIME, which is prone to network-mangling. I need to think about this some. I think you're right, but not for the reasons you set out. I think the functional difference comes from what a bad signature can tell us about the traffic channel itself -- not what it tells us about the traffic. _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
