Bugtraq mailing list archives
Re: "The End of SSL and SSH?"
From: Stefan Monnier <monnier+lists.bugtraq/news/@RUM.CS.YALE.EDU>
Date: Wed, 20 Dec 2000 13:28:11 -0500
"Perry" == Perry E Metzger <perry () PIERMONT COM> writes:I used to religously sign email's with PGP until I realized that no-one probably checked, how did I know this? I started modifying the email after signing so that it wouldn't verify, no-one ever complained.I'm hardly surprised. The tools to check are hard to use and the need is rarely obvious.
In a previous life I implemented PGP support for the ExMH mail reader. It was written such that PGP-signed mail is checked as a matter of course (if the key is known, it's checked, otherwise a button is popped that allows the user to query the pgp key servers). I've pretty much never reported mismatched signatures, because they were simply too frequent due to brain dead MTAs. Since then the PGP/MIME standard has been introduced and it is supposed to be more robust, but many mail agents still don't support it or support it badly (it's more difficult to implement). So I don't think it's just that the tools are hard to use, but that they are still not robust enough that a mismatch makes me raise my eyebrows. Stefan
Current thread:
- sshmitm, webmitm Dug Song (Dec 18)
- Re: sshmitm, webmitm Samuele Giovanni Tonon (Dec 20)
- Re: sshmitm, webmitm Boris Lorenz (Dec 21)
- "The End of SSL and SSH?" Perry E. Metzger (Dec 20)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 19)
- Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
- Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
- Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
- Re: "The End of SSL and SSH?" Ajax (Dec 20)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 19)
- Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
- Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
- Re: sshmitm, webmitm Samuele Giovanni Tonon (Dec 20)
- Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)