When *not* to sign an e-mail message? - PGP

This is a discussion on When *not* to sign an e-mail message? - PGP ; nemo_outis wrote: [snip] > > And it looks very much to me that the requirements and constraints around > digital signatures (as currently implemented) are such as to consign them > to niche applications rather than broad social adoption. In ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 51 of 51

Thread: When *not* to sign an e-mail message?

  1. Re: When *not* to sign an e-mail message?

    nemo_outis wrote:
    [snip]
    >
    > And it looks very much to me that the requirements and constraints around
    > digital signatures (as currently implemented) are such as to consign them
    > to niche applications rather than broad social adoption.


    In Britain the credit card companies no longer accept handwritten
    signatures. You have to type a 4 digit pin.

    http://www.chipandpin.co.uk/

    No need to move an entire computer, digital signing devices for the
    general public could be placed on credit card like bits of plastic.

    Andrew Swallow

  2. Re: When *not* to sign an e-mail message?

    Andrew Swallow writes:
    > In Britain the credit card companies no longer accept handwritten
    > signatures. You have to type a 4 digit pin.


    credit cards have been "something you have" authentication and the
    hardwritten signature has been demonstration of intent.

    pin-debit has had two-factor authentication, the card as "something
    you have" and the pin as "something you know" ... from 3-factor
    authentication model
    http://www.garlic.com/~lynn/subpubkey.html#3factor

    * something you have
    * something you know
    * something you are

    with the standard pin-debit POS operation, you swipe your card
    ("something you have" authentication) and enter your pin ("something
    you know" authentication, pin/password shared secrets can be
    considered countermeasure to lost/stolen cards).

    the POS then displays the value and asks you to press a yes/agree
    button as a demonstration of intent (the equivalent of the "human
    signature").

    slight topic drift on the chip&pin subject:
    http://www.garlic.com/~lynn/aadsm22.htm#20 FraudWatch - Chip&Pin, a new tenner

    slightly more drift mentioning chip&pin:
    http://www.garlic.com/~lynn/2006d.html#31 Caller ID "spoofing"

    in the magstripe generation of cards ... reading the magstripe was
    proof of "something you have" authentication. however, the magstripe
    was "static data" and was subject to skimming/evesdropping
    vulnerabilities and became fairly straight-forward to generate
    counterfeit cards from the "static data".

    the chip&pin is substituting public key and digital signature
    operation in lieu of reading magstripe ... as proof of "something you
    have" authentication (with the pin still "something you know"
    authentication as countermeasure to lost/stolen card). however, the
    authentication processes (including digital signature) are orthogonal
    to establishing "intent" established by requiring somebody to press a
    button (the "intent" equivalence that is also addressed by human
    signature).

    lengthy discussion, including use of public key and digital
    signatures for establishing proof of "something you have"
    authentication hardware token:
    http://www.garlic.com/~lynn/2006d.html#41 Caller ID "spoofing"

    past posts in this thread ... including discussion of POS pressing
    button as evidence of intent (i.e. human signature) separate
    from authentication processes:
    http://www.garlic.com/~lynn/2006d.html#32 When *not* to sign an e-mail message?
    http://www.garlic.com/~lynn/2006d.html#33 When *not* to sign an e-mail message?
    http://www.garlic.com/~lynn/2006d.html#34 When *not* to sign an e-mail message?
    http://www.garlic.com/~lynn/2006d.html#36 When *not* to sign an e-mail message?

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  3. Re: When *not* to sign an e-mail message?

    Andrew Swallow wrote in
    news:dun1o3$2cm$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com:

    > nemo_outis wrote:
    > [snip]
    >>
    >> And it looks very much to me that the requirements and constraints
    >> around digital signatures (as currently implemented) are such as to
    >> consign them to niche applications rather than broad social adoption.

    >
    > In Britain the credit card companies no longer accept handwritten
    > signatures. You have to type a 4 digit pin.
    >
    > http://www.chipandpin.co.uk/
    >
    > No need to move an entire computer, digital signing devices for the
    > general public could be placed on credit card like bits of plastic.
    >
    > Andrew Swallow




    With this system the PIN becomes the key of a (remarkably primitive) de
    facto digital signature system.

    Now I'm hardly surpised that corporations are pushing for such digital
    signatures (even crippled ones like this). It is part of a more general
    push in society by the rich, powerful and well-organized (e.g.,
    corporations) to transfer and foist burdens and risks on those without
    such attributes (e.g., consumers).

    Under present law in many jurisdictions the responsibility falls on the
    merchant to verify the signature and good-standing of the credit card.
    (The CC issuer provides some mechanisms to assist him in this but
    ultimately it's his responsibility.) If there's a problem or dispute re
    authorization it is the merchant's problem to prove it or eat the cost.

    With the PIN system (and digital signatures generally) the consumer is
    now caught in a Catch-22. The PIN will be taken as non-repudiable
    authorization, authorization which can only be disputed by alleging that
    control of the PIN has been compromised. But leaking of the PIN will
    likely be alleged by the merchant/CC issuer as negligence on the part of
    the consumer, leaving him still on the hook. Catch-22!

    The whole burden for the system has been shifted to the consumer's
    shoulders from a joint responsibility of the consumer and the merchant.
    No wonder the credit card issuers and merchants are pushing for this.

    Regards,

    PS Of course there is the automated teller system as precedent for
    PINs. (Regarding which there are some consumer protections against total
    consumer responsibility, at least in the US. Not so in Britain where in
    one case a policeman went to jail for alleged PIN fraud in a travesty of
    justice, as discussed in Security Engineering by Ross Anderson.)

    PPS If the PIN security measures of the issuer are faulty or
    compromised the consumer will have a nearly insurmountable task in
    challenging (or even investigating) them, In short, this scheme puts the
    consumer in the barrel!








  4. Re: When *not* to sign an e-mail message?

    Anne & Lynn Wheeler wrote in
    news:m364mo988a.fsf@lhwlinux.garlic.com:

    > Andrew Swallow writes:
    >> In Britain the credit card companies no longer accept handwritten
    >> signatures. You have to type a 4 digit pin.

    >
    > credit cards have been "something you have" authentication and the
    > hardwritten signature has been demonstration of intent.
    >
    > pin-debit has had two-factor authentication, the card as "something
    > you have" and the pin as "something you know" ... from 3-factor
    > authentication model
    > http://www.garlic.com/~lynn/subpubkey.html#3factor
    >
    > * something you have
    > * something you know
    > * something you are


    ....snip interesting discussion...


    I would argue that a handwritten signature is not quite equivalent to any
    of these. However, it could be regarded as a derivative of the "something
    you are" category with additional refinements. [or we could add a new
    category: "something you do"]

    A handwritten signature is uniquely tied to the biological makeup of an
    individual human being (as augmented by learned capabilites such as
    writing). In that sense it is allied to the "something you are" category.
    But it differs in that each instance of the signature requires a specific
    constructive act (an act which in most contexts is evidence of intent, as
    you point out).

    These features of a handwritten signature (i.e., that it requires a
    specific constructive act in each instance) and that it requires nothing
    else (e.g., no requirement to remember and safeguard keys or PINS, and no
    need for a complicated auxiliary device such as a computer) are very useful
    and convenient ones. And they are features which no digital signature
    system possesses.

    Regards,



  5. Re: When *not* to sign an e-mail message?

    Andrew Swallow writes:

    > In Britain the credit card companies no longer accept handwritten
    > signatures. You have to type a 4 digit pin.


    That has been true for many years in France.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  6. Re: When *not* to sign an e-mail message?

    Anne & Lynn Wheeler writes:
    > slight topic drift on the chip&pin subject:
    > http://www.garlic.com/~lynn/aadsm22.htm#20 FraudWatch - Chip&Pin, a new tenner


    ref:
    http://www.garlic.com/~lynn/2006e.html#2 When *not* to sign an e-mail message?

    in the above "yes card" scenarios, i've seen reference to a number of
    different implementations.

    the "yes card" scenarios supposedly are "static data" exploits
    .... i.e. the token authenticates itself by presenting a digital
    certificate (i.e. static data) to the terminal. the terminal verifies
    the digital signature on the certificate and accepts the card as
    authenticated. this turned out to be vulnerable to the same skimming
    technology that has been used for magstripes. there is some more
    detailed information at the URL cited by the posting mentioned above.

    the countermeasure becomes "dynamic data" ... the terminal basically
    sends a form of challenge, which is digitally signed and both the
    digital signature and the digital certificate is returned. the
    terminal now verifies the digital signature on the digital certificate
    and uses the public key in the digital certificate to verify the
    digital signature on the challenge.

    i've heard rumors of mitm-attacks tho ... since the digital signature
    on the challenge and the execution of the transaction are separate,
    distinct operations. the countermeasure for mitm-attack is to directly
    digitally sign the transaction ... as opposed to having separate
    operation for token digital signature authentication and the execution
    of the transaction.

    this then starts to look much more like the x9.59 model
    http://www.garlic.com/~lynn/x959.html#x959
    http://www.garlic.com/~lynn/subpubkey.html#x959

    the original work on x9.59 for directly digitally signing the
    transaction was going on in the same time-frame as the original work
    on the definition for th chip&pin stuff ... where authentication was
    going to be done separately from the transaction.

    in any case, as in past posts on the subject, the verification of the
    digital signature establishes the implication of "something you have"
    authentication (aka the entity has access to and use of the
    corresponding private key). then some certified process that binds a
    private key to some chip ... then sort of establishes the equivalence
    between "something you have" private key and "something you have"
    chip.

    however, digital signature isn't being used to imply intent as in
    human signatures ... or in the human button pressing operation in
    response to some message (as in POS terminal).

    any change from doing a digital signature on a purely challenge
    (possibly random data) authentication operation ... to applying a
    digital signature to the transaction itself ... wouldn't be to create
    any more of a (false) impression of human signature ... but to close
    possible mitm-attacks that might be possible between doing an
    independent authentication operation and then doing a separate
    transaction (aka one of the original x9.59 scenarios).

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  7. Re: When *not* to sign an e-mail message?

    "nemo_outis" writes:
    > I would argue that a handwritten signature is not quite equivalent
    > to any of these. However, it could be regarded as a derivative of
    > the "something you are" category with additional refinements. [or
    > we could add a new category: "something you do"]


    ref:
    http://www.garlic.com/~lynn/2006e.html#2 When *not* to sign an e-mail message?

    however, if you look at the contrast between signature-debit and
    pin-debit .... signature-debit is effectively treated as a credit card
    transaction from the standpoint of fraud ... while pin-debit is
    considered to be two-factor authentication ... possibly lower fraud
    (modulo the issue that it is possible for some skimming technology to
    simultaneously capture both the magstripe and the pin ... defeating
    some basic assumptions with multi-factor authentication that the
    different factors are subject to independent threats/vulnerabilities).

    POS terminals for pin-debit, w/o the signature and straight two-factor
    authentication ... then goes to the interaction with a message being
    displayed asking for the person to press a button to establish
    "intent" (which is otherwise provided by a human signature).

    within 3-factor authentication model ... human signature would
    possible be "something you are", since it is it would be taken as
    distinctive representation of human physical characteristics.

    however, there aren't a lot of current infrastructure deployments that
    take human signatures as part of serious multi-factor authentication
    infrastructure (not that you can't do it, it just doesn't seem to be
    taken very seriously).

    there was some work on elevating writting a signature to status of
    acceptable "something you are" authentication .... it wasn't so much
    the resulting signature ... but that the physical motions in executing
    the signature have been demonstrated to be distinctive.

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  8. Re: When *not* to sign an e-mail message?

    Anne & Lynn Wheeler wrote in
    news:m3oe0g7k2d.fsf@lhwlinux.garlic.com:

    > "nemo_outis" writes:
    >> I would argue that a handwritten signature is not quite equivalent
    >> to any of these. However, it could be regarded as a derivative of
    >> the "something you are" category with additional refinements. [or
    >> we could add a new category: "something you do"]

    >
    > ref:
    > http://www.garlic.com/~lynn/2006e.html#2 When *not* to sign an e-mail
    > message?
    >
    > however, if you look at the contrast between signature-debit and
    > pin-debit .... signature-debit is effectively treated as a credit card
    > transaction from the standpoint of fraud ... while pin-debit is
    > considered to be two-factor authentication ... possibly lower fraud
    > (modulo the issue that it is possible for some skimming technology to
    > simultaneously capture both the magstripe and the pin ... defeating
    > some basic assumptions with multi-factor authentication that the
    > different factors are subject to independent threats/vulnerabilities).
    >
    > POS terminals for pin-debit, w/o the signature and straight two-factor
    > authentication ... then goes to the interaction with a message being
    > displayed asking for the person to press a button to establish
    > "intent" (which is otherwise provided by a human signature).



