Re: [Enigmail] No more "Untrusted Good Signature"s

[Anne Wilson]

On 23/09/2015 10:07, Ludwig Hügelschäfer wrote:
> On 23.09.15 10:53, Anne Wilson wrote:
>> On 22/09/2015 19:43, Doug Barton wrote:
>>> On 9/22/15 11:30 AM, Patrick Brunschwig wrote:
 The state doesn't depend on whetherthe key is expired or 
 revoked_today_. What matters is whether the key was valid at
 the time of signature creation.
>> 
>>> ... unless the key was revoked because it was compromised.
>> 
>> The Details box tells me that part of it was signed by an
>> untrusted good signature from Douglas Barton.
>> 
>> OK - I understand - I think.  But a new user?  Part of the
>> message? What part?
> 
> Enigmail shows the following markers:
> 
> | * *BEGIN ENCRYPTED or SIGNED PART* * | (...) |
> ** *END ENCRYPTED or SIGNED PART* **
> 
I've seen similar, though I can't recall exactly how/where :-)  Call it
a senior moment.  Anyway, I read in Thunderbird, and what I see is the
attached.  (If the attachment is too big I'll put it elsewhere - I don't
have much in the way of image editing installed.)

> Anything between is part of the signature. Anything else is not 
> protected by the OpenPGP-signature (including the message headers!).
> 
>> Why part?
> 
> Because the mailing list software automatically adds the following
> footer:
>> ___ enigmail-users
>> mailing list enigmail-users@enigmail.net To unsubscribe or make
>> changes to your subscription click here: 
>> https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
>
>> 
> This is not part of Dougs message when sent and therefore cannot be
> part of his signature.
> 
Makes sense.  In the older times I have seen some mailing list footers
completely invalidate signatures.  On one mailing list I stopped signing
because over and over people asked why they were seeing "bad signature".

Anne


signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[LeRoy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 09/22/2015 03:22 PM, Olav Seyfarth wrote:
> Patrick wrote:
>> The state should depend on whether the key was valid at the time
>>  of signature creation.
> 
> True, but if we change to that, we rely on a (non-signed) header to
> deduct the date.
> 
> Olav

It is my impression that part of the signature contains the time stamp
of the signers computer.

When you use gpg --verify filename on a signed file or a detached
signature you see a plethora of information including whether the
signature verifies or not.

gpg: Signature made Sat 28 Jun 2014 12:48:22 PM EDT using RSA key ID...

Enigmail should not rely on an email header date when verifying a
signature since time of signing the email and sending could be different


- -- 
 Rev. LeRoy D. Cressy  mailto:le...@lrcressy.com   /\_/\
   http://lrcressy.com( o.o )
   > ^ <
   Cell Phone:  267-307-3527

See My posts on facebook and googleplus

Open PGP Key: C34B77CC
gpg fingerprint:  8AD5 35EF 1FDF F1A7 E483  8CCE A50D 4E81 C34B 77CC

For info on enigmail:http://enigmail.mozdev.org/
For info on gpg: http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJWAn4sAAoJEMKLVzZGLW1V4GMQAJY2/mFwYMIqioDDq+khBXVK
qpUuA1xY+2WplJ6xZMvxOMoKNOVb4L7DIfHwzyjpr6ofuUEZJJ78Pri57XDgTdWp
Sm18kHZAcnMMKZwQmEtLzeicGzhoiD4c0E99uRcWYmJMPrbc6dUtA6hWm8bV9141
T0I4R2yrTfaDKMgXiwRG4Na6r/5fqSrfeoKU1b9F4YVR2iGEj0wkfEN9CSdRb7ZA
8ffEdaua6ib0haafcT8o5oTpQe3/jdcRCh3J5px+5a9vsJTRUzu762Mntcl6Sk6s
P/wmvK+r4TDRHc7bbcvz/aEvH+ecJrHRanaNvuAbxZcd8j07sIpAcx/J9naFAY/j
AD06KBWWcQF6usT9k5yAA9E90sK9uRMJy+EhbnMXK8wGiXDnvE/gXdgm1W55QmW1
oyaRvKIJ6As9g0NlsLoEonrcdbHJtGjMPW1CbuWHoWhHh9Gzxtw7rVvVEqZ0h+Lu
RUY49mFzRNvqhNZfCQyVn7v3DVRUe/kPyZILYgrlinXrHSXmZYJkQFFVImgoH0oB
SjRNgjAk1BJlowEVtwkSTWIF2PfyQClBv0hDrqtaRD5gHNbsPwzcPO016A1BnP6/
Rt79WCgv+emYuv6/l9KYmPir6M40n6+0p3LF2WC6STDSk1jzDrcans15Y3vHZNGm
ZuQ3+EvWHiGXkg1GUs94
=z57s
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Mike Acker]

