On Saturday 02 August 2003 12:40, Shachar Shemesh wrote: > >Possible solution: create a test text/file on the spot at the keysigning > > party and require participants to sign it, thus demonstrating they indeed > > have the private key. The problem with this is that everyone would have > > to bring a laptop or have access to an utterly trustable machine, so it > > seems impractical at this point. > > And doesn't add any layer of security. Can you please show an attack > vector?
Thinking it over again, I admit I was wrong - there doesn't seem to be an
exploitable hole - but I was sure I saw something in it yesterday... Oh well.
>
> >2. For some reason, noone seems to use the option of adding a photo to
> > their gpg key. (Except for me that is :-) Why is that? Photos, printed
> > out along with fingerprints on the list Muli handed out today, would make
> > paper ID- based authentication much more reasonable and a solution to (1)
> > far less necessary. Especially since we all know what photos in ID cards
> > are like. Photos in GPG keys can be more easily kept uptodate and similar
> > to our actual appearences. (At least for people with digital cameras...)
>
> And put even more personal data easilly available to everyone on the
> net??? No thanks. Having to put email is bad enough.
Hm. OK, I guess that's right. Everyone makes his own security/privacy rules.
When we get digital IDs+keys though, they'll have photos and we'll have to
publish the public keys, I guess... Does that mean photos of everyone will be
available? To whom? Anyone have any links to info on the government's plans
in this regard?
>
> >3. And finally the biggest problem: people, use your keys! :-) Why do so
> > few people routinely sign their outgoing mail? (Few compared even to how
> > many participants there were in the keysigning party today.)
> >
> >Your key is half-useless if you don't sign everything you do. You can
> > still prove that every signed message comes from you, but you can't prove
> > that some random unsigned message doesn't. Someone can still pretend to
> > be you, or intercept and change your mails.
>
> Signing all outgoing messages is about as bad an idea as signing all
> incoming papers. If you get a signed message from me saying "go ahead
> with the deal" - what does it mean? Which deal was that? Remeber - with
> GPG the mail headers, which include the timestamp, are not signed, and
> can be replayed. No, thanks. I'll sign those messages that I think
> people need to know are really from me. Everything else can be as it is.
>
> Don't forget - in Israel, a digital signature is legally binding.
Interesting... So how do things get interpreted, exactly?
Suppose I post saying 'I'll help write the new version of foobar' and sign it.
Can you then sue me for not helping? Wouldn't a legally binding document need
things like a date, or more than one signature (it takes two sides to make a
contract)? IIRC even documents which only bind one side to do something are
usually signed by witnesses ("this document was signed in front of me by so-
and-so. <sig of witness>") but IANAL...
Does the law hold the position that everything said or written is binding as
long as it can be proved to have been said/written? So that digital sigs
merely prove that I wrote the document in question? Or do they make it more
binding somehow?
--
Dan Armak
Matan, Israel
Public GPG key: http://dev.gentoo.org/~danarmak/danarmak-gpg-public.key
Fingerprint: DD70 DBF9 E3D4 6CB9 2FDD 0069 508D 9143 8D5F 8951
pgp00000.pgp
Description: signature