    In the US there is still considerable scope for repudiation under
    Regulation E (and others as well, I believe, but I don't have my
    references at hand).


    > within 3-factor authentication model ... human signature would
    > possible be "something you are", since it is it would be taken as
    > distinctive representation of human physical characteristics.
    >
    > however, there aren't a lot of current infrastructure deployments that
    > take human signatures as part of serious multi-factor authentication
    > infrastructure (not that you can't do it, it just doesn't seem to be
    > taken very seriously).
    >
    > there was some work on elevating writting a signature to status of
    > acceptable "something you are" authentication .... it wasn't so much
    > the resulting signature ... but that the physical motions in executing
    > the signature have been demonstrated to be distinctive.



    I think we need to make some carefull distinctions here. There is quite
    a difference between "written signature" defined in terms of the process
    that produces it or in terms of the outcome (what is traditionlly
    referred to as a signature). True, the outcome often gives hints as to
    the process (indications of speed, pressure, etc.) but generally nowhere
    near enough to fully reconstruct the process.

    Once again there is a tendency to let what is technologically more
    tractable or reliable or repeatable (monitoring the process) substitute
    itself for the (arguably preferable) aspect of verifying the written
    signature itself.

    Regards,





  9. Re: When *not* to sign an e-mail message?

    nemo_outis writes:

    > There are numerous other characteristics of
    > signatures any or all of which can play a role in verification.


    No, there are not. If there were, signed documents sent by fax would
    be useless. The only authenticating characteristic is the shape. If
    the shape changes, the signature becomes invalid. If the shape
    remains the same, the signature is valid.

    > Few other practical options? So I take it you now concede that
    > handwritten signatures are one practical option.


    They are a practical option for printed documents, but they are not
    practical for electronic documents. Conversely, digital signature is
    not very practical for printed documents, but it is very well suited
    to electronic documents.

    As authentication increasingly shifts into the domain of electronic
    documents instead of printed documents, digital signatures become more
    important.

    > The fact that two instances of a signature are never completelyy identical is
    > actually a positive aspect in verification and the deterrence of fraud.


    How?

    > That the lack of complete repeatability is intractable for mechanized
    > signature-recognition systems is a clear limitation of those systems -
    > skilled and experienced humans (e.g., bank tellers) are very good at it.


    Then how do forgers succeed?

    And what good are skilled and experienced humans when the vast
    majority of people called upon to validate signatures are not in this
    category?

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  10. Re: When *not* to sign an e-mail message?

    Mxsmanic wrote in
    news:hedv025qvms75vnc2emt6jll40sul0qm4o@4ax.com:

    > nemo_outis writes:
    >
    >> There are numerous other characteristics of
    >> signatures any or all of which can play a role in verification.

    >
    > No, there are not. If there were, signed documents sent by fax would
    > be useless. The only authenticating characteristic is the shape. If
    > the shape changes, the signature becomes invalid. If the shape
    > remains the same, the signature is valid.



    Yes, traditional handwritten signatures do not translate well into the
    digital world (although they work quite well in the pen and paper world).
    That's why you picked your nonrepresentative example: essentially a
    photograph of a document (usually transmitted unencrypted over an
    insecure network, I might add). But - what the hell - let's examine it.

    It depends on the jurisdiction whether faxes are legally binding at all.
    Yes, most advanced countries now accept them, but many still with one or
    more reservations or cavils. In many jurisdictions a "faxed signature"
    is not technically a signature but a "facsimile of a signature" (the UK
    wording) and it required explicit statutes to say that such facsimiles
    were acceptable (in other contexts it relied on specific court
    precedents). IOW it is considered "sufficient evidence" (in ordinary
    intercourse - it is still challengable) that there is a document with a
    signature affixed to it, but it is not the document or signature itself.

    The logic is somehwat similar for rubber stamp facsimiles and such.

    And there are still statues in some advanced jurisdictions that require
    that a document be "in writing" and "signed" which, somewhat
    surprisingly, has been taken as permitting faxed signatures (i.e., which
    are in writing) but excluding digital signatures (which aren't).


