The only insane part of this conversation is being stuck in one use case and threat model, despite several people screaming otherwise.
I guess you haven't heard of using separate keys for encryption and signature either... Sent from my iPad > On Nov 15, 2016, at 21:31, Philip Whitehouse <[email protected]> wrote: > > All signing does is verify that you're the same person as last time and allow > encrypted replies. > > It *does not* provide non-repudiation to an identifiable person. > > Case in point for a whistleblower: Snowden. > > It took a conversation for him to meet Greenwald and Poitras. That's not > possible unless both parties obtain each other's keys and so can ensure > conversational integrity. > > Let me be blunt. By not signing a message the only thing you are doing is > weakening the security of the person you are emailing. You are saying 'My > security is fine because the message is encrypted. But their security - > believing that the email is from the same key owner as the last one - is not > important to me'. > > I believe that's an insane proposition. > > A whistleblower submitting a report where they never intend to respond should > be using a throwaway email address over Tor. And signing an email from a one > time throwaway is fine - the signature is a one time key so it's irrelevant. > > The threat model for exchanging Snowden level documents over email makes > email look absurd. There's a reason Snowden met in person. There's a whole > ton of metadata that email leaks like a sieve. > > - Philip Whitehouse > > >> On 2016-11-14 22:08, Mouse wrote: >> THERE ARE VALID USE CASES WHEN THE SENDER DOES NOT WISH HIS IDENTITY >> TO BE REVEALED - let alone ascertained with non-repudiation. For >> example, consider a whistleblower submitting a report. >> I didn't think such a question would even come up, so obvious this is. >>> On Mon, Nov 14, 2016 at 12:44 PM, <[email protected]> wrote: >>> I didn't manage to make in time before the issue was closed. >>> We really don't have to use signing to verify the sender's >>> authenticity. We can use a shared secret for this. This may give us >>> more flexibility at the expense of no automated checks. >>> But there is a theoretic case when signing is undesired! >>> Two people, Alice and Bob, want to rob a bank. Alice has contacts in >>> the bank and will know in advance when the right time is. So the two >>> decide that Alice will send an encrypted message to Bob when she >>> knows. The message will have a trailing "Dammit! Dammit! Dammit!" >>> string at the end. (this is our shared secret). >>> Of course Alice doesn't want to sign her message - Bob will verify >>> that's she by the "Dammit! Dammit! Dammit!" phrase, and if there >>> were a signature - it would be going to be shown in court if the >>> message gets decrypted. So, for Alice, the best option is to send an >>> encrypted message with the shared secret appended. >>> In other words - sending messages without signing them IS A VALID >>> SECURITY MODEL PROVIDED WE CHECK THE AUTHENTICITY BY OTHER MEANS. >>> For example by quoting the previous message - this is a valid shared >>> secret! >>> Of course, the Alice and Bob example is not a real life one, but one >>> can easily deduce a similar case in real life, when one doesn't want >>> to have a signature so that it's never shown in court. >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "K-9 Mail" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout [1]. >> -- >> Regards, >> Mouse >> -- >> You received this message because you are subscribed to the Google >> Groups "K-9 Mail" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> For more options, visit https://groups.google.com/d/optout [1]. >> Links: >> ------ >> [1] https://groups.google.com/d/optout > > -- > You received this message because you are subscribed to the Google Groups > "K-9 Mail" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
