Re: [openpgp] [messaging] On Signed-Only Mails

ianG <iang@iang.org> Tue, 06 December 2016 18:48 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF22129A98 for <openpgp@ietfa.amsl.com>; Tue, 6 Dec 2016 10:48:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMh4R-unF9vQ for <openpgp@ietfa.amsl.com>; Tue, 6 Dec 2016 10:48:49 -0800 (PST)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B1F5129A8F for <openpgp@ietf.org>; Tue, 6 Dec 2016 10:48:49 -0800 (PST)
Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id 954CE6D7C8; Tue, 6 Dec 2016 13:48:48 -0500 (EST)
To: openpgp@ietf.org
References: <20161129091837.GA25812@littlepip.fritz.box> <1480411542920.18425@cs.auckland.ac.nz>
From: ianG <iang@iang.org>
Message-ID: <f84121d0-d1d7-3f7f-ab5b-48643bfe0ee3@iang.org>
Date: Tue, 6 Dec 2016 13:48:47 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <1480411542920.18425@cs.auckland.ac.nz>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/SUo43L6mtu6n6Pv4YauEgdyfL1M>
Subject: Re: [openpgp] [messaging] On Signed-Only Mails
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 18:48:50 -0000

On 29/11/2016 04:25, Peter Gutmann wrote:
> Vincent Breitmoser <look@my.amazin.horse> writes:
>
>> In some more detail:
>> https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html
>>
>> [...] Signed-Only Mails are Useless [...]
>
> Yup, and it's for exactly the reasons given there that the S/MIME WG decided
> many years ago not to sign messages sent to the list.  Courts, similarly, rule
> on the intent of the signer, not some attached bag of bits (see e.g. Steven
> Mason's excellent "Electronic Signatures in Law").  So while I wouldn't go so
> far as to call them harmful, I'd agree that they're mostly useless, unless
> you're using one to make some special point.


Which gets more to the point - the problem with digital signatures is 
that they mean different things to different people.  Just the crypto 
alone cannot solve that problem.  What is needed is a framework that 
states the meaning of the signature in human terms in a clear way.

This hasn't really been done to my knowledge.  CAs like CAcert have gone 
a long way towards establishing one meaning of a signature.  But the 
"one meaning" thing has also been insufficient;  we really need many 
meanings, and that needs more work.

Bringing it back to the topic, what we are really saying is that 
"signed-only mails will be useless without some context" and in the 
contrary where emails are signed and encrypted, we are actually 
providing some context by implication:  the signature is for 
authentication of the mail sender / key, which is a security statement 
not a legal statement, as is stressed by the inclusion of encryption;... 
  and therefore we can presume that the signature is not for legal 
purposes.  Note that it's still a presumption based on custom not statement.

To put that another way around - when we just do signed emails, are we 
doing an authentication (security) statement or are we intending a legal 
(signing) statement?  It's not clear.  We might be clearer by saying 
that plaintext sigs are more legal and binary ones are more 
authentication, but that's not backed up by any custom or anything.


> Even then, if it's for legal
> purposes, a court will look at almost everything but the signature when
> deciding on its effect.


Right, and now we have the problem that a digsig probably is a lousy 
legal signature anyway, if used without any context.  But does that make 
it not a legal signature?  No.

The closer statement might be:  "signatures don't make their purpose 
clear, and therefore they are often so confusing as to be useless."



iang