On 09/22/2015 05:59 PM, Robert J. Hansen wrote:
{ snip }
>> it is critical not to cripple this thing by trying to make things too
>> automatic.   we'll end up like SSL/TLS
> By which you mean, what -- we'll become a largely-invisible and
> largely-effective part of the information security ecosystem that's
> responsible for securing billions of dollars a day, and on balance does
> it surprisingly well?
>
> Man, I *hope* we wind up like TLS.  :)
yuk
ssl/tls is a mess: they pass out x.509 certificates like fliers at the
fair and there is no way to tell which are right and which are fake just
by looking at them.everyone is told "don't worry; be happy; you CA
has your back"

but as we know now counterfeits have been introduced into their system
and this is successful because users do not vet their x.509
certificates. it is certainly the case not everyone will want to vet
their x.509 certificates so a configurable option should be made
available.   but it isn't .   and we don't want to end up like ssl/tls:
we want to be able to retain control over what has been authenticated
and what is un-trusted .
>
> ___
> enigmail-users mailing list
> enigmail-users@enigmail.net
> To unsubscribe or make changes to your subscription click here:
> https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

-- 
/Mike




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] Display partly signed messages (was: No more "Untrusted Good Signature"s)

[Ludwig Hügelschäfer]

On 23.09.15 13:12, Anne Wilson wrote:
> On 23/09/2015 10:07, Ludwig Hügelschäfer wrote:
>>
>> Enigmail shows the following markers:
>>
>> | * *BEGIN ENCRYPTED or SIGNED PART* * | (...) |
>> ** *END ENCRYPTED or SIGNED PART* **
>>
> I've seen similar, though I can't recall exactly how/where :-)  Call it
> a senior moment.  Anyway, I read in Thunderbird, and what I see is the
> attached.

Well, actually, I must admit that I didn't look right: When viewing
Doug's message, these markers are _not_ displayed. However, they are
displayed when viewing _your_ message. Difference: Doug's is in PGP/MIME
format, and yours is inline. The signed content is reaching until the
horizontal line, but this is not indicated as it should be. I think we
discussed this earlier on this list, but I cannot find an open bug right
now.

[Footers]
>> This is not part of Dougs message when sent and therefore cannot be
>> part of his signature.
>>
> Makes sense.  In the older times I have seen some mailing list footers
> completely invalidate signatures.  On one mailing list I stopped signing
> because over and over people asked why they were seeing "bad signature".

This should get better when using PGP/MIME format, but this can lead to
very confusing results if there are readers on the list with no PGP/MIME
aware mail clients. On this list, however, PGP/MIME is welcome and
encouraged - we all should have the right software.

Ludwig




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Matthew Woehlke]

On 2015-09-22 14:30, Patrick Brunschwig wrote:
> I think that expired and revoked are mostly irrelevant, and actually 
> ill displayed in Enigmail today. The state doesn't depend on whether
> the key is expired or revoked _today_. What matters is whether the
> key was valid at the time of signature creation.

For *signing*, yes. For *encryption*... then it gets a bit weird.

Encryption with a revoked key should be flagged as a problem *no matter
what*, even for old messages. If the key was revoked because it was
compromised, then any messages sent with that key are potentially
readable by an attacker, regardless if they were sent before the key was
revoked.

Encryption with an expired key is more debatable; expiration doesn't
necessarily mean that the key is compromised, but it also doesn't
necessarily mean that it isn't.

It's probably easiest to show IA state based on the state of the keys
when the message was sent, and show P state based on the *current* state
of the keys.

(There really ought to be a user-adjustable revocation date when
revoking a key, so that one can identify the time at which a key became
compromised.)

-- 
Matthew


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Display partly signed messages

[Ludwig Hügelschäfer]

On 23.09.15 15:40, Patrick Brunschwig wrote:

> We cannot display the borders of PGP/MIME messages. The current
> Thunderbird infrastructure simply does not foresee such a use-case.

Right, thanks for reminding me. This was the outcome of the discussion
starting at:

https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2013-March/000721.html

for reference of the interested.

