On Thu, 2012-05-10 at 14:56 +0000, Camaleón wrote:
> On Wed, 09 May 2012 23:22:09 +0200, Ralf Mardorf wrote:
>
> > On Wed, 2012-05-09 at 20:22 +0000, Camaleón wrote:
>
> >> What is what you understand by "dirty"?
> >>
> >> I can send the same spam, virus-inside or crap message with a signature
> >> or without it. That changes nothing.
> >>
> >>
> > dirty {adj} [fig.] e.g. remove words, add words.
>
> So you meant that the content of the messages can't become "faked/
> manipulated" when they are signed. If that's what you wanted to say, then
> yes, signatures are also aimed for that.
>
> But the problem still remains: in the event you can check the validity of
> the signature you still can't be sure about its real author.
>
> >> You can still get false-positives that make the signature cannot be
> >> properly verified so you think the message is not legitimate while it
> >> is.
> >
> > I did wrote something similar off-list to whomever, but it wasn't only
> > about computers and signing mails:
>
> (...)
>
> > As I already pointed out. Somebody e.g. could hack the view of a
> > mailing list archive, seemingly signed mails with edited
> > contend. Than this wrong information is in the Internet,
> > pretending to be the signed original. The mob will believe this
> > is absolute truth. They are hungry for absolute truth. This is a
> > loss of civilization.
>
> It's even simpler than that, is that any piece of the software involved
> in the message distribution chain can fail, i.e., they can have bugs that
> render the signature verification proccess invalid.
>
> > OTOH there are valid situations to sign messages.
>
> Of course. Moreover, it should be "a must".
>
> As I see it, the concept of verifying the author of a message is
> completely valid and right, it's the implementation that fails because of
> the way you have to trust the user you want to validate (human beings
> have not developed a system to differ between a fake and a true thing,
> our brains are very limited in that field and also very influenceable by
> external sources).
>
> Greetings,
I guess we agree.
- ralf
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336663538.2307.58.camel@precise
