funsec mailing list archives

Re: facebook messages worm

From: der Mouse <mouse () rodents-montreal org>
Date: Thu, 7 Aug 2008 12:41:53 -0400 (EDT)

The *real* problem is that digital signatures for E-mail work in
*exactly the same way* and provide *the same protection* as SSL does
for the Web.

Yes, that's the problem, not the solution statement.


It's also wrong.

SSL is an interactive protocol; signed email isn't.

SSL uses certs and the CA chains they imply.  Some digital signature
schemes for email do, perhaps, but some don't; it certainly is not
inherent in "digital signatures for E-mail".

SSL provides secrecy; signed email doesn't.  (Encrypted email does, but
you said "digital signatures".)

To name just three.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: [Full-disclosure] facebook messages worm Juha-Matti Laurio (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
  - Re: facebook messages worm Martin Tomasek (Aug 07)
    - Re: facebook messages worm Gadi Evron (Aug 07)
    - Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
    - Re: facebook messages worm Valdis . Kletnieks (Aug 07)
    - Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
    - Re: facebook messages worm der Mouse (Aug 07)
    - Re: facebook messages worm Valdis . Kletnieks (Aug 07)
    - Re: facebook messages worm der Mouse (Aug 07)