Re: A solution remailer signature suppression
Hugh Daniels said here on Dec 28: There are very good reasons to build remailers (and all mail tools) to pass on all the bytes they can, trailing spaces and .sigs included. Hugh doesn't say what these reasons are. They are not obvious to me, so I must disagree. I've already stated what I think are good reasons at least for remailers whose purpose is anonymity to remove automatic sigs which are likley to destroy anonymity. I've said I would accept either a less ambiguous sig delimiter than "--" or a remailer option to remove the sig (default) or leave it in. Might I sugjest that we set up the remailers with a feature where it tests mail sent from its owner to make sure there is no "compromising" content and that the outer shell verifies correctly, if it fails either of these tests it is dumped in a file and a note returned to you saying someings not right. Hugh doesn't say what criteria we are to use to detect "compromising" content (short of genuine AI) or what the outer shell is supposed to verify to. Why limit this test to the remailers "owner"? This system I use doesn't allow me to run my own software, so I think this idea wouldn't work for me, in any case. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca
There are very good reasons to build remailers (and all mail tools) to pass on all the bytes they can, trailing spaces and .sigs included. Hugh doesn't say what these reasons are. They are not obvious to me,
A fair question (though not phrased as one). The reason to build mailers that faithfully pass on the entire body of the message, without any kind of alteration, is that it permits you to send ANY body through that mailer and rely on its faithful arrival at the destination. If there are no exceptions to the "ANY body" rule, programs can assume that the mail system is a black box (you put info in here, it comes out over there -- you don't care about its guts). If there are exceptions, then it becomes more complicated for programs (and humans!) to use the mail system to pass arbitrary information. One of the great things about adding checksums to messages is that mail and news paths which alter messages will be detected and corrected. I think that if PGP is told that something it signs is text, it should canonicalize line endings from the local storage format (whether newlines are CR, LF, or CRLF) and that's it. If a message passes through a system that expands all tabs to spaces, the messages is corrupted and its signature SHOULD not match. Systems which cannot represent strings of ASCII/ISO-Latin-1 text characters separated by line-endings (such as IBM mainframes which assume EBCDIC 80-column records padded out with trailing blanks) cannot be used "in the obvious way" to move signed textual email. The email will have to be encoded to pass through such non-transparent mail systems -- which will be sufficiently painful that eventually the mail systems will be fixed. It's already a pain that most Internet email won't handle a body consisting of arbitrary 8-bit bytes. If they fix that throughout 80% of the Internet, the other 20% will be forced to go along, or forced to receive an endless stream of corrupted binaries, uncheckable signatures, etc, from the fully capable part of the net. John Gilmore PS: I note that my own mailer, MH, inserts an extra newline at the beginning of many messages, and probably to the end as well. A proper body checksum would detect that and report an error.
A further issue relates to stripping signatures. Let's be clear here. ==> IF YOU ARE PRESENTING YOURSELF AS MULTIPLE IDENTITIES, AND EXPECT THEM NOT TO BE LINKED, AVOIDING AUTOMATIC .SIGNATURE FILES IS THE LEAST OF YOUR WORRIES! <== Remove the file ".signature" from your home directory and you'll be done with *that* hassle. John PS: An extra credit note for the differently clued among us: Suppose you wanted to have a *different* signature for each of your multiple identities? I guess the remailers had better not strip off signatures, eh?
count me on the side of those folks who feel that remailers (and mailers, for that matter) should keep their hands off the body of the message. furthermore, any editor that changes a file without being told to (e.g., by stripping blanks) is (imho) broken. edgar, you say:
This system I use doesn't allow me to run my own software, so I think this idea wouldn't work for me, in any case.
that is probably not the sort of system you want to use if you are interested in the privacy and integrity of your work. peter
I also agree that any sort of mailers should pass a message body UNTOUCHED. Next thing you know, people will be advocating that remailers have AI capabilities for stripping out incriminating statements made inside the body. If your mail system is broken enough that it inserts signatures without your permission, and you have no way to controlling it, it's broken. End of statement. Fix it or ditch it. - Ted
participants (4)
-
edgar@spectrx.Saigon.COM -
gnu -
peter honeyman -
tytso@ATHENA.MIT.EDU