Re: not really pgp signing in van
"John R Levine" <johnl@taugh.com> Tue, 10 September 2013 21:47 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E9B11E8152 for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 14:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KZBChKSGobB for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 14:47:57 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA8411E8137 for <ietf@ietf.org>; Tue, 10 Sep 2013 14:47:56 -0700 (PDT)
Received: (qmail 42380 invoked from network); 10 Sep 2013 21:47:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=a58b.522f938c.k1309; bh=mS5fheEF+YamebVqKb9SK4kgtdZG+BzSR5z/Zk/aDrQ=; b=hPKtQqP2JT0qkQQebwd6vNcrR+IkhwGvX4PAuNuhzbUoBgiiNddqcuIJu/kUf+EbknRFTu2sZlg0rGkY0q0RdbN1CoIkHrUW7CtCinKo2Hh9qgjV8lxElzULpxcf4ll6We+erNZuy7g5Rk3lLE2IjLoDO7ATfn5ybQI6MNUskUEyysK36gTt972K5TOj7FvtHr+bYqS9dL0WPUr6GSKUfkhfe1UKRcB1d9pqQtng+bDgGQ68j13NYBAy4H/RtSEH
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=a58b.522f938c.k1309; bh=mS5fheEF+YamebVqKb9SK4kgtdZG+BzSR5z/Zk/aDrQ=; b=MWN2zyf56Z7ObgoDcixbihVUhfwnOn6nap1dsafSPOMEfCvdECWfbavO8NJPwj9xI7jUn6ZeNPQYAhOOk5b2y+hG3e1J+FbdVTXeJNOHURiCvng9KLEIY9FVVtDz/r0UwCMmEVATxeDNiDklX7ntMPsyDGDWqWsobdXwCPN4NYlYtCFQihNpIk3TxjTUoV6ai+CZ2UslYfSwtq+ZvD61bq3IkNjh5eyEpW8uR9c8OpZPFDol9mCRhy1zawR2stlK
Received: (ofmipd 127.0.0.1); 10 Sep 2013 21:47:34 -0000
Date: Tue, 10 Sep 2013 17:47:55 -0400
Message-ID: <alpine.BSF.2.00.1309101745410.46654@joyce.lan>
From: John R Levine <johnl@taugh.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: not really pgp signing in van
In-Reply-To: <E2ECE63C-D8E4-4A5A-BEA3-295C027D0E71@nominum.com>
References: <20130910010719.33978.qmail@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E234@mbx-01.win.nominum.com> <alpine.BSF.2.00.1309092125360.34090@joyce.lan> <8D23D4052ABE7A4490E77B1A012B63077527E488@mbx-01.win.nominum.com> <CAMm+LwhZ9OKesZW+kFct5Gps6_JBzcNUUBQ-y5J21zMcxmL6EQ@mail.gmail.com> <241D1DD6-C096-49D6-A05B-33638846BF15@nominum.com> <CAMm+LwhhUzDX=AaJXSCkqJofHQ9ZiN11GmCw-reO0OPmNC4fyA@mail.gmail.com> <E2ECE63C-D8E4-4A5A-BEA3-295C027D0E71@nominum.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg="sha1"; BOUNDARY="3825401791-240399118-1378849676=:46654"
Cc: "<ietf@ietf.org>" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 21:47:58 -0000
>> You go to a Web page that has the HTML or Javascript control for generating a keypair. But the keypair is generated on the end user's computer. > > So I run Javascript provided by Comodo to generate the key pair. This means that my security depends on my willingness and ability to read possibly obfuscated Javascript to make sure that it only uploads the public half of the key pair. I think we're entering the tinfoil zone here. Comodo is one of the largest CAs around, with their entire income depending on people paying them to sign web and code certs because they are seen as trustworthy. How likely is it that they would risk their reputation and hence their entire business by screwing around with free promo S/MIME certs? Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly.
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker