On message signing and Enigmail...

Mark H. Wood mwood at IUPUI.Edu
Thu Feb 2 16:13:40 CET 2012


On Wed, Feb 01, 2012 at 09:26:18PM +0000, gnupg at lists.grepular.com wrote:
> On 01/02/12 21:12, Doug Barton wrote:
> >> I've posted using the same key on probably a dozen mailing lists,
> >> I use it for all of my personal and work email. I use it to sign
> >> all of the comments on my blog. I use it to sign the front page
> >> of my website. There is very definite and obvious value in using
> >> the same key in multiple places to establish the connection
> >> between your key and your identity. Mailing lists are just
> >> another one of these places.
> > 
> > The only thing what you're doing proves is that at the time those
> > things were posted someone had control of the secret key, and that
> > the messages weren't altered after they were signed. Beyond that
> > everything is speculation.
> 
> If you see somebody posting on another list using the same key that
> I've been using to post on this list, then you know it's the same
> person. If you come across my website and find the content on it
> signed by my key, you can connect my postings on this list with my
> website. And so on.

Well, no; what you know is that someone with access to the private key
and passphrase did it.  If someone steals your private key and
passphrase, they no longer uniquely identify you.  Signatures can't
protect against this form of imposture.

But they *can* protect against someone else simply creating another
key with the same name in it.  Not by themselves.  But the impostor,
in this case, cannot demonstrate control of your private key, and when
challenged, will be shown to be lying if he claims to be the person
who controls your key.

This still doesn't establish that the person named in the certificate
has control of the key, but use of the key to create a signature does
create evidence which can be investigated.  Someone could visit you in
person and ask you to create a recognizable signed object in his
presence using the same key.  If you can, then you are a person who
could have created the other signature.  If there is no evidence that
anyone else could have created the other signature, then there is good
reason to believe that you created it, though this is not proof.

Signatures also cannot establish *non*identity, since you could easily
have another key and pretend you don't.  If the key were somehow
produced, you could pretend you don't know the passphrase, and
demonstrate this any number of times by typing anything which is *not*
the passphrase.  This is roughly equivalent to claiming that unsigned
objects don't come from you.  The pattern that you establish is
evidence but not proof.

I would like to say that, while proof settles the matter, evidence
short of proof often has value.  I'm going to continue to sign every
email.  Besides, I'm too lazy to turn it on and off. :-)

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20120202/dbcae104/attachment-0001.pgp>


More information about the Gnupg-users mailing list