From: “Mark M.” <markm@voicenet.com>
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Message Hash: a6e49d1a68a413da6ea7ce1873addf91fb31d82102990088e3edbe46be753ace
Message ID: <Pine.LNX.3.94.960705142635.1291A-100000@gak>
Reply To: <AE02CA43-160FAC@193.239.225.200>
UTC Datetime: 1996-07-05 22:25:58 UTC
Raw Date: Sat, 6 Jul 1996 06:25:58 +0800
From: "Mark M." <markm@voicenet.com>
Date: Sat, 6 Jul 1996 06:25:58 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <AE02CA43-160FAC@193.239.225.200>
Message-ID: <Pine.LNX.3.94.960705142635.1291A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
On 5 Jul 1996, Clay Olbon II wrote:
> Mark M. <markm@voicenet.com> wrote:
>
> >I didn't say that binaries couldn't be signed. I said they couldn't be
> >*clear*-signed. There is a difference between clearsigning and creating a
> >signature certificate that is either concatenated with the data or written
> >to a separate file. If somebody who doesn't have PGP gets a file that is
> >signed by PGP, the file is completely useless to that person.
> >
>
> My mistake. I guess I still don't understand your point however. Of what
> use is a signature on a file to someone who cannot check its validity? It
> seems to me that a separate signature file for a binary would serve the
> same purpose ("gee, it LOOKS like somebody signed it").
A signature is of absolutely no use to someone who doesn't have PGP. However,
somebody who doesn't have PGP can still read this message I am writting right
now. That is why clear-signing is a Good Thing. You are correct that a
separate signature file for a binary is just about the same as a clear-signed
message.(In fact they are the same thing. The only difference is that a
signature of text that is going to be clear-signed is calculated over the text
with CRLF's and dashes and "From_"'s escaped out. The "PGP SIGNATURE" part is
exactly the same as a seperate signature's "PGP MESSAGE".)
OK, now the point of this message: somebody pointed out that if a binary was
clear-signed using an option that would strip it down to 7 bits, the binary
would be corrupted and therefore, such an option on PGP would be a Bad Thing.
Then, I pointed out that not only would there be no point in a clear signature,
since that would make the binary useless to someone without PGP anyway. It
is best to sign a binary and extract the certificate to a separate file, which
you noted above. So an option that would strip data down to 7 bits would not
affect the ability to sign a binary. Such an option would probably be a Good
Thing.
All this is giving me a severe headache. Please excuse any run-on sentences.
- -- Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four. If that
is granted, all else follows." --George Orwell, _1984_
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMd1hMLZc+sv5siulAQHChQP/faS+DKcGht/SxCB+N0UlunSGcAcgUGaw
hX/3qB4pzqwBfCoT6GsMdiQ+wJsSBs7cYm3NMEcPQHNj08cc8Vt5G7lmegjKdhcM
hZBbpscafAnXf/+OcXp8KUIUbGWxEviyKfSskKoQC2IU9m607TRxMG45QHQr59Fc
MEweGyt4Jsk=
=TvfP
-----END PGP SIGNATURE-----
Return to July 1996
Return to ““Mark M.” <markm@voicenet.com>”