Ludwig



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Display partly signed messages

[Patrick Brunschwig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 23.09.15 14:30, Ludwig Hügelschäfer wrote:
> On 23.09.15 13:12, Anne Wilson wrote:
>> On 23/09/2015 10:07, Ludwig Hügelschäfer wrote:
>>> 
>>> Enigmail shows the following markers:
>>> 
>>> | * *BEGIN ENCRYPTED or SIGNED PART* * | (...)
>>> | ** *END ENCRYPTED or SIGNED PART* **
>>> 
>> I've seen similar, though I can't recall exactly how/where :-)
>> Call it a senior moment.  Anyway, I read in Thunderbird, and what
>> I see is the attached.
> 
> Well, actually, I must admit that I didn't look right: When
> viewing Doug's message, these markers are _not_ displayed. However,
> they are displayed when viewing _your_ message. Difference: Doug's
> is in PGP/MIME format, and yours is inline. The signed content is
> reaching until the horizontal line, but this is not indicated as it
> should be. I think we discussed this earlier on this list, but I
> cannot find an open bug right now.

We cannot display the borders of PGP/MIME messages. The current
Thunderbird infrastructure simply does not foresee such a use-case.

- -Patrick

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWAqu5AAoJENsRh7ndX2k764AQALiEVVS8KAiOV/zY58Nkz3r0
aFapv2C7hGCYS1ABdjCFqBpF1jZWEwaZv9qWnZV5/kDZ6tJBfzON+PWgacXw8KzJ
DHP58IIndpIJePVzhviclQe1KA3SrqPsf+dOYqLrFgY0Ju5EW9PF9o6Wjekr/KqS
ia9ZMJct/o4ziuQKaZc9rajgpc08sO+mIw90/oVnsn5r+36nEOVIEomTz8GX3bdB
PMby1MgRuhVUR8EDB5WXchXhzT3HcS3dHhwoa5JShQJ/UGUIMmj8WDDzG4S/yHr6
TUQVOGV8WPpIpIMXyNNifvrldap1SJXM4mwQRxff+R6Bm7KYMCWojLR+8e7XzpQi
FNOmZqrMmou0ar7HgkiVlOAcnZj3JUKaKdjk9IhizphD2tA9cJfe8fywlMooufHu
jPl+C6izsp1JiBHEMqxbD3WMGCrcoOcyr0pP5Htf5ERd7nYzDo/P4q0wWibOAhSd
/1Rft9DJzneLEv0hzddyaRAb6CKrDu9jw8w2XNIoaWgaE0ywhVWSNmntOhLV/0zH
1K0CO3MVRVGSEpiRNwpCAfJv6BOuePKUtRcnSfQLgiVOhOcYLcc5Lub3m0sNzjMj
nfTTvskjb3JX6RqvSGDCimxIDSs9vLKyaNOmVs+yA3Cuc86+sGyYSVjyLKgvL0lv
lDH0vAMZqjm01Wys5fau
=MZcV
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> ssl/tls is a mess: they pass out x.509 certificates like fliers at the
> fair and there is no way to tell which are right and which are fake just
> by looking at them.everyone is told "don't worry; be happy; you CA
> has your back"

Sure.  But where is this a flaw of TLS?  It isn't TLS's fault the
browser vendors trust too many CAs, or unreliable CAs.  Your objections
boil down to, "OS vendors and browser manufacturers give trust to CAs
that are not trustworthy, and end-users don't validate certificates."
Both of which are true, and neither of which has anything to do with TLS.

> available.   but it isn't .   and we don't want to end up like ssl/tls:
> we want to be able to retain control over what has been authenticated
> and what is un-trusted .

You might.  Other people might not.  Remember that the Web of Trust is
completely compatible with a CA-style approach.  It was specifically
designed that way.



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> the flaw is in assigning FULL trust to the CA without the user's
> permission.

Might want to bring this up on GnuPG-Users, then, since a future version
of GnuPG is going to switch from WoT to TOFU, and that's *exactly* what
you're talking about here.



