[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 18 Nov 1995 [email protected] wrote:

> On Sat, 18 Nov 1995, jim bell wrote:
> Most people believe THAT a digital signature is evidence that I am who my
> signature _says_ I am when it really doesn't do that at all.  It isn't
> reliable at all. 
> Unfortunately, I've learned the hard way NOT to do that.  Digital 
> signatures don't prevent spoofing.
> In fact, I think that thinking something is secure when it isn't leads 
> to even more trouble, and could even lead to many tragedies.
> In a nutshell, here's the problem.
> If someone takes my pgp secret keyring and my password, then they can 
> sign a message *digitally* so that people believe the spoofed message is 
> really from me.  In fact, since most people tend to rely on a pgp message 
> far more than a non-pgp message, most people would be absolutely 
> convinced that the message was in fact from me.
> Signing with PGP is just not a solution.

  I am planning on changing pine (a mail program on the Unix) to use PGP 
and RIPEM directly, and this is one of the issues I am dealing with.  The 
fact is that if you let someone get your secret keyring and password then 
that is your problem, as both should be secure, esp your password.
  What I am hoping to do is just have every message that is to be signed 
to be signed with the thumbprint (hash?) of the message, and this will be 
put at the bottom of each message, every time, so that it protects from 
any messages being changed, and verifies who sent the message.
  Again we go back to the fact that the weakest link here is *you* not 
  Take care and have fun.  BTW: Once I am done this version of Pine will 
be export controlled it sounds like. :(

James Black
[email protected]