On 09/23/15 02:23, Daniel Kahn Gillmor wrote: > On Sun 2015-09-20 11:13:36 -0700, Phil Stracchino <[email protected]> > wrote: >> A failed or invalid signature is *cryptographically* equivalent to no >> signature; but it is not *functionally* equivalent. Because a failed >> or invalid signature means that the sender *tried* to authenticate the >> message, implying that it may have been important to do so. > > But it doesn't mean this either. a failed or invalid signature could > also mean that someone else (an attacker) tried to convince you that the > supposed sender did something, even though you have no idea what it is.
I see your point, ... > I'm with Robert here on the idea that we should not strive to provide a > strong visual distinction between "bad signature" and "no signature" -- > they offer the same level of cryptographic assurance. If we provide > scary UI that says "signature failed, consider checking with the sender" > and nothing scary when there is no signature at all, then an attacker > who tampers with the message can just strip all indications of a > signature before sending it on to avoid triggering the scary UI. ...but still maintain that there is a functional difference between no signature (nothing to see here; move along) and failed or faked signature. Either of the latter may need to be investigated. The former need not be, unless you were *expecting* a signature and didn't get it. -- Phil Stracchino Babylon Communications [email protected] [email protected] Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
