Re: [Mailman-Developers] Crypto-sign to post

[Stefan Schlott]

Re-hi,

> I brought this up on the Cairo mailing list recently
> 
> and Carl Worth brought up the idea of a simple option to accept any post
> that's cryptographically signed, regardless of subscriber status.  I
> liked this idea for several reasons.
>
> 1. I've never seen signed spam
> 2. Most mail programs have some way to sign mails
> 2. When spammers do start signing spam it allows a straightforward
> transition to a real web-of-trust style model.

I already received some spam messages including GPG markings. They were fake,
of course; they were used to fool simple scoring systems (e.g. if message
contains "BEGIN PGP SIGNED MESSAGE", it is most likely no spam).

As you mentioned, signing of a message is easy; so it is easy to sign a spam
message, too. The problem is: Which key is used to sign the message, and how
do you determine whether a key belongs to a spammer or to an ordinary user?
The signature alone does not solve your problem.

The (only?) way to tell the mailing list that your key is to be trusted is the
same procedure as usual: Register before post. The advantage you'll gain by
verifying signatures is independence of the sender's address:
- Sender spoofing becomes impossible (the signature cannot be forged)
- No more hassle with different mail accounts (as long as the signature
verifies, the ml will deliver the mail regardless of the sender's address)

Follow-up problem (or implementation detail, call it as you like it): Message
freshness and partially signed messages. A spammer could capture a signed mail
and repost it to a list; the spam message could be inserted at an unsigned
part. If the list checks if some part is signed, the spam will be delivered;
if the list verifies that the whole message is signed, you might have a lot of
trouble with users using a buggy mail client.

Another possible problem: Verifying a cryptographic signature is a rather
"expensive" operations (in terms of CPU time), on a high traffic server this
will have a severe impact.


Please don't get me wrong: I think using signatures (and probably encryption,
too) is a good idea - I'm just pointing out thoughts we made up when trying to
hack gpg and/or s/mime support into mailman. In course of that project, we
tried to implement a "post if signature verifies", too. If you want to have a
look at it, see:
  http://non-gnu.uvt.nl/mailman-ssls/
My initial efforts for an encrypted mailing list are at:
  http://stefan.ploing.de/linux/gpg-mailman


Stefan.


___
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Developers] Crypto-sign to post

[Steve Huston]

On 11/9/06 5:54 AM, Stefan Schlott wrote:
> As you mentioned, signing of a message is easy; so it is easy to sign a spam
> message, too. The problem is: Which key is used to sign the message, and how
> do you determine whether a key belongs to a spammer or to an ordinary user?
> The signature alone does not solve your problem.

This would be for a project other than Mailman, however there already
exists various blacklists and such which MTAs can use to determine if a
host is likely to be a spammer.  Likewise, I'm sure it wouldn't take
very much to setup a daemon that contains a list of "known spammy keys",
and populate ones GPG keyring with those keys and flagged as untrusted.
 Then it would be a matter of allowing any signed mail from a
non-untrusted key (so either trusted, or unknown).

-- 
Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences
  Princeton University  |ICBM Address: 40.346525   -74.651285
126 Peyton Hall |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
(609) 258-7375  | headlong into mystery."  -Rush, 'Cygnus X-1'
___
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Developers] Crypto-sign to post

[John W. Baxter]

On 11/9/06 2:54 AM, "Stefan Schlott" <[EMAIL PROTECTED]> wrote:

> Another possible problem:

And yet another problem:  the proliferation of different ways to create
signed messages, and recognizing them successfully.

I could sign messages at least three ways just using Apple's Mail.app:
   GPG with a suitable plug-in (what I do) in
 SMIME form
 BEGIN SIGNED MESSAGE form
  Whatever is native to Mail.app (involves getting a [free] personal
certificate from Thawte, and putting it into the keychain.  Signing is
automatic at that point).  I don't know what format that produces--I've been
meaning to find out.

(No, you won't find me on the public key servers--we use this inhouse only.)

I think all traces of the signature need to be stripped after it is used for
verification (but I could be wrong).

All that (and the other problems cited in this thread) aside, I advocated
this idea about 5 years ago, and still favor it.

  --John


___
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Developers] Crypto-sign to post

[stephen]

John W. Baxter writes:

 > I think all traces of the signature need to be stripped after it is used for
 > verification (but I could be wrong).

This should be an option or at least there should be an easy way to
work around it; suppose the message is something like a collection of
checksums for a distro, or a signed patch for projects that use such
things?

However, for general purposes I think that stripping the signature
would be a good idea.  Specifically, I would imagine that even if you
sign "the whole message", this still leaves room for spammish use of
the preamble and trailer (or even the Subject header), while the
signed body of the message is used in a replay attack.

___
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp