From: Sean Quinlan <[EMAIL PROTECTED]>
Date: Thu, 06 May 2004 11:13:43 -0400
. . .
I also digitally sign my emails, which I wish more people took advantage
of. I don't know of a virus yet that can fake a gpg signature . . .
The virus wouldn't have to fake it. There is nothing that prevents a
virus author from creating a valid key for a fictitious individual and
signing the initial virus message. You wouldn't be able to find the
key, because it wouldn't exist on any key server (putting it there might
give away the identity of the author), so you could never prove that it
wasn't valid. And just the fact that it was signed and not obviously
invalid would lead many people to drop their guard. Furthermore, as
long as the virus copies the entire *body* of the message exactly, any
signature it had acquired would still be just as valid on subsequent
retransmissions; the checksums don't include the headers, which often
get mangled in transmission. (Never send a signed message that just
says, "Sure, why not?" -- it could be retransmitted with a subject of
"Re: Sell me your house for $1?" !!!)
Another point: Do you really type your passphrase for each and every
outgoing email? If not, and your MUA has been instructed to sign all
outgoing messages with a cached passphrase, then any old virus that
happened to run during the cache lifetime would get your signature for
free. (Full disclosure: My MUA is set to cache my passphrase for 10
minutes, since it usually takes me several attempts to type it. But I
don't sign email routinely.)
You heard it here first (maybe): As soon as idiot-friendly mail
software makes automatic digital signing easy, we will start to see
virus messages with valid signatures from the victims. And heaven help
any idiot who configures their MUA to open signed attachments
automatically. (Present company excepted, of course. ;-)
As another aside, I remember reading a bugtraq post within the last
year or so from someone who said he gave up on verifying signed emails
years ago, because they often failed to verify, usually for stupid
reasons. These days, the mail infrastructure is probably more crypto-
friendly, not least because of MIME, but it's probably still hard to
check signatures routinely.
So there's a chicken-and-egg problem here: Validating signatures is
not very useful, which makes signing not very useful, which means there
aren't many signatures to validate. Which in turn is probably why virus
authors don't bother to fake signatures; I suspect most virus victims
have never even seen a signed email. But all that may be a good thing;
it will postpone the day when people set their passphrase cache lifetime
to 10 years and let viruses sign away the value of their private keys.
If and when that happens, and it might be inevitable, it will dilute the
value of digital signatures generally, which will not be a good thing.
Hey yeah. BTW, anyone want to get to the next meeting early and do some
key signing?
Now *that* would be a good thing.
-- Bob Rogers
http://rgrjr.dyndns.org/
P.S. I'm having a strong sense of deja vu now; have I sent this post
before? Perhaps in a previous life?
_______________________________________________
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm
