[plug] Was bun fight about "bad" words.

[Christian]

Firstly, your email client doesn't wrap properly which makes it hard to
read your messages.  If you would fix it then this would be nice... :-)

On Mon, Apr 01, 2002 at 08:53:38PM +0800, Mark Dixon wrote:
> 
> > > There may not be "proof of provenance for email", but it is possible to provide fairly
> > > convincing evidence.
> 
> > 1.  Few people use digital signatures with their email and even fewer
> > still use S/MIME.
> 
> However, many popular products support it.  And even if one does not choose to use it, the e-mail
> client is likely to present an intriguing icon which might attract enough attention for the user to
> poke it.  When poked, you client will tell you all the dirty details about digital sigs &
> certificates, and the quality, or lack of same, in the one attached to the note you are reading.

So what if many products support it?  Most bloated software supports
hundreds of features most people won't use.  Why?  Because they don't
need them and they don't understand them.  This applies tenfold in
relation to digital signatures!  Most users don't believe they really
need them (and they'd be more or less right) and even fewer think they
understand them (and they would have no idea how right they would be!).
It takes a lot more than product support for a concept like digital
signatures to be useful.

As an aside, I don't think much Linux software supports S/MIME.  And
since this is Linux list, I would be quite comfortable challenging your
claim that "many popular products support it".

> > 2.  Most people on this list probably don't know those who have signed
> > your key.
> 
> The "Web of Trust" is based on the concept that the "vendor" (Thawte in the case of my sig) has a
> reputation of requiring notaries that they have vetted check identity documents in a face-to-face
> interview before a certificate is issued with a persons name in it.  So the reader can have some
> confidence in the certificate without knowing the individual notaries involved.

I'm not that familiar with S/MIME so feel free to corrct me.  Does
someone from Thawte sign your key?  Or just some notary?  Who signs the
notary's key?  From where I'm sitting at the end of the day someone will
have to rock up in a Thawte office somewhere (I think they're based in
South Africa) with a whole bunch of identifying papers in order for this
thing to be secure.  Otherwise you're back at the PGP web of trust with
all its advantages and disadvantages.  If so, my original point is still
valid.  (Actually, even if not then the point still applies.)

> > 3.  Of those people who may happen to know them, chances are the
> > certification means little because they don't use encryption (or
> > S/MIME).
> 
> Again, the encryption processes are handled automatically by the client software and the user may
> remain unaware that encryption is occuring.

Then there is no use to the signing process (not encryption).  A major
limitation of public key technology is that it requires the user to
manually check the results and make their own value judgment that the
software cannot make.  You can't visit a site protected with SSL and be
protected.  You HAVE to check the certificate for yourself.  The browser
can't do this for you.  The same applies here.  The client software
can't decide for you whether the signature and key used are in line with
expectations.  You have to apply your own value judgment.  And that's
not even getting started on the effort needed to become part of the PKI
which is anything but transparent! My point still stands.

> > 4.  Of those very few who know them and use S/MIME, even fewer have an
> > authenticated copy of their key.
> 
> The PKI provides processes for verifying the key if the reader desires to do so.  Instructions pop
> up in most clients if the reader shows any interest in doing so (by poking the buttons that warn
> about revokation & validation).

I know where you're coming from.  I was once a naive PKI advocate like
yourself.  The more time you spend working with it, the more you will
see that it just doesn't work like this in the real world.  Software
doesn't solve these problems for you.  Nor do PKIs.  PKIs are this magic
fairy dust that vendors sprinkle over their products to make them
secure.  "Don't worry about it: the PKI will handle it all."  After a
while, you will begin to see it just doesn't work like this.  To help
you on your way, go read some of Schneier's articles.  Someone has
already recommended the "Why Digital Signatures Aren't Signatures" which
is a good one but an even better (and more relevant) piece is the one
"Ten Risks of PKI".

http://www.counterpane.com/pki-risks.html

To verify a key there must be a trusted signature on that key.  A
trusted signature must be made by a key that is verified.  To verify
that key you need a trusted signature on that key.  [Ad infinutum]
Software doesn't solve these problems.  Instead we appoint someone as a
CA and hope everything will be alright.  But this doesn't solve the
circular nature of that problem.  Turning up in South Africa would, but
you haven't done that I suspect.  Once again, my point is still entirely
valid.

> > 5.  No operating system is competely secure (yada yada yada) but since
> > you're using Windows with Outlook Express, there's plenty of chance for
> > your key to be compromised.
> 
> The vulnerability of the opsys and e-mail client does not necessarily compromise the certificate.

No.  But it makes that compromise extremely possible.  You're using a
1024 bit key?  Great!  But your attacker doesn't have to factor that
number.  He just has to break into your computer and steal your private
key after you decrypt it.  Or he can just use your computer (and that
software you love so much) to sign his own arbitrary messages.  You
don't *know* what you're signing.  You just hope and trust that your
software is signing what you told it to.  This is a very real
possibility and is made a particularly frightening one by the fact that,
as you point out, digital signatures have a certain legal validity.

> > The actual usefulness of your key in authenticating you to this list:
> > virtually nil.
> 
> I disagree with your summary statement in that I have challenged the premises that lead to it.

Well, you've challenged them but your challenges are either naively
optimistic in the assumptions on which they are based or  ignore the
substance of the point I was making and don't really address the issue
at hand.

> However, I agree that we would all be wasting our time (or just being posers) if we went about
> signing all our posts to this forum.

Well, we do at least agree on something!

> > I take your point that it's *possible* to set up a PKI such that email
> > is fairly well authenticated.  But Paul's claim of the limited validity
> > of email addresses and names on this list is far stronger.
> 
> Then we are perhaps agreed?  My original point was: "There may not be "proof of provenance for
> email", but it is possible to provide fairly convincing evidence."

Somewhat convincing evidence is possible.  But it would only be
convincing for a select few who had gone to a lot of trouble to set up
the necessary PKI first.  And even then, as my fifth point illustrates,
there is little security to be gained.

Regards,

Christian.

-- 
DSA 0x2A0F80F3: 39F3 4E10 9BE9 E728 A9EE  029C D51D EE53 2A0F 80F3