Re: enigmail should never sign drafts

Daniel Kahn Gillmor wrote:
> I don't actually believe that you think a digital signature should be
>  considered meaningless, for example, but some of your remarks seem 
> to imply that you do.

A digital signature is, by itself, meaningless.  The set of
prerequisites which must be met for a signature to be meaningful is
fairly long.  If I give you a random sequence of numbers that's signed
with a key that has no user ID, belonging to someone you don't know,
does that random sequence suddenly have meaning just because it's signed?

No.  Of course not.  A digital signature is, by itself, meaningless.  It
cannot give meaning to what is devoid of meaning.

Signatures acquire meaning as the result of a process of reasoning we
apply to the document.  Is the signature correct?  Is the key validated?
 Has the owner been vetted?  Is there evidence the key has been tampered
with?  Etc., etc., etc.

Once you sit down and actually look at the long chain of conditions that
have to be met for a signature to be meaningful, you quickly stop
thinking of digital signatures as a panacea or a general-purpose
solution.  Digital signatures are a good tool to have around, but they
are not as useful as their proponents make them out to be.

> Are you suggesting that you think there are good use cases where it 
> actually makes sense to sign e-mail drafts?  If so, what are those 
> use cases?

I've already given those cases.  There exist professions and business

Re: enigmail should never sign drafts

On 09/30/2009 07:12 PM, Robert J. Hansen wrote:
> I haven't been talking about whether Enigmail should support this or
> shouldn't support this.  Look back at what I've written: the word
> "Enigmail" never appears in any of my messages on this threat.

Had i known this back-and-forth had nothing to do with enigmail, i would
have stopped responding on-list a few messages ago.  Apologies to all on
the list for the off-topic digression.

	--dkg

_______________________________________________
Enigmail mailing list
Enigmail <at> mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

Re: enigmail should never sign drafts

Hi Daniel,

> Had i known this back-and-forth had nothing to do with enigmail, i would
> have stopped responding on-list a few messages ago.  Apologies to all on
> the list for the off-topic digression.

Never mind, I liked to sit back, relax and see both of you arguing.
But yes, Robert could have flagged it OT 

And it wasn't too off-topic and since this is a discussion list, not just
for announcements.

Apart from that I think that at least the part "using a product (or issuing
a signature) by itself doesn't make anything safe" must be pointed out from
time to time.

Olav

Re: enigmail should never sign drafts

Thanks for the kind words, Olav.

On 10/01/2009 02:07 AM, Olav Seyfarth wrote:
> Apart from that I think that at least the part "using a product (or issuing
> a signature) by itself doesn't make anything safe" must be pointed out from
> time to time.

Indeed.  And to bring it back to Enigmail, this is exactly why i think
it's great that Patrick is looking into getting Enigmail to stop signing
drafts.

Robert listed a number of good reasons why one might decide that a
particular signature or class of signatures was effectively meaningless;
among those, i might add:

 * signature issuer is known to use a tool which issues signatures on
their behalf at unintended times.

It would be unfortunate if use of Enigmail was considered to make other
signatures by the same issuer suspect.  To make it personal: it would be
sad for me, because my OpenPGP signatures are relied upon by colleagues
in a number of projects, and i make no secret of my use of Enigmail.

	--dkg

_______________________________________________
Enigmail mailing list
Enigmail <at> mozdev.org

Re: enigmail should never sign drafts

Olav Seyfarth wrote:
> Never mind, I liked to sit back, relax and see both of you arguing.
> But yes, Robert could have flagged it OT 

I personally thought it was on-topic.  Too often we fool ourselves into
thinking that we know how people need to use our software, when the real
world often has use-cases we haven't considered.  Likewise, we fool
ourselves into thinking signatures are some kind of magic pixie dust.  I
think those two points are both relevant to Enigmail.

With respect to the question, "should Enigmail allow you to sign drafts
before saving them?", I'm ambivalent.

So far the argument against is, "but I don't see any use for it!"  I
don't find this logic persuasive, for reasons already mentioned.

The other argument is, "it's not needed and only makes things more
complex."  This is only a little bit better: none of us know whether
it's needed or unneeded or how many users need it.  We wouldn't find
that out until we removed the option and started getting "why did you
remove it?" questions.  So the first part of the argument, "it's not
needed," is really our prejudice: it's something we believe in the
absence of facts.  The other bit, how it makes the interface more
complex ... okay, that I'll agree with: it adds a small bit of complexity.

So, on the one hand, signing adds a small bit of complexity to the user
interface.  Fine.  Let's add it to the list of low-hanging fruit.  File
an RFE for it on Bugzilla and we'll see about it.  The idea might be
worth implementing.

Re: enigmail should never sign drafts

Daniel Kahn Gillmor wrote:
> Robert listed a number of good reasons why one might decide that a
> particular signature or class of signatures was effectively meaningless;
> among those, i might add:
> 
>  * signature issuer is known to use a tool which issues signatures on
> their behalf at unintended times.

By the same logic, once you configure PGP Corporation's email proxy to
automatically sign all outgoing email, if you get botted and your
desktop sends out spams, your spams will be PGP-signed.  (Yes, this has
been observed in-the-wild.)  Does that mean PGP Corporation's email
proxy is suspect?

Of course not.

So long as users are clearly told under what conditions signatures will
be made, you can't claim the tool issues signatures at unintended times.
 This dog won't hunt.

Reporting: TB3+Enigmail

Hi,

Running Enigmail version 0.97a (20091003-1243), MacOSX 1.6.1, MacGnuPG2
2.0.12, with gpg-agent.

Decryption is instantaneous: click the Decrypt button, Pinentry-Mac
pops-up, type passphrase/Enter, message is decrypted immediately.
No need to reenter the passphrase as long as gpg-agent's cache in
gpg-agent.conf is active.

Verifying signed messages, either MIME or in-line, is "laborious",
requiring two attempts, whether clicking the Decrypt button, or choosing
from Menu OpenPGP>Decrypt/Verify. Signature is verified eventually, and
when signer's key contains a photo file, photo is displayed twice.

The above does not depend upon having to download the signers' public
key, which I know have been in my public keyring for a long time.

Tested also with previous nightly (September 29), same behavior.

Not crucial, just annoying.

TB 3.0b4 still buggy, but that's not Enigmail's purview.

Thank you for your work with Enigmail.

Charly

question error sending signed message

I followed Chapter 3 Hello World's guide from
http://enigmail.mozdev.org/documentation/quickstart-ch3.php  page
without missing any important detail , yes , sent to the robot
adele-en <at> gnupp.