[This subthread is becoming increasingly off-topic for comp.lang.c.
Does anyone have objections to moving it to sci.crypt? I'd do it
unilaterally, but I don't want to leave out people who have incomplete
feeds.]
Stephen Sprunk said:
... which means that the recipient must have web access (not
guaranteed) and that the certificate must be kept available (at the
same URL) for as long as anyone could possibly want to verify the
message.
Yes. The latter's not difficult to arrange. CAs could provide download
services for their customers (and actually earn the money they make).
How come you're receiving email or news but don't have a net connection?
More importantly, why do you think it's important to verify that a
(particular, named) someone you've never heard of and are never likely
to meet signed a particular message? If you actually have an /a priori/
relationship with someone, you ought to have a means of obtaining a
certificate in advance. If you don't, you might as well be establishing
a very authentic channel with the adversary.
They are not pointless; it is _your_ opinion that the reason is not
good, but "good" or "bad" is entirely subjective.
No. I've given justifications for my claims, and I'm continuing to do
so.
"Almost everyone" is not good enough for those of us who wish to
communicate securely with people who do not have unfettered web access
24x7. For instance, I read a significant amount of mail and news
while "offline" on planes and such. Many folks in remote locations
_still_ have dialup or wireless services and send/receive their mail
and news in batches. Windows users sitting at home with always-on DSL
access are not the entire world...
Again, there is /no point/ in establishing secure communications with
someone you have no way of identifying. Here, by `identify', I mean
`match up with some other locally meaningful identifying characteristic'
rather than just coming up with a name. It's interesting to know that a
message was signed by your friend, by a representative of some company
you have or plan to have dealings with, by the author of a book or
paper, etc. It's not useful to know that your message was signed by
someone who might be called `Mark Wooding' or `Falcon Kirtaran' because
that doesn't give you any additional information about who the signer
actually /is/.
Ah. Last time I used PGP, it didn't have the option to _not_ include the
certificate
PGP has /never/ included the certificate in its signature. Never, ever,
ever.
but that was back before "keyservers" existed and there was no other
effective solution. Even today, most people do in fact send the
certificate.
Simply false. Many PGP signatures are larger than the one I posted
because they use RSA rather than DSA. This is the only difference.
(Some idiots think that posting their entire public PGP key, with all
the certificates attached, is a good idea. These people receive
justifiable complaints.) Back in the days before key-servers, people
used to provide their public keys through FTP, HTTP or finger (and even
now you can get mine by fingering (e-mail address removed), should you be
interested.)
I have no pity on folks using software that does not understand MIME;
it was first standardized in 1993 and many programs supported it even
earlier.
It was standardized for use in email. I'm not aware of an RFC
sanctioning the use of MIME in news articles. RFC1036 is not marked as
updated or obsoleted. Use in news took much longer, pushed largely by
graphical all-in-one-news/mail clients, and was fought quite vigorously.
I still don't think it's necessarily complete.
That's a problem with X.509 certificates and the PKI model commonly
used with them; the high-level design of S/MIME (securely hash the
message, sign it with a private key, etc.) is the same as PGP.
Oh -- to me, that's a cryptographic detail. The interesting design
stuff is in the key management, and that's where the two differ.
I'm curious what "cruft" it shows you for my signed example message;
my newsreader just puts a little icon in the header bar that shows the
message has a valid signature. Even a non-S/MIME-capable reader
should just show it as an attachment, rather than adding cruft to the
message body.
aptitude install trn2 inn2-inews ... start, find article, ...
It puts a `-=-=-=-=-=-' marker at the top (in standout), and a note
-=-=-=-=-=-
[Attachment type=application/x-pkcs7-signature, name=smime.p7s]
-=-=-=-=-=-
at the bottom (again the markers are in standout). It's certainly less
objectionable than the Kirtaran's PGP cruft (which trn4 shows in full!)
but it's still somewhat annoying. (Standout appears white-on-black,
which is visually distracting.)
-- [mdw]