Michael Rigby-Jones wrote:

> Does digital signing really add much when posting to public mailing
> list?  I'm happy to be educated on the point, but I can only see it's
> usefullness for confidential/important emails (not saying the list isn't
> important, but you know what I mean).

It just confirms you really are you -- if I find an open mail relay I 
can send messages to the list that LOOK like they are from you unless 
one examines the headers closely, and even then -- those are not 
definitive, as you might have been travelling, etc.

How many bosses have you surprised this year by sending them an e-mail 
from "president@whitehouse.gov"?  I make it a point as a mail admin to 
remind at least one person above my pay-grade that e-mail as a medium 
for secure or sensitive communications is relatively dangerous, at least 
once a year.  This can be avoided by both digital signatures or the more 
heavy-handed wrapping of the entire message in crypto.

Problem is, e-mail's convenience is so much greater than any perceived 
security or authentication problems, that it's a forever-losing battle.

Probably the biggest risk in public lists is that someone could trash 
your reputation.  Someone masquerading as you could make other people 
mad at you and you'd never know it until they kicked you off the list or 
other consequences happened.  With a proper digital signature system, 
they could have checked to see if it was really you.

It's really amazing that we take it for granted that e-mails to mailing 
lists are from a particular person -- there's virtually no way to really 
determine that.  As a good example for PICList, let's say someone 
decided that they wanted to bother Olin - they could just post to the 
list as Olin through any of the thousands of open mail relays about the 
Net and tick the Admins off again at Olin.  The admins, being human, 
probably never check long headers in such situations, and Olin would be 
in trouble for something he didn't do.  Easy as pie.  Mailing list 
software in general is extremely open to where and what you send it as 
long as your From: header is subscribed to the list.

Of course, the opposite is also true -- there are those who wish to post 
to some lists anonymously, too.  And there are certainly good times and 
places for that to be allowed.

I've been struggling with the "how to get digital signatures more widely 
accepted" thoughts for years -- the only systems that truly work well 
for large groups of people today are the closed systems -- like when a 
corporation mandates that all users will have a specific type of mail 
software, and then they set up appropriate keys for whatever native 
encrypting and signing engine is built into that software.  Many times, 
  just by the sheer size of that company, people that do business with 
them sometimes end up standardizing on the same software.  The problem I 
have with this is that usually that means everyone picks the "lowest 
common denominator" software from a proprietary vendor like Microsoft 
and not a standards-based solution.  One very large group of people that 
has it figured out also is the Debian Linux Project -- at least for 
official package maintainers and developers.  They require a GPG key be 
signed by other Debian people already in the project using proper 
identification techniques during the keysigning and the developer's key 
ends up in their public keyring so it can be used for LOTS of things, 
e-mail signing and encryption being two main uses.  But virtually no 
Debian developer would be caught dead using OE or Outlook, both of which 
can't handle GPG keys very well anyway.

That's another "gotcha" of digital signatures -- the "public" part of 
the framework.  Where does one go to find "anyone's" public key?  There 
are both public PGP/GPG servers as well as "pay for the privelege" 
servers for other types of certificates (like X.509) from places like 
Verisign -- but ultimately none of them is an overall worldwide 
infrastructure anywhere near the size that would be required if 
*everyone* signed all correspondance digitally.

I just realized the tag's still [PIC] on this.  Sorry.  If we need to 
move over to [OT] feel free -- I never know if the person that asked the 
question has [OT] turned on in these scenarios.

--
Nate Duehr, nate@natetech.com
_______________________________________________
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist