> a) usual ("not thought about") email, just as a first hard line of defense
> against forgery
Doesn't work.
Here's the thought experiment I've been using for years. Imagine that I'm a
teaching assistant and I manage to make some of my undergrads very unhappy.
They bomb a test or something, and decide to get back at me. So they sign up
with Stormfront (a notorious hate site) using the one-off email of
robert.j.han...@somewebmailservice.com, create a user account for me there, and
make all kinds of hate-filled racist screeds. They write these things from a
coffeeshop across the street, one where I am often known to sit around and do
my grading while sipping on a latte. Once they have a few weeks of this, they
come to the Dean and say, "you have to fire Mr. Hansen, he's a racist!"
I get hauled into the Dean's office. He's a reasonable man, a mathematician by
training, and he'll give me a fair hearing. I tell him, "Dean, I didn't write
those messages and I don't know who did. But I didn't write them. You can be
sure of that, because they're not signed with my PGP key, and I sign
everything."
The Dean, not a fool, points out, "well, Rob, that doesn't actually mean
anything. These opinions are so incendiary that if I wrote them I would make
it a point not to sign them, either, so that I could repudiate them later. The
lack of a signature means absolutely nothing. The IP address goes to House of
Aromas, the posting times match up with times you were seen in there grading
and drinking lattes. It doesn't look good. I'm going to have to remove you
from teaching duties."
Moral of the story: signatures do not protect against forgeries. They protect
*individual messages* against being *modified without detection*. That's all.
It is very possible to forge traffic from someone, even if they are known to be
a regular user of OpenPGP.
... The other reason this is a nonstarter: you're now increasing the complexity
of the system. OpenPGP already has a learning curve like the Matterhorn.
People just don't want to use it: it requires too much technical knowledge, too
much thinking, too much study. Adding more levels of complexity to it will
just hurt the adoption curve even more.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
