Hi, Jumping in the discussion here...
From: Chris Garrigues Subject: PGP/GPG signatures Date: Tue, 08 Oct 2002 13:30:18 -0500 > Well, it was just an off the top of my head thought, so I hadn't > followed through. Strictly speaking, it ought to be only those I > can verify, but I can see an argument for allowing anyone who has > properly signed their messages. > > It certainly shouldn't allow those who have a bogus signature on > their message. > > I think these are the cases of interest: > > 1) Valid signed messages from users who are on my key ring. > 2) Valid signed messages from users who aren't on my key ring. > 3) Invalid signatures. > 4) Unsigned mail. > > I'd like #1 to get through without confirmation. > > I actually have my system set up to go to the gpg servers to look > for users in category 2 and add them to my key ring, so I think I'd > like #2 to be treated the same as #1, but other users might want > them to confirm. I wonder if asking them to confirm with their > public key would be unreasonable? > > I think #3 should be rejected. I wouldn't want this to be the case for messages that claim to be from someone on my keyring (at least not until spammers start sucking information off of keyservers and customize their spam according to people who have signed your key) or whitelist. I don't think every PGP user is diligent about creating a new key when an old expires for instance (I believe it would be better if they did, of course). I also have a vague memory of the verification function of either PGP or GnuPG not considering certain valid signatures valid (a bug that's been fixed by now, I believe) -- I wouldn't want to lose such messages. Also, could you clarify which you think should take precedence -- an entry in a whitelist (or explicit mentioning in a TMDA configuration file) or a signed message? My inclination at the moment is that whitelist entries should take precedence. Which brings up a point about the possibility of building a whitelist from a keyring -- or the reverse of trying to find keys for addresses contained in one's whitelist ;-) Slightly off-topic, I had a discussion a while back where the idea of "introducing" someone via a valid PGP-signed message came up. The idea is that if Alice and Bob know each other and Alice knows Jason, Alice can "introduce" Jason to Bob by sending Bob a signed message containing Jason's address (in the signed portion of course). It seems that a mechanism to support this could be implemented using TMDA -- e.g. a valid signed message containing a new email address from a valid introducer gets added to a whitelist. My $.02 _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
