From: James Black <black@eng.usf.edu>
To: anonymous-remailer@shell.portal.com
Message Hash: ed29372fb6a441e6b7ad36c9634bd2f05ab7ca990a2717efade0f8828dab70c8
Message ID: <Pine.SUN.3.91.951118235430.9209A-100000@kinks>
Reply To: <199511190440.UAA01341@jobe.shell.portal.com>
UTC Datetime: 1995-11-19 05:15:27 UTC
Raw Date: Sun, 19 Nov 1995 13:15:27 +0800
From: James Black <black@eng.usf.edu>
Date: Sun, 19 Nov 1995 13:15:27 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: (CANADIAN PRESS REPORTS)
In-Reply-To: <199511190440.UAA01341@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.951118235430.9209A-100000@kinks>
MIME-Version: 1.0
Content-Type: text/plain
Hello,
On Sat, 18 Nov 1995 anonymous-remailer@shell.portal.com wrote:
> On Sat, 18 Nov 1995, jim bell wrote:
>
> Most people believe THAT a digital signature is evidence that I am who my
> signature _says_ I am when it really doesn't do that at all. It isn't
> reliable at all.
>
> Unfortunately, I've learned the hard way NOT to do that. Digital
> signatures don't prevent spoofing.
>
> In fact, I think that thinking something is secure when it isn't leads
> to even more trouble, and could even lead to many tragedies.
>
> In a nutshell, here's the problem.
>
> If someone takes my pgp secret keyring and my password, then they can
> sign a message *digitally* so that people believe the spoofed message is
> really from me. In fact, since most people tend to rely on a pgp message
> far more than a non-pgp message, most people would be absolutely
> convinced that the message was in fact from me.
>
> Signing with PGP is just not a solution.
I am planning on changing pine (a mail program on the Unix) to use PGP
and RIPEM directly, and this is one of the issues I am dealing with. The
fact is that if you let someone get your secret keyring and password then
that is your problem, as both should be secure, esp your password.
What I am hoping to do is just have every message that is to be signed
to be signed with the thumbprint (hash?) of the message, and this will be
put at the bottom of each message, every time, so that it protects from
any messages being changed, and verifies who sent the message.
Again we go back to the fact that the weakest link here is *you* not
PGP.
Take care and have fun. BTW: Once I am done this version of Pine will
be export controlled it sounds like. :(
James Black
black@suntan.eng.usf.edu
Return to November 1995
Return to “James Black <black@eng.usf.edu>”