Mark said:
[This subthread is becoming increasingly off-topic for comp.lang.c.
Does anyone have objections to moving it to sci.crypt? I'd do it
unilaterally, but I don't want to leave out people who have incomplete
feeds.]
No objection here; I've added it and set the followup-to appropriately.
Any folks in c.l.c that still care about this subthread can join us
over in sci.crypt.
Yes. The latter's not difficult to arrange. CAs could provide download
services for their customers (and actually earn the money they make).
"Forever" is _very_ difficult to arrange. I can't guarantee I'll be
alive next week, much less ten years from now; how can I guarantee
Thawte (or anyone else) will be serving up my certificate on their web
site then, or even still be in business?
How come you're receiving email or news but don't have a net connection?
Believe it or not, there are folks who still get mail and news via UUCP,
Bitnet, and other non-IP networks. There are also plenty of folks out
there who are behind restrictive firewalls that cannot access arbitrary
web sites.
Even for those of us who have "full" net access, it isn't necessarily
24x7; I often download mail and news before boarding a plane, write
responses en route, and then send them when I arrive at the other end;
if authentication depended on a "live" connection, I wouldn't be able to
verify messages as I read them, making the scheme rather useless.
More importantly, why do you think it's important to verify that a
(particular, named) someone you've never heard of and are never likely
to meet signed a particular message? If you actually have an /a priori/
relationship with someone, you ought to have a means of obtaining a
certificate in advance. If you don't, you might as well be establishing
a very authentic channel with the adversary.
I do business with dozens of people per day that I've never met in
person or even talked to on the phone (and most likely never will).
Assume I have some non-cryptographic way of authenticating them when we
first communicate -- if I need to authenticate them at all, which
sometimes isn't necessary. However, I don't want to (or can't) go
through that every time my phone rings or email dings; knowing the
person X that I authenticated last week is still the same person X is
often valuable, even in cases where knowing the actual identity of
person X doesn't matter.
No. I've given justifications for my claims, and I'm continuing to do
so.
You can justify your opinion all you want, but it's still an opinion.
"Proof by repeated assertion" is not proof, nor can it make an opinion
into fact.
Again, there is /no point/ in establishing secure communications with
someone you have no way of identifying. Here, by `identify', I mean
`match up with some other locally meaningful identifying characteristic'
rather than just coming up with a name. It's interesting to know that a
message was signed by your friend, by a representative of some company
you have or plan to have dealings with, by the author of a book or
paper, etc. It's not useful to know that your message was signed by
someone who might be called `Mark Wooding' or `Falcon Kirtaran' because
that doesn't give you any additional information about who the signer
actually /is/.
There is often a point to that. For instance, imagine a doctor helping
a patient; he is obligated to keep the information confidential, and
part of that may include securing the communications channel, but he
does not need to know the actual identity of the patient (who, due to
his medical condition, wants to remain anonymous). It would be useful,
though, if the doctor could confirm that the patient X calling him today
is (or is not) the same patient X that called last week, so that he
could prevent accidentally disclosing confidential information to
patient Y pretending to be patient X.
Bringing it back to the idea of signing news posts, we recently had an
alleged incident of a troll forging messages from another regular
poster. If he had signed his normal posts, and the forgeries were
unsigned, it would be much easier to believe him. OTOH, he could be
proven a liar if the alleged forgeries were signed with his key. Again,
I don't particularly care about the identity of any given poster; what I
care about is whether two messages came from the _same_ person.
It was standardized for use in email. I'm not aware of an RFC
sanctioning the use of MIME in news articles. RFC1036 is not marked as
updated or obsoleted.
As noted in another message, RFC 1036 says that RFC 822 controls in the
event of a conflict, and RFC 822 has been obsoleted by RFC 2822, which
explicitly mentions support for MIME. To me, that means MIME is
sanctioned for use with news, at least as much as the IETF "sanctions"
anything.
Use in news took much longer, pushed largely by graphical all-in-one-
news/mail clients, and was fought quite vigorously.
.... and futilely. It was inevitable, and even most command-line
newsreaders (which don't do mail at all) implement MIME these days.
I still don't think it's necessarily complete.
The existing specifications are sufficient to implement it properly, and
many folks have, which is the IETF's mission.
Oh -- to me, that's a cryptographic detail. The interesting design
stuff is in the key management, and that's where the two differ.
That "detail" was, I thought, the main point of contention with CBF's
proposal to sign messages with a simple CRC and verify the CRC to
"prove" who sent them
I'm curious what "cruft" it shows you for my signed example message;
my newsreader just puts a little icon in the header bar that shows the
message has a valid signature. Even a non-S/MIME-capable reader
should just show it as an attachment, rather than adding cruft to the
message body.
aptitude install trn2 inn2-inews ... start, find article, ...
It puts a `-=-=-=-=-=-' marker at the top (in standout), and a note
-=-=-=-=-=-
[Attachment type=application/x-pkcs7-signature, name=smime.p7s]
-=-=-=-=-=-
at the bottom (again the markers are in standout). It's certainly less
objectionable than the Kirtaran's PGP cruft (which trn4 shows in full!)
but it's still somewhat annoying. (Standout appears white-on-black,
which is visually distracting.)
Hmm. Well, it's an improvement. I occasionally use a text-based email
program, and it just adds a small indicator that the message has
attachments to the status bar; it doesn't add any cruft to the message
body unless I press a key to see the attachment list.
S