-----BEGIN PGP SIGNED MESSAGE----- On Tue, 2 Jul 1996, David F. Ogren wrote:
I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. Atkins) do not seem to PGP clearsign their messages to this list. In fact, a surprisingly small percentage of messages on the C-punk list are signed. This despite the fact that the average subscriber is at least literate in PGP.
Does anybody have any speculation on why this is?
Is it because people consider mundane mail unimportant enough to sign?
This is one reason. I think that there are several other reasons: -- Someone may be using a machine at work or on a multiuser UNIX system which is untrusted and insecure. In the case of a UNIX account, one could compose a message off-line and rz it using a term program, but that is a major hassle. -- Many email programs do not have support for PGP so signing a message often requires a lot of cutting and pasting. -- PGP may not work on the computer a person is using for Internet access or the system might be too slow to use PGP.
Is it because the members of this list are more concerned with encryption than authentication?
I think they are both equally important. The point of public-key cryptography is the ability to communicate with a person without having a secure channel to exchange keys. Once keys can be transmitted using the same medium used for the encrypted traffic, it makes a MITM or denial-of-service attack much easier. There has to be some out-of-band method to authenticate keys. Without authentication, a lot of the security that could be gained by using PK crypto is lost.
Is it because most mail programs are not PGP aware?
I don't know of any mail programs that can use PGP (I know there are various interfaces, sendmail wrappers, and other hacks, but I have yet to see a mailer with an "Encrypt" or "Sign" option.
Is it because of the weaknesses in MD5?
Doubtful. PGP authentication is better than no authentication. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdnnBLZc+sv5siulAQEIpAP/WesfBknwJeUnNIZzYtLkJkqR7hMu2jYz 9migOABikpYDwe0H8Dfn34ff3bab5xncoJ7M8l0HmvrISMjeFp9DpKXT0yJ0rk7a HymHCGyGpJXjQ+snbLoyEQbB4DzcE+BjihSM2upmIMhQbH3paEagc41VwL+udfVA EsWUux6Yato= =8SiH -----END PGP SIGNATURE-----