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Display partly signed messages

[Anne Wilson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/09/2015 13:30, Ludwig Hügelschäfer wrote:
> On 23.09.15 13:12, Anne Wilson wrote:
>> On 23/09/2015 10:07, Ludwig Hügelschäfer wrote:
>>> 
>>> Enigmail shows the following markers:
>>> 
>>> | * *BEGIN ENCRYPTED or SIGNED PART* * | (...)
>>> | ** *END ENCRYPTED or SIGNED PART* **
>>> 
>> I've seen similar, though I can't recall exactly how/where :-) 
>> Call it a senior moment.  Anyway, I read in Thunderbird, and what
>> I see is the attached.
> 
> Well, actually, I must admit that I didn't look right: When viewing
>  Doug's message, these markers are _not_ displayed. However, they
> are displayed when viewing _your_ message. Difference: Doug's is
> in PGP/MIME format, and yours is inline. The signed content is
> reaching until the horizontal line, but this is not indicated as it
> should be. I think we discussed this earlier on this list, but I
> cannot find an open bug right now.
> 
Going slightly OT, perhaps, but

Now I'm completely confused.  I'm certain I changed a setting
somewhere to use pgp/mime, after reading a thread here, but off-hand I
can't see where.  Not only that, but when I send a message with an
image attached I get a popup asking if the whole message should be
sent with pgp/mime - or is that only encrypted messages? Come to think
of it there is an implication that the whole, text and image, is in
some way "wrapped" before handling.

Sorry for taking up your time, but I am seriously interested, and
hopefully all this will be useful to someone else when searching archive
s.

Anne
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlYC13MACgkQj93fyh4cnBfDQQCeJ/DR1DDyCndeZwGIXDUl5qrj
id0An2ccbuOtdAWQ5p1vqQL2Z8VVhVAM
=6KvT
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Daniel Kahn Gillmor]

On Tue 2015-09-22 12:22:03 -0700, Olav Seyfarth  wrote:
> Patrick wrote:
>> The state should depend on whether the key was valid at the time
>> of signature creation.
>
> True, but if we change to that, we rely on a (non-signed) header to
> deduct the date.

OpenPGP signatures have timestamps in them that are covered by the
cryptographic signature.  This timestamp may or may not align with the
Date: header in the signed e-mail, but that's all the more reason to
use Memory-Hole-style protected e-mail headers.

--dkg

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Daniel Kahn Gillmor]

On Sat 2015-09-19 20:06:39 -0700, "Robert J. Hansen"  
wrote:
>   * *Privacy* is a binary state: yes the message was private
> (encrypted), or no it was not.
>   * *Authenticity*//is also a binary state: we are confident the message
> is authentic, or we are not.
>   * *Identity* is also a binary state: we are confident it came from the
> specified person, or we are not.

The term "authenticity" usually refers to the provenance of something,
or to its origin, at least among the english-speakers i talk to.  I
think the term "integrity" is a closer match to the question "has
something been tampered with or not?"

"authenticity" is also related to the term "authentication", which
refers to establishing someone's identity.

"privacy" is also multiply-defined: for example, for many people,
"privacy" refers to the ability to hide relationships and activity from
someone snooping -- OpenPGP doesn't provide any protection for this sort
of metadata.  Confidentiality is a clearer, narrower word that more
accurately describes the sort of guarantees that OpenPGP tries to
provide.

The triad OpenPGP claims to offer for messages is:

 * message confidentiality (could anyone else have read its contents?)

 * message integrity (was it tampered with?)
 
 * message authenticity (do we know for sure that it came from the
   supposed sender?)

But OpenPGP systems (GnuPG in particular) also offer information ("User
ID validity") about the certificates that hold keying material as well
-- this is tied to the authenticity question, and we have not done a
great job of either:

 (a) explaining how GnuPG understands and models User ID validity, and

 (b) helping users to interact with GnuPG's User ID validity model to
 make GnuPG better reflect the users' actual conception of which key
 belongs to which person they correspond with.

It seems like GnuPG's upcoming work on TOFU might help with (b) at
least, if projects like enigmail can give it a good UI/UX shim.

Other representations of the keyring might also be helpful, as well as
integrating keyring management with the addressbook.

I'm glad we're having these sorts of discussions -- we need them!  But i
think it smells like trouble to use the term "authentic" to mean
"integrity-protected" or the term "private" to mean "confidential".

 --dkg

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Daniel Kahn Gillmor]

On Sun 2015-09-20 11:13:36 -0700, Phil Stracchino  wrote:
> A failed or invalid signature is *cryptographically* equivalent to no
> signature; but it is not *functionally* equivalent.  Because a failed
> or invalid signature means that the sender *tried* to authenticate the
> message, implying that it may have been important to do so.

