|
List Info
Thread: Hansen's Key
|
|
| Hansen's Key |
|
2006-02-21 02:39:59 |
Curtis wrote:
> How?
You're applying a technological solution to a social
problem. You're
presupposing the existence of trust. I'm not.
In the absence of trust, a signature possesses no value. If
someone
decides to impersonate me, even does it -perfectly-, some
people will be
inclined to trust me and some won't. I've given this
speech before, and
I hope I don't sound irritable, but I'm getting really
tired of giving
it, and I'm not going to give it again.
Let's have the following hypothetical conversation in a
world where I
sign absolutely everything. At some point in the
hypothetical, the
conversation will branch. The left-hand path is the path in
which the
forged message has no signature; the right-hand path is the
path in
which the forged message has a bad signature.
=====
Dean: Hey, Rob, we need to talk.
Me: Sure. What's up?
Dean: Well, it's come to our attention that you're making
posts to hate
sites on the Internet, and we need to look into these
allegations.
Me: Wait, wait, wait a minute. Umm. What? Crap, I need
union
representation here. Crap again--I _am_ the union rep.
Umm. Okay. I
never did anything like that.
Dean: Well, they have your name attached to them. And
reading them,
they sound like you. They even came from the building.
Me: ... from my desktop?
Dean: From the labs where you work.
Me: ... me and about fifty others, including some undergrads
I've flunked...
Dean: At any rate, Rob. They've got your name on them and
they're done
in your style.
Me: ... but that's easy to forge!
Dean: No, it's not.
Me: Markov chaining, dude.
Dean: What? I don't know any guy named Markov.
Me: But I sign everything! Were these messages signed?
===== Split:
Dean: No. But that doesn't Dean: Yes.
prove much, Rob. After all,
I wouldn't want my name attached Me: There you go. The
sigs
to that kind of hate speech, didn't verify, did they?
either.
Dean: No. But that doesn't
Me: But I'm being framed! How am prove much, Rob. After
all,
I supposed to prove I'm innocent? you're smart enough to
mess
up a signature so you could
Dean: Well, we do understand the then claim it wasn't you
who
difficulties you face, Rob. wrote those messages.
===== Rejoin:
Me: So basically, whether there's a bad signature on it or
a missing
signature on it... really doesn't matter at all to you,
does it?
Everything's been preordained?
Dean: Rob, we have to do the responsible thing. And let's
face it.
These are some severe allegations.
=====
A signature which is bad, missing, or otherwise untrusted
simply doesn't
exist. It cannot be used to prove a message was forged; it
cannot be
used to prove a message was not.
Good signatures with trust attached to them are meaningful.
Nothing
else is.
And if you think that hypothetical conversation is in any
way contrived,
you haven't been in academia lately. The only contrived
thing is the
dean not recognizing Markov chaining, since Dean Curto is a
hardcore
math geek.
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 04:03:05 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> Good signatures with trust attached to them are
meaningful.
> Nothing else is.
Exactly. There are only small worthless sigs, and LARGE
worthless
sigs, without some web-of-trust that you trust. This is an
example
of a very large worthless sig.
-----BEGIN PGP SIGNATURE-----
iQQVAwUBQ/qP2SM8yrVQ+jXtAQoPlx//Uks895fgUKIVe+gtSTh6qBQofx+s
EsZ7
WMKQHEPCLdEt0t5+4WhQH5VRrC5grPR9crMuxqFiV02Exaa/0xXLQxKRGwDK
Sq6e
lVMRb3bZpfB0nBbzPLkmtxd/qoIXYAfR9L07yB47TkwiAqaZh0zskjBSL7DT
+GqH
zeT3tDul9ivh0LN/4tYgntR46P62YicPk0rFnueUdF3oy0HeZq7QMvzfyzsF
8E9Z
C7fekxS4tHru30+vkW2oWH4kdZBfIESrACFk+qFeKCh8YEfoBqHkamVfFD08
oY6q
fh4yPYUoH82fIOj5FHjbpPHMM1OGZwr7KOe0V/K9D9ruu7hZgg86F/A9/B9+
2bwu
4tPgoLDMbIh9diF1QMPGnM2ixz/f+pPyKkGie0rM5/+BJhVfpx87T1OcFgfJ
QEme
o8r9KqScJNI0d8yhLVicPEZHwTn4fOHsZiRywJD/gMjK3BaLob6Z4Nph09cw
h1Hg
Qd1YLe/WpVU1q8d357lIFVQPnLeuEHs/40Pmu+9Ee72jJkGCyf7B2WD5wwYM
v3WK
HkfNZbN+DzAufw/othzHOsd/QBpqorG7Q59PH55jKredojYgcQLmXjUmzJmC
klJe
PXAvyeccew5WDODTKslcLOYJTAW5RvzAj/BhnNFaIW0QjEB5l7yRg1F45u2E
Gg8G
6d2d5SiNaP/doFI7wQ015WFK8pl7GmCJ0ix+shcWBf1iDbKoFVL+K0qtLwW7
VB1i
jT/Y6cnxQB8eXccY0WbCLHgfz7RgzP/3aECHNQ1JZKBGCapBrXaeCM1bzXM8
PXmu
gCuJGaX4oHEdMvxZ5BLjoLN0SN640Xe6IvDP3WbScaLH28OcabXoZHno4SNB
tcjW
WhAwP0uLq2SHJpD73wnAe44ZTxWsqlldeUwIENbWVL5DtgDil/g/qfMMbgYq
KhAa
EqL9CCd/E5RokS9YSwK4y0GNMAidyZdV4S2E05Hfz82NfWLra8mGuynMGx4q
90Zq
p0YSy4lAHGPCUJUP0xDMI7Or3O57EqX2iRiZ20RKayeP/1xKe7uNtf2CeFv8
HSjQ
cv1itNO3/ybZ3tZ7D2HQ3sq1DLXsMHqoI7YKlJtQ0KDq4JCg9uH+mRd2Q5+/
Sz9A
N7DoKs0q1f6LJrx5bRNofbZpCrVIYYMyQ8OqhcReC2aF5zvXNN9/vMU3fNqw
5oPk
yRayFKu96JmOJNucH/bse4u2RfhMATsFuT0nZ4uyRUoAZhTCnFsm7WTjlWRp
yo7H
gl3HqG1n506cfMy5fXZrtPtwfeNPw/rCYBEl4heLZ6gXvwFIQxvW7PiiMHjv
JsAo
hvDFjxCIMF7e8JYDkhPv/X98eskxwLgZBGTRgPA3Ji7HBtzn1ccjkQ==
=tMBB
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 04:23:07 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Randy Burns wrote:
> Exactly. There are only small worthless sigs, and LARGE
worthless
> sigs, without some web-of-trust that you trust. This is
an example
> of a very large worthless sig.
>
It is /always/ pleasurable to see anyone using a GnuPG
version that
*I* compiled. However cvs-3989 is 'ancient' by now as
cvs-4007 has
been released as 1.4.3rc1. Contact me off-Group and I'll
send ya
Copy.
JOHN 
Timestamp: Monday 20 Feb 2006, 23:22 --500 (Eastern
Standard Time)
- --
"Shelter", what a nice name for for a place
where you polish your
cat.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: Gossamer Spider Web of Trust: www.gswot.org
iQIVAwUBQ/qVoSIVXNyTGwuwAQIc9BAAvFHONDoOhZGBJ2Q4GsV0fihJgH4m
ez5b
mukckUH9vw3MG8G9q4//dadZRor097cmACJnp863wr6X7Tcf4D74MQ5PpO87
+CsP
PIpKk0icPQfAgRwif6YAJ/US1Aq/jJeX7+5JEVq4KNjC+IucN/lHXBTw9eca
j4JR
KknQlBLDIxU3E7t+pL7y66Z6etdtjTEU5OjfMpQ5O0CUSVjXxj5sl6UMtKX7
RRG/
Hh/hzL4+lR8hxawbrNEvDmHuGclODaCrzXg8Y/U5BQk+GZ0TtWXAVgq0SaUL
87BG
+5AWZDTDpNtXkVZTT47ELgHgaW2CAdDqIsTco5V8xFlQKUPBT1ht3GDQZ6Sb
hdd2
EUGehBVL18NoMggspI66CKphcGRjSmD4mw7w9erXwUMcysRkk+96CWQiL4Uu
w0I9
YmprJLs2KeFHxTjw2KdvSeNFmKbdVIoozwEZenyMM2ST1WwllJEOA7qfSlQJ
/zFS
454OkuL5TjyG504ZKJHTsoBguS4+hiZXMSkUraSpcvfiu/mCgHQV4fqScDuG
aQL5
UyHSZOgz2bwMzp88BuhweDj0nmlS58zGmndLT/AGiIS0zIiQxCuJutX4kJjY
nVfT
LCwuVPE3MiBAEuYNfP9mpBKVENxs3MV82B2cZpOYYA3hmgNiX8KKV10cYdSv
goKm
HB125zP05xE=
=Mun3
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 05:01:30 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: TIGER192
— — ·
——— ·
——— ·
———
— — · Was another beautiful day, 06-02-21, at 20:39:59
-0600,
— — · when Robert J. Hansen wrote:
> In the absence of trust, a signature possesses no
value.
Of course it possesses, and especially in the absence of
trust.
For instance, if someone is prone to lie, even compulsively
and
pathologically, then a signed message will prevent him/her
from denying
what s/he had written, or even if doesn't prevent entirely,
the
signature verified as "Good" will very much make
him/her harder to
falsify the message/document, in order to deny the written.
This prevention is the value of the signature.
- --
Mica
~~~ For personal mail please use my address as it is
*exactly* given
in my "From|Reply To" field(s).
~~~
PGP public keys at: http://blueness.po
rt5.com/pgpkeys/
OSs: Windows 98 SE Micro Lite Professional IVa Enterprise
Millennium
Windows XP(ee) Micro Lite Professional 1.6
Linuxes: Gentoo, Vector, Slackware, ZipSlack and
Xandros
-----BEGIN PGP SIGNATURE-----
iQIVAwUBQ/qepQKNULKiuA8/AQbVCg//WREvRae6O1THYZhfH+x6gbhapxfN
dcVI
1yCOS7rt/73akotzVIBj2JCHzS7K1oSgFJ2XCdic0akQsTyH574ufezcZZr3
7zmk
pyGwpYe0s3sow+8+jATb4Ih8ZsbHtpzgd4MpFj1usw8ezmh5WpHCdLOmhNsQ
G+Ui
58cpGKk74cQw9pTmw35ghXA0QbiScj3ovWS8U9MFyEhuGj1+XTr7Fj+l/g7F
fRRV
MUv7F3KQ26oSCrxo1Jg2dTHOEjUJYtgb9E152xNlTPRR0hSS4HFnHJ6aemem
RIHq
oKhksJkZrjdL2jBlD5UEwkBhAppz1RPG0qiSZZTOFABTEa/TWU0VYDuq0GBf
hSxw
7EpDJTzKYo+7/XuzFue3f78C9xOgKG6bea7OKbmvfXYwUZRmHsFzAjDVTcz5
0q/3
LDMG8r+OzlnOsV2NQmIojlSpiVnTMYK1BOHvBFcqePNv4iWdI5yADI2hRUR+
lcGN
+3Zp0LbzMcaN+uvtrzu27Y08p4h2kp410s/PvHatnL9tSMhIWIW1I2rVgfqJ
gjIB
Hlc5NR/fS+tdMrRbDpPPni4+CewIyu5HhRjkTCDvs7NCtXAm6EXOge5kgrSP
cmGV
lDt4C99ANZMkytYAK4xqyovG2y9iEHG0tGD7pfR/MFvS/PaS4EB6r7/9gBz3
6bUu
0WwjF8FBx4s=
=YsaN
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 07:40:12 |
Mica Mijatovic wrote:
> For instance, if someone is prone to lie, even
compulsively and
> pathologically, then a signed message will prevent
him/her from denying
> what s/he had written, or even if doesn't prevent
entirely, the
> signature verified as "Good" will very much
make him/her harder to
> falsify the message/document, in order to deny the
written.
Sorry, doesn't work that way.
