"Steven M. Bellovin" <[EMAIL PROTECTED]> said:
> in the Holy Name of Convenience, many (most?) mailers permit a
> passphrase to be cached for some amount of time. A virus could
> exploit that.
Ok. So, you're reasoning on the assumption that the user and her system
enginer are both incompetent, that the software being used cannot be trusted
and that a virus is potentially already active on the user's system. Under
such assumptions, what do you foresee as a possible solution?
When I said:
>I would hope that any software I use, that is able to put my digital signature
>on some data, would ask me for my pass-phrase every time my private key is
>used.
I meant that these were my requirements for a reliable system. But, unless I
were to be provided with all the sources and took the time to carefully analyze
them, I would, in the end, still be relying on somebody else's "promise" that
the software doesn't do anything stupid with my private key. The least I could
do, though, is to check that the system I use at least pretends to be doing
what I consider safe to do. Still, when I disable scripting in my mail user
agent and my browser, can I be 100% sure that no script will ever be executed?
"Steven M. Bellovin" <[EMAIL PROTECTED]> also said:
> A virus [snip] could wait until you tried sending
> some signed mail, and grab the key then. It could even wait, and
> then pop up its own key window that masquerades as the real one,
> followed by a box saying that you entered your passphrase
> incorrectly, and that you should retry it, in the real prompt. There
> are operating system techniques that can prevent that latter attack,
> such as the "trusted path".
Interesting. Do you have a reference (preferably a URL) that describes the
"trusted path" technique?
Peace,
Bertrand Ibrahim.
--------------------------------------------
[EMAIL PROTECTED]
http://cui.unige.ch/eao/www/Bertrand.html