But it doesn't mean this either.  a failed or invalid signature could
also mean that someone else (an attacker) tried to convince you that the
supposed sender did something, even though you have no idea what it is.

I'm with Robert here on the idea that we should not strive to provide a
strong visual distinction between "bad signature" and "no signature" --
they offer the same level of cryptographic assurance.  If we provide
scary UI that says "signature failed, consider checking with the sender"
and nothing scary when there is no signature at all, then an attacker
who tampers with the message can just strip all indications of a
signature before sending it on to avoid triggering the scary UI.

  --dkg

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Daniel Kahn Gillmor]

On Sun 2015-09-20 05:38:06 -0700, Mike Acker  wrote:
> if you want a third light it could be for the trust level established
> for the senders key:

Please do not confuse the "ownertrust" (which answers the question "am i
willing to rely on identity certifications made by this key?") with any
belief that the keyholder is "trustworthy" in some other sense.  My
friend Alice might be trustworthy in terms of certifying identities
reliably, but she might be a terrible person to rely on to bake a
delicious cake or to write a sensible e-mail.

The user's current task when reading an e-mail is reading e-mail.
Displaying the ownertrust of the keyholder that signed a given e-mail is
a distraction from the user's current task and really has no place in
the default UI.

  --dkg

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Matthew Woehlke]

On 2015-09-23 14:17, Robert J. Hansen wrote:
> I already don't like "authenticity", so you'll have an easy time with
> this one.  I'm not sure "integrity" is a better alternative, though.
> From Google:
> 
> "Integrity: (n) 1. the quality of being honest and having strong moral
> principles; moral uprightness. 2. the state of being whole and undivided."
> 
> dictionary.reference.com gives these three: "1. adherence to moral and
> ethical principles; soundness of moral character; honesty.  2. the state
> of being whole, entire, or undiminished.  3. a sound, unimpaired, or
> perfect condition."

Wiktionary:

2. The state of being wholesome; unimpaired
3. The quality or condition of being complete; pure
4. (cryptography) With regards to data encryption, ensuring that
information is not altered by unauthorized persons in a way that is not
detectable by authorized users.

Now I realize the point of this exercise is to use a *non*-technical
term... but still...

That said, wiktionary defines authenticity as:

1. The quality of being genuine or not corrupted from the original.

-- 
Matthew


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] Display partly signed messages

[Ludwig Hügelschäfer]

On 23.09.15 18:46, Anne Wilson wrote:

> Going slightly OT, perhaps, but
> 
> Now I'm completely confused.  I'm certain I changed a setting
> somewhere to use pgp/mime, after reading a thread here, but off-hand I
> can't see where.  Not only that, but when I send a message with an
> image attached I get a popup asking if the whole message should be
> sent with pgp/mime - or is that only encrypted messages? Come to think
> of it there is an implication that the whole, text and image, is in
> some way "wrapped" before handling.

All your messages in this thread were in inline format except the
message with the picture (dated Wed, 23 Sep 2015 12:12:34 +0100), which
was in PGP/MIME format, maybe because Enigmail asked you when attaching
the picture.

You can change the default format in account settings, OpenPGP tab.
Check or uncheck "Use PGP/MIME by default".

Additional to that, you may have a per-recipient rule for this mailing
list. Enigmail -> Edit Per-Recipient Rules. Enter "enigmail" into the
search box to limit the displayed rules if necessary. Is there any rule?
If yes, is the PGP/MIME setting at "Never" or "Yes, if selected in
message composition"?

> Sorry for taking up your time, but I am seriously interested, and
> hopefully all this will be useful to someone else when searching archive
> s.

This is why we're answering here :-)

Ludwig




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Daniel Kahn Gillmor]

On Wed 2015-09-23 13:28:05 -0400, Robert J. Hansen wrote:
>> the flaw is in assigning FULL trust to the CA without the user's
>> permission.
>
> Might want to bring this up on GnuPG-Users, then, since a future version
> of GnuPG is going to switch from WoT to TOFU, and that's *exactly* what
> you're talking about here.

I think the plan isn't to enforce a switch from the classic GnuPG trust
model to TOFU, but to offer TOFU as a mechanism that can augment the
classic GnuPG trust model.

At any rate, TOFU is definitely *not* the X.509 CA model.

   --dkg

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> That said, wiktionary defines authenticity as:
> 
> 1. The quality of being genuine or not corrupted from the original.

Yep, which is why as much as I dislike a five-syllable word it seems to
me (IMO) to be the best option right now.

"Fidelity" would also work and save us a syllable, but it's a more
exotic word, so I'm not sure that's a shift that would help us much.

"Validity" would be best (in the plain English sense of the word), but
that phrase has been so corrupted in the OpenPGP community that it's
best avoided altogether, I think...


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Anne Wilson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 22/09/2015 19:43, Doug Barton wrote:
> On 9/22/15 11:30 AM, Patrick Brunschwig wrote:
>> The state doesn't depend on whetherthe key is expired or 
>> revoked_today_. What matters is whether the key was valid at the 
>> time of signature creation.
> 
> ... unless the key was revoked because it was compromised.
> 
The Details box tells me that part of it was signed by an untrusted
good signature from Douglas Barton.

OK - I understand - I think.  But a new user?  Part of the message?
What part?  Why part?  Then there's the "untrusted good signature"
which has already had a long discussion.

Anne

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlYCaJsACgkQj93fyh4cnBekewCfUrcREYGSKSiTbODwrfngfd+C
RKUAoIF7q8M/XTKRV/iUc1TOC8fGWRWk
=vXxY
-END PGP SIGNATURE-

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> The term "authenticity" usually refers to the provenance of something,
> or to its origin, at least among the english-speakers i talk to.

I already don't like "authenticity", so you'll have an easy time with
this one.  I'm not sure "integrity" is a better alternative, though.
>From Google:

"Integrity: (n) 1. the quality of being honest and having strong moral
principles; moral uprightness. 2. the state of being whole and undivided."

dictionary.reference.com gives these three: "1. adherence to moral and
ethical principles; soundness of moral character; honesty.  2. the state
of being whole, entire, or undiminished.  3. a sound, unimpaired, or
perfect condition."

Neither reference suggests that integrity is a better choice.  Among
computer security geeks, yes, integrity clearly is the right word to
use; but we have to be careful to speak to regular users in regular
English, not our jargon-heavy security dialect.

But that said, yes, I would love to find an improvement over
authenticity!  :)

(Why do I dislike "authenticity"?  Because it's five syllables long.  A
good principle in UX design is to use shorter words whenever possible:
they frighten people less.  Look at the Thunderbird mail compose window.
 "File", "Edit", "View", "Options", "Enigmail", "Tools", "Help", "Send",
"Spelling", "Attach", "Save", "From", "To", "Subject".  The longest word
in the UI is Enigmail at three syllables.)

> "authenticity" is also related to the term "authentication", which
> refers to establishing someone's identity.

I've never heard anyone outside of the computer security community use
the word "authentication", even in law-enforcement.  When a cop asks me
for my driver's license he says "identify yourself," not "authenticate
yourself".  When sysadmins ask me to authenticate myself to the system,
they usually just tell me to login.  :)

> Confidentiality is a clearer, narrower word that more
> accurately describes the sort of guarantees that OpenPGP tries to
> provide.

Seven syllables.  "Privacy" is three.  If I could find a two-syllable
word, I'd use it.

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Mike Acker]

  
  
I agree.   it is critical
  that good terminology be adopted and then held constant so that
  people can learn to use it.
  
  historically IT had a bad habit of constantly trying new words in
  their attempt to communicate with the un-initiated. that made
  matters worse: people will get hip in their own due time .

On 09/23/2015 04:03 PM, Robert J.
  Hansen wrote:


  
...but still maintain that there is a functional difference between no
signature (nothing to see here; move along) and failed or faked
signature.  Either of the latter may need to be investigated.  The
former need not be, unless you were *expecting* a signature and didn't
get it.

  
  
I'd very much like for this discussion to continue, but I also want some
finality to the discussion, too, so that Patrick can have a fixed target
to implement (instead of trying to make it match an ever-changing
discussion).  It's really easy for good discussions to turn into
bikeshedding arguments: at some time the points have all been made and a
decision needs to be reached.

So.  Assuming for the moment the power of moderating this discussion --
I think we should aim for, shall we say, October 1 to close this?  On
October 1 I write up a sense-of-the-list, give it to Nico and Patrick,
and then we call it done until/unless someone can come up with new and
compelling arguments?