If someone's going to be deceitful, there are ways to
repudiate an
OpenPGP signature. It's fairly trivial and low-cost.
OpenPGP is neither a repudiable nor a nonrepudiable
protocol.
Repudiability doesn't enter into the OpenPGP mechanisms.
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 13:21:26 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: TIGER192
——— ·
———
— —
———
——— Was another beautiful day, 06-02-21, at 01:40:12
-0600,
— — when Robert J. Hansen wrote:
> Mica Mijatovic wrote:
>> For instance, if someone is prone to lie, even
compulsively and
>> pathologically, then a signed message will prevent
him/her from denying
>> what s/he had written, or even if doesn't prevent
entirely, the
>> signature verified as "Good" will very
much make him/her harder to
>> falsify the message/document, in order to deny the
written.
> Sorry, doesn't work that way.
In the real world it works, verily. Those who refuse to sign
their
messages are leaving them for later forgery.
If we were Masters of Universe, then we could make a
"standards" after
our dreams, or NightMares, ordering reality to behave after
them.
This is exactly the reason why on the bag of Superman's
costume reads
that the costume does not make one able to fly.
Just in case, if someone cannot discern difference between
cartoon
movies and the real life. (:
When we are kids, having imaginary friend is very good for
our
psychological integrity. But later, if we still have
imaginary friends,
and we are not aware they are imaginary, then it is no good.
Negative.
Nobody survived a clash with reality no matter how many
imaginary powers
a happy owner of s/he was.
- --
Mica
~~~ For personal mail please use my address as it is
*exactly* given
in my "From|Reply To" field(s).
~~~
PGP public keys at: http://blueness.po
rt5.com/pgpkeys/
OSs: Windows 98 SE Micro Lite Professional IVa Enterprise
Millennium
Windows XP(ee) Micro Lite Professional 1.6
Linuxes: Gentoo, Vector, Slackware, ZipSlack and
Xandros
-----BEGIN PGP SIGNATURE-----
iQIVAwUBQ/sT0AKNULKiuA8/AQaSEQ//Un5iwwWQ0duT1N/Sovr0/kXTjlCQ
9/Fm
SCNAPZ7JkQXlgtxbkdsPfofOc9+nJjUcJllPZBi3CO16GfaPnNdeT0h/Jfl2
dCnx
tIB6k6cqIH+Npdv9b+OyS6z3c6gKp+aN9oPMFlYrkEPATwB3ppvB8dOpShJN
fGGs
zojp4UNDzKiq8+phJ5naqYn1p1x0qYZpHncqVA9gowFzt6GpJjZM9gdjwKgd
y3Xn
SQkpjHYWjPWBAYXYmpzg6BtMjgMpcbrZzCMdIfERnUyRI+KzCWnaqbnL0tdJ
JQ7E
2nuC2d8S+U3WJvFvlSkVRSD4Y2ub5bgeTBLVIE/UORe2wv2ekPMjxnm5+EVl
XN/J
Yjsb6nnu/tlkRKpsuMcSEphEz5tZwOrbyJYukzovJbWlde5eNafzaqyDsS0X
af8s
AfUMHTwKhQRGaw+LqDr0UMXPxSaWQbCSpsLK9O32M3w7EJI8rd3qX9Pog6NY
VTJD
+JlYJiqIan7vtgC5rzYLcODIfDle9iexNUGl0z9LODiTMUyBUiJWFxMShv0/
1UpG
gEQt1eXK2hSrt2Du4tOnIEBjyMDLzsaR3n7YOHvAoCmWbwOz0UV6/U3/tVjN
o2t/
2gDH5EKxH3OzXU/9Oi/ZnyUdrMeSCKv40qGpSMlMRmSgX1hAwSGDi/K6xinC
NRFB
KePFyYEEE28=
=7Req
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 17:11:29 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen wrote:
> OpenPGP is neither a repudiable nor a nonrepudiable
protocol.
> Repudiability doesn't enter into the OpenPGP
mechanisms.
Well, one could technically say the same about an ID or a
passport.
The passport in and of itself doesn't mean anything. One
has to
consider a lot of things before deciding to believe its
authenticity,
i.e., the issuer and how they go about securing their
passports and
their distribution etc. Despite their best efforts their
security may
still be breached as it so often is. People find ways.