    >> Few other practical options? So I take it you now concede that
    >> handwritten signatures are one practical option.

    >
    > They are a practical option for printed documents, but they are not
    > practical for electronic documents. Conversely, digital signature is
    > not very practical for printed documents, but it is very well suited
    > to electronic documents.



    Exactly. So now we're talking about two sytems of signatures. And they
    are by no means fully equivalent (legally and in other respects) which is
    a mine field for those using them (especially those who are not not
    technically savvy: the general populace). In fact, to my cynical old
    mind, the reference to "signature" in "digital signature" is not only
    misleading, but quite possibly intentionally so.

    And you are aware that the vast majority of social, commercial and legal
    documentation is still in paper form, aren't you?


    > As authentication increasingly shifts into the domain of electronic
    > documents instead of printed documents, digital signatures become more
    > important.
    >
    >> The fact that two instances of a signature are never completelyy
    >> identical is actually a positive aspect in verification and the
    >> deterrence of fraud.

    >
    > How?



    Perfect repeatability is evidence of mechanical, not human, (re)
    production and thus of counterfeit (if the suignature is supposedly
    handwritten).


    >> That the lack of complete repeatability is intractable for mechanized
    >> signature-recognition systems is a clear limitation of those systems
    >> - skilled and experienced humans (e.g., bank tellers) are very good
    >> at it.

    >
    > Then how do forgers succeed?



    Don't be deliberately obtuse. Of course handwritten signatures can be
    forged.

    But, although such forging is easier than cracking a 128-bit key, it is
    sufficiently difficult, the skill is sufficiently rare and hard to
    acquire, and the penalties sufficiently high, that it is not a major
    obstacle to the use of handwritten signatures.

    And that's the crux: how well do they work in practice? And the answer
    is clearly: well enough!

    And that "well enough" is by no means a throwaway or blow-off statement.
    That signatures have been successfully used for matters great and small
    for centuries worldwide is a strong testament to their utility and
    robustness. The newcomer, the digital signature, has perhaps two decades
    of use, by a very limited crossection of the populace, for limited and
    specialized applications, and is mostly confined to developed industrial
    nations. A niche application. Whether digital signatures can grow out
    of that niche, or whether they will be supplanted by something else
    altogether (the life of technical gimcrackery is usually short!) remains
    to be seen.

    > And what good are skilled and experienced humans when the vast
    > majority of people called upon to validate signatures are not in this
    > category?



    Actually, the vast majority of signatures, written or digital, are never
    verified. Their validity is usually inferred from the general context in
    which they are presented. (For instance, almost all cheques are
    processed by their MICR imprint - only those over, perhaps, $20,000 are
    verified by signature.)

    Only when a signature is questionable or challenged are expert verifiers
    (and there are degrees of expertise) called in. (It is much the same with
    counterfeit currency, for instance.)

    Regards,


  11. Re: When *not* to sign an e-mail message?

    On Sun, 05 Mar 2006 23:15:19 GMT, Mike Amling
    wrote:

    > Juergen Nieveler wrote:


    > > When sending anonymous messages it's a good idea not to sign them ;-)

    >
    > Signing with what keypair? Is the public key well known to be
    > associated with the author? Is the keypair ephemeral and only used for
    > one message? Is the keypair made up just for the few messages the author
    > wants to send using the identity "WhistleBlower12", "Terrorist214",
    > "CompulsiveConfessor7" or "PoisonPenman"?
    > When I first read Ender's Game by Orson Card, I couldn't figure how
    > everyone could be so sure that a series of anonymous essays published
    > under the name "Demosthenes" were all by the same author. Now I see that
    > including a public key in each essay and a digital signature that
    > verifies with that public key establishes that the essays are all by the
    > same author, no, that they're all signed by the same person, no, that
    > they're all signed by members of the cabal who know the corresponding
    > private key.
    >

    Although to the best of my recollection Card was never specific on the
    technical details and his story(ies) could equally well have been a
    situation where the contributor's identity is known and proven to but
    witheld by the "publisher". In fact I think it said somewhere that
    some special approval was required since Peter and Val were underage;
    while this could be a detectable characteristic of a public key, it
    makes more sense for a full identity or at least certificate.

    - David.Thompson1 at worldnet.att.net

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3