  
  
  
  ___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net



-- 
/Mike
  




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Phil Stracchino]

On 09/23/15 17:04, Robert J. Hansen wrote:
> It's because, 99.9% of the time, a bad signature doesn't mean a hostile
> adversary -- it means a noisy network.  It means an MTA may have mangled
> a PGP/MIME attachment, it means a cosmic ray flipped a bit, whatever.

The former of which is enormously more likely than the latter...   :)

(Since a cosmic bit-flip is likely to affect only a single message,
while a misconfigured MTA will most likely mangle every susceptible
message that passes through it.)

> I need to think about this some.  I think you're right, but not for the
> reasons you set out.  I think the functional difference comes from what
> a bad signature can tell us about the traffic channel itself -- not what
> it tells us about the traffic.

I wasn't thinking about "what it tells us about the traffic" so much as
"even a failed signature conveys information about the sender's intent".
 Whatever the reason for the failure.  But your point about it telling
us about failures in the traffic channel is well made.


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: 603.293.8485



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Mike Acker]

  
  
having spent 30 years in
  the US Army Signal Corps I can tell you that when you challenge
  some one to "Authenticate" you want them to prove they are who
  they say they are .
  
  authenticate is the right word.

On 09/23/2015 03:16 PM, Robert J.
  Hansen wrote:


  
That said, wiktionary defines authenticity as:

1. The quality of being genuine or not corrupted from the original.

  
  
Yep, which is why as much as I dislike a five-syllable word it seems to
me (IMO) to be the best option right now.

"Fidelity" would also work and save us a syllable, but it's a more
exotic word, so I'm not sure that's a shift that would help us much.

"Validity" would be best (in the plain English sense of the word), but
that phrase has been so corrupted in the OpenPGP community that it's
best avoided altogether, I think...


___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net



-- 
/Mike
  




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> ...but still maintain that there is a functional difference between no
> signature (nothing to see here; move along) and failed or faked
> signature.  Either of the latter may need to be investigated.  The
> former need not be, unless you were *expecting* a signature and didn't
> get it.

You know, Phil, I wrote up a long email explaining why I disagreed, and
along the way realized why I agree.  But it's not for the reasons you
specified.

It's because, 99.9% of the time, a bad signature doesn't mean a hostile
adversary -- it means a noisy network.  It means an MTA may have mangled
a PGP/MIME attachment, it means a cosmic ray flipped a bit, whatever.

I don't like the language "bad signature" because people tend to leap
straight to believing Vladimir Putin is reading their emails.  The
Russian Foreign Intelligence Service isn't going to be tampering with
your email and leaving a bad signature on it -- they're going to remove
the signature altogether.  So a bad signature is, in reality, a *really
really awful* way of detecting malicious interference.  And that's what
motivates me to say that, from an attack perspective, we shouldn't draw
much distinction between no signature and a bad signature.

But the information that "the network is mangling things" might be
really useful, particularly for PGP/MIME, which is prone to
network-mangling.

I need to think about this some.  I think you're right, but not for the
reasons you set out.  I think the functional difference comes from what
a bad signature can tell us about the traffic channel itself -- not what
it tells us about the traffic.

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> ...but still maintain that there is a functional difference between no
> signature (nothing to see here; move along) and failed or faked
> signature.  Either of the latter may need to be investigated.  The
> former need not be, unless you were *expecting* a signature and didn't
> get it.

I'd very much like for this discussion to continue, but I also want some
finality to the discussion, too, so that Patrick can have a fixed target
to implement (instead of trying to make it match an ever-changing
discussion).  It's really easy for good discussions to turn into
bikeshedding arguments: at some time the points have all been made and a
decision needs to be reached.

So.  Assuming for the moment the power of moderating this discussion --
I think we should aim for, shall we say, October 1 to close this?  On
October 1 I write up a sense-of-the-list, give it to Nico and Patrick,
and then we call it done until/unless someone can come up with new and
compelling arguments?



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Robert J. Hansen]

> authenticate is the right word.

If we were in the Army, I'd agree. I'd also insist we start calling OpenPGP's 
cipher feedback mode by its Signal Corps term: it's ciphertext autokey mode, 
dammit. :)
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] No more "Untrusted Good Signature"s

[Ian Mann]

On 24/09/2015 6:54 AM, Patrick Brunschwig wrote:
> I'm fine with this approach. I'd suggest that once the deadline is
> over, you create a bug that describes to conclusions.

As a non technically minded user I would like a conclusion and summary so I can 
understand where this is heading, once this discussion is finalised. 

Ian

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net