variadic functions

N

Nobody

My .sig is only three lines. The S/MIME signature is in a separate body
part that, unless you're using a truly ancient newsreader, should be
hidden from view.

If your ISP is like mine, the entire message will be "hidden from view"
(i.e. not available), as the signature constitutes a binary attachment,
and c.l.c isn't a "binaries" newsgroup.
(If anyone can tell me how to get Tbird to make an S/MIME signature
smaller, without getting rid of it entirely, I'll gladly do so.

Get a certificate from a CA that doesn't insist upon embedding two pages
of legalese in the certificate. Or just skip the certificate part
altogether and sign your messages with an "uncertified" key. Does it
actually matter whether some CA says that they believe that you really are
Stephen Sprunk?
 
R

Richard Bos

Flash Gordon said:
I agree it's ridiculous, but I didn't see it because my news reader hid
it for me.

I have a good news _server_. It dropped this article in the bitbucket,
as it damn well should.
Stephen,

It is ridiculous adding that size of signature. With the forgeries that
have happened here, I can understand a desire to sign your messages, but
that really is going a LONG way over the top!

Not to mention that attached binaries don't belong in a text-only
newsgroup, and properly set up servers will drop such articles.

Richard
 
B

bartc

Richard Heathfield said:
In
Is [a big sig] that huge a deal? 10 years ago, yes, okay. Maybe
even five years ago. But what proportion of Usenauts is on dialup
nowadays?

I still use a US Robotics 56k external dial up modem for my internet
connection at home.

That's the second respondent who reports low and costly bandwidth. It
is probably not unreasonable to suppose that there are a handful of
others in that situation too, who haven't spoken up. For such people,
I suppose a big sig /is/ still a big deal in terms of signal bits per
buck.

Might be more than you think. I used 56K dialup until a few weeks ago, as
that was the only option when staying with relatives who have no computers
but a telephone line, and the neighbours were inconsiderate enough to secure
their wifi networks.

Now that laptop has packed up, and the new one has only ethernet and wifi,
neither of which will just work anywhere.
Maybe give it another five years, then.

Maybe, but only because phone jack sockets on computers are disappearing.
 
D

David Thompson

Stephen Sprunk wrote:



I think all you need to do is use a certificate with fewer bits. I'm
guessing you are using a 1024 bit certificate, and I would have thought
256 or even 128 bits would be sufficient for Usenet postings.
Stephen's *key* and thus signature is RSA 2K bits. 1K is adequate for
RSA for now, but not with huge margin; 512 or less has been broken for
years. A decent keygen program should let you select this, but I don't
know about Tbird specifically.

Elliptic-curve methods need less bits; ECDSA a little over 200 is
roughly equal to DSA 2K good enough for medium term, and less than 400
is comparable to 3K for decades -- barring unanticipated breakthroughs
(but are there any other kind?). Checking, I see that 3278 (and 3279)
in '02 standardized SMIME ECDSA (also ECDH and ECMQV, not relevant
here) but not mandatory. I don't know if Tbird implements them, but it
certainly has had time to do so.

ObVaguelyTopic: the crypto is probably written in C. <G>

Almost 200 bytes for P7 SignedAttrs doesn't help either.

But as already said, the real space hog is the cert, which doesn't
need to be sent on each message, and is signed by (a CA key which is)
RSA 4K, probably due to their (asserted) 30year (CA) validity, both of
which are silly. (OTOH it has only 88 bytes of 'legalese'.) Whether
and how you can get Tbird to omit the cert I don't know. It does
violate a SHOULD in 3850, but so do email-in-DN and RSA>2K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top