However, it
still forms a useful, real world part of how we choose to
verify
identity despite there being well known, and in some
countries, fairly
easily accessible ways of overcoming such security. Not all
find ways.
In fact, the majority don't, and we use other means to
augment the
passport security issues.
I think we do need to separate real world usefulness from
considering
cases of how the security may be breached or made
ineffective without
considering how frequent it actually would be in real world
use. We
often do things to assist security and we attack the
security issue
from multiple angles, OpenPGP being just one element of it,
with full
understanding that it can't and will never be the only
element one
considers.
- --
-= Curtis =-
..."The war isn't the war between the blacks and the
whites, the liberals and the conservatives, or the
Federation and the Romulans. It's between the clueful and
the clueless." (an anonymous poster on cypherpunks
list)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: PGPKey: http://rsakey.aimlink.name
iQEVAwUBQ/tJykbPt+6BXqxCAQgUlwf/Q6XcSv2eC0VoSGCBlNpYPpZdPGAz
Mzuj
0zoS0L5elzpo9NlmBnYUL4Ge3KNkat9ct41WgChVk01/Zv4EmuCMTia5vH3n
mahQ
Hx8+O4rKHK5ihXgI8SWl5NAz4IGKBWexfyqqoxft8e75L05S6h2sTZyVkLI/
KaHi
v6H9zWim3hMeBCFsrAOd6E8s9k01rGl97dAwmiLKxMGPX/50hzNIvv7xTkFz
sG74
u9POrOEQQR970gZa8/itB325UfWZn69rqZAQiDhS9xQ6xZYEY8pzB2kWWOPK
2HZf
tOX+24wM8nJNLTwLsxY2VczvnZZqxtDzH07DaIfimEAjacWUGi9gfQ==
=wcBn
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 20:46:25 |
Curtis wrote:
>>>OpenPGP is neither a repudiable nor a
nonrepudiable protocol.
>>>Repudiability doesn't enter into the OpenPGP
mechanisms.
>
> Well, one could technically say the same about an ID or
a passport.
That's correct. There are lots of caveats and corner cases
involved in
pretty much every aspect of security, and that's the
biggest outstanding
problem in security today--how to eliminate the corner
cases.
> I think we do need to separate real world usefulness
from considering
> cases of how the security may be breached or made
ineffective without
> considering how frequent it actually would be in real
world use.
Estimating attack frequency is a black art at the best of
times, because
it's such a moving target and hard information on it is so
hard to come
by. When cars were being stolen off the street,
manufacturers said "ah,
this is a very frequent attack, so let's make our locks
harder to pick
and make our engines harder to hotwire". They
succeeded in this, but
car theft rates didn't go down as a result... instead,
crimes like
carjackings and home-invasion robberies (to steal the car
keys) became
more common.
When you draft your model of "real world
usefulness", you must consider
that you're in a game (in the math-theoretical sense of
'game'). You
get to select a strategy. All of your opponents then get to
select
their strategy. Your opponents will adapt to what you're
doing. Model
it mathematically and find the Nash equilibria. Select that
strategy.
I make it sound really simple, but the truth of the matter
is it's
incredibly hard--so hard that almost nobody does it, instead
electing
for ad-hoc methods and "well, attackers really don't
do stuff like that,
so...". (And, to be honest, the security
game-theoreticians bring their
own doofus assumptions to the table, too. Nobody's
immune.)
Or, to be more quotable, when you're planning defense,
always invite the
enemy to your deliberations.
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 21:48:50 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mica Mijatovic wrote:
>Robert J. Hansen wrote:
>
>>> Mica Mijatovic wrote:
>>>> For instance, if someone is prone to lie,
even compulsively and
>>>> pathologically, then a signed message will
prevent him/her from denying
>>>> what s/he had written, or even if doesn't
prevent entirely, the
>>>> signature verified as "Good"
will very much make him/her harder to
>>>> falsify the message/document, in order to
deny the written.
>
>>> Sorry, doesn't work that way.
>
> In the real world it works, verily. Those who refuse to
sign their
> messages are leaving them for later forgery.
