> Ian Grigg wrote: >> OK. Key distribution is the tricky bit. Good > > Yeah, but the secure AIM thing with autogenerated certificate just means > that if your first connection was not tampered with (MITM), then you > will be safe in the future (tampering would be detected later as > different cert/broken data). Reasonable for me for IM use. It should be > noted that the first connection can be hacked...
Sure. Ya know ... I'd suggest that's a reasonable assumption. Worry about how to deal with the first connection being hacked the day someone reports their first connection was hacked. Or before if one is bored one weekend, but don't let it get in the way of getting unauthenticated key exchange in place. >>>I am not advocating that. Signing is valuable in normal circumstances. >> >> Then we are a long way apart and we'll have to >> shout to get our messages that far ;-) >> >> I don't know too many circumstances where signing >> is valuable. I'm explicitly excluding message >> authentication from that - for that we have alternate >> techniques such as secure MACs so it is not a trivial >> assumption to just say "we sign because we need to >> authenticate." > > Maybe it's my "expanded" thinking again: I think signing is practically > synonymous to providing a nonrepudiatable identity along with message > integrity. If you receive a signed message from me it means nobody > changed it along the way, in addition to being sure it came from me. Right, I'm excluding message integrity. You are basically saying your use case here is that you want to know who sent it. Now this is two things conflated: * the human identity of the sender * the certificate identity of the software Which of the two do you want? Or both? The first is a "hard problem." The second can be dealt with by a number of techniques, but should be presented as authentication rather than signing. (BTW, nonrepudiable identity doesn't exist, it was one of those myths of the 90s where highly aspirated marketing types lost control of reality. If ever you come across it, you know you are in the presence of "security theatre" or hypeware.) > I don't think just saying message was not tampered with en route to be > that valuable. I want to know who wrote it, and that it was not tampered > with. Do people often send you email claiming to be one of your known friends? As it happens this is a relatively recent spam case; spammers farm the lists and send out spam 'From:' the people on the list. (Recent as in 2-3 years.) But, in each case I've ever seen it, it was very obvious. So obvious I never even thought to worry about how to stop it. (The other question was, of course, do you often receive emails that have been tampered with? To be honest, I don't know if I've ever heard of it ever happening.) > If I receive an encrypted message that has not been signed, I give it as > much weight as if it had come in the clear like any other cleartext > email message. ! OK, that's your choice, and I'll fight for your right to make that choice. But .. who's interfering with your messages? Are these devilish people someone we should worry about in protecting Mozilla's "average user" ? > Let's give an example: I discuss some computer over public IRC with my > sys admin. Then he agrees he's going to send me the IP address and login > and password information over email, and asks me to change password as > soon as I log in. Then I receive an email that is encrypted to me, but > not signed. Now what? I can't trust that it came from my sys admin. > Therefore I don't want to try logging in with the info either - who > knows where I'm logging in, and what that would cause. And people > typically have a limited pool of passwords they use, so maybe the email > came from someone who's just trying to figure out what kind of passwords > I usually use. LOL.... OK, that's a "special case" and rather non-average IMHO. I would suggest it doesn't apply to Mozilla's average user base, as they, politely put, do not hang around public IRC channels. Literally, anyone who knows of the dangers of IRC can be expected to be able to arrange matters to do their secure password exchange. We shouldn't be setting up the system to provide to people who are planning on walking throught the valley of death, yeah! ... er, IRC, and then conducting dangerous activity in open view. > On the other hand, if it was encrypted AND signed by my sys admin (whom > I trust), there would be no problem. Ah, so this is a message authentication check. It is not IMO signed. It's simply authenticated as coming from the cert you relate to your sys admin. Perhaps the difficulty here is that the S/MIME app should not say "signed" but should say "authenticated". That might avoid the confusion as to what it means to sign an email. iang _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
