All signing does is verify that you're the same person as last time and
allow encrypted replies.
It *does not* provide non-repudiation to an identifiable person.
Case in point for a whistleblower: Snowden.
It took a conversation for him to meet Greenwald and Poitras. That's not
possible unless both parties obtain each other's keys and so can ensure
conversational integrity.
Let me be blunt. By not signing a message the only thing you are doing
is weakening the security of the person you are emailing. You are saying
'My security is fine because the message is encrypted. But their
security - believing that the email is from the same key owner as the
last one - is not important to me'.
I believe that's an insane proposition.
A whistleblower submitting a report where they never intend to respond
should be using a throwaway email address over Tor. And signing an email
from a one time throwaway is fine - the signature is a one time key so
it's irrelevant.
The threat model for exchanging Snowden level documents over email makes
email look absurd. There's a reason Snowden met in person. There's a
whole ton of metadata that email leaks like a sieve.
- Philip Whitehouse
On 2016-11-14 22:08, Mouse wrote:
THERE ARE VALID USE CASES WHEN THE SENDER DOES NOT WISH HIS IDENTITY
TO BE REVEALED - let alone ascertained with non-repudiation. For
example, consider a whistleblower submitting a report.
I didn't think such a question would even come up, so obvious this is.
On Mon, Nov 14, 2016 at 12:44 PM, <[email protected]> wrote:
I didn't manage to make in time before the issue was closed.
We really don't have to use signing to verify the sender's
authenticity. We can use a shared secret for this. This may give us
more flexibility at the expense of no automated checks.
But there is a theoretic case when signing is undesired!
Two people, Alice and Bob, want to rob a bank. Alice has contacts in
the bank and will know in advance when the right time is. So the two
decide that Alice will send an encrypted message to Bob when she
knows. The message will have a trailing "Dammit! Dammit! Dammit!"
string at the end. (this is our shared secret).
Of course Alice doesn't want to sign her message - Bob will verify
that's she by the "Dammit! Dammit! Dammit!" phrase, and if there
were a signature - it would be going to be shown in court if the
message gets decrypted. So, for Alice, the best option is to send an
encrypted message with the shared secret appended.
In other words - sending messages without signing them IS A VALID
SECURITY MODEL PROVIDED WE CHECK THE AUTHENTICITY BY OTHER MEANS.
For example by quoting the previous message - this is a valid shared
secret!
Of course, the Alice and Bob example is not a real life one, but one
can easily deduce a similar case in real life, when one doesn't want
to have a signature so that it's never shown in court.
--
You received this message because you are subscribed to the Google
Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
For more options, visit https://groups.google.com/d/optout [1].
--
Regards,
Mouse
--
You received this message because you are subscribed to the Google
Groups "K-9 Mail" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
For more options, visit https://groups.google.com/d/optout [1].
Links:
------
[1] https://groups.google.com/d/optout
--
You received this message because you are subscribed to the Google Groups "K-9
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