>
One more time, a valid signature on a message DOES NOT
prevent forgery.
A valid verifiable signature ONLY prevents further
manipulation. There is NO
guarantee that the original signed message is not a forgery.
- --
John P. Clizbe Inet: John (a)
Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID:
0x608D2A10/0x18BB373A
"what's the key to success?" /
"two words: good decisions."
"what's the key to good decisions?" /
"one word: experience."
"how do i get experience?" / "two
words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold
conversations?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc1-4011-2006-02-21 (Windows PIII)
Comment: When cryptography is outlawed,
b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong
Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with SeaMonkey - http://enigmail.mozdev.org
iQIVAwUBQ/uKvyIVXNyTGwuwAQL9dxAAkwAUXngvF2ekDf6klnI3AGqAKfn+
PcNB
DKErx+KsJSZzN5GcJjOR2Rr7wY2DPS4/wxp1Ru9RjGthPlrinvVRdpkW9j8Q
SDVn
krUK6K2zt9BkdxXocllrc4EhsJRemuIxTu3q32UtXciZr6SA1UsiQWsyFiMh
hEfm
ndckMGWwSzyJOmWPhvMXvFEQ6oU5bL7gPBPSfJQFznTlQHPlK7XuZO3+OF5C
pik/
bfI47I/p2/HrmxHnRszn+/jCaIaPRMi3CAGpe0nkCmKRUpk3dUiqUTiLpmIH
4enf
XJ3zGEBfUSP8+ci0PM7ygVR+AnpHss+Lqg34plzdcQNIay7UeoGayYa/IaAc
88hI
57i5caxbijxdI768SCUsPbsaOzn3si5Z+NP8BBYCAa9GZgqnWaFgv6bjX2ch
ypPb
Vjz2VDLXnDQC5tWgG6CriptP5Q6y+eRKFWXm32dmcNSf2+bYUFIpJdeHFIQi
Ph6G
rbGpyU4UeyPmFqFyZqsXf8V/XI1RGzc9zMKgQywiMLzlDet393ovZXZaJ2Og
GUv2
lHfUpH9pSOBHXwx8cCg28tJLrQ6WynKXcDSAiBeHEAr7uKPzSchFMwDcutCM
zXv1
J1DoVPp8O8LJlpzqnvi8eACGMKs8LWffzrF+ZhvhRzDIVBDB/agiOTnbS1t3
iocS
PWg4UwiPJDs=
=VYPg
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
| Hansen's Key |
|
2006-02-21 22:03:40 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen wrote:
>> Well, one could technically say the same about an
ID or a passport.
> That's correct. There are lots of caveats and corner
cases involved in
> pretty much every aspect of security, and that's the
biggest outstanding
> problem in security today--how to eliminate the corner
cases.
Wow! I didn't expect this nod.
So why haven't we done away with passports? Should we do
away with
using them because there are security holes in their use and
distribution that are relatively easily accessible? Do they
still form
a part of the security tools/methods, which will hopefully
together
make for a more secure arrangement than if each measure were
used
alone?
- --
-= Curtis =-
...Oxymoron: Southern Front.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: PGPKey: http://rsakey.aimlink.name
iQEVAwUBQ/uOTUbPt+6BXqxCAQiQgwf/ZuMe7KWRwQeR9I+xkIZhBNjzEMao
JFU1
ZeOSxjAh/eCU2VmjKsgmyTwQ7oEJAq+68EoDQI5AQ0fkPnOr8HudTjtY6k/o
AnSn
85Piksnp2S9t1Zme3g+DHEyuc6inBp0BaUBlLGzn4pHsLRpWSIy8mKCLmgyQ
mhcR
3Dl3bapnHkWeL4jwW0aZZa2b4uftVfQJrSnDggBMScFBM8ZBbUO5IyRobogg
YjxE
n0GsdukpFwg/rpB93rEeTiOCp7OGA7XqlEi0QYEQdJ4miMrTupso27dYMXjd
dNCS
YVvfYMhKLU84at91QzvKLyAjhCf+/0YmfcvTa1HU+LCoyTYq+fQL9Q==
=mZjL
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
|
|
|