[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: signed e-mail

To: <ietf-pkix@xxxxxxx>, <aram@xxxxxxxxxxx>
Subject: Re: signed e-mail
From: "Bob Jueneman" <bjueneman@xxxxxxxxxx>
Date: Mon, 12 Nov 2001 10:14:36 -0700
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Aram,

You mean it wouldn't take a Shakespearean scholar and a computer stylistic analysis program to tell us apart? :-)

And, of course, just because you might be able to trust that the e-mail came from me says nothing at all about whether you should trust the CONTENT of said message. At the (slight) risk of being confused with Lynn, the fact that I sign a check doesn't mean that there is any money in the account.

This is why I said that if I were to routinely digitally sign my mail, I would probably put some legal disclaimers on it. Perhaps this is a philosophical point, but why else would you SIGN something, as opposed to putting your address in a tag line? to answer my own question, I can see three reasons:

1. To make sure that the message arrived unaltered. But this is hardly a sufficient justification -- message mangling, even accidental corruption, is sufficiently rare that most of us would question whether it was even worth the bother of checking the right box, much less deploying an entire PKI system for.

2. To make sure that the message really came from the putative sender, and that someone wasn't playing games. Again, at least in this venue, that isn't a problem, and so it's not worth doing for that purpose alone, IMHO.

3. To make sure that the content of the message really represented the sender intent, by requiring him to go though some formalistic or quasi-ceremonial mechanism -- in my case being prompted to enter the password for my signature key each time. If the e-mail is not a contract, then the signature was presumably intended at the least to be a publicly acknowledged utterance, which the sender would not later attempt to repudiate.

Now granted, maybe we could all benefit from a sluggish Send button from time to time, just to allow time to engage the brain before opening the e-mail mouth, but it isn't clear that this would constitute a sufficient justification for routinely signing e-mail either, at least on a discussion list such as this. Rob Weemhoff privately indicated that IBM was starting to use (or was considering using) signed e-mail when communication with customers or potential customers, and I think that such communications might very well fall into that "I really meant to say this" category.

Bob

>>> Aram Perez <aram@xxxxxxxxxxx> 11/11/01 08:12AM >>>

On Friday, November 9, 2001, at 09:34 AM, Rob G Weemhoff wrote:

> To start with, why are we, as security advocates, not all using signed
> e-mail?

Because we are humans and we trust the Internet mail system. With all
the respect they are due, you can tell the emails that come from Bob
Juneman, Lynn Wheeler, Peter Gutman, Peter Williams, Steve Kent and
others and hence we have an implicit way of verifying and trusting that
the emails did actually come from those persons. And this implicit
verification and trust has nothing to do with any type of PKI.

Just my opinion,
Aram Perez

Prev by Date: Re: Which RFC specifies: E=x@y.z?
Next by Date: Re: Which RFC specifies: E=x@y.z?
Previous by thread: Re: PKI and trust.....(changing topic a bit from secure email)
Next by thread: Re: signed e-mail
Index(es):
- Date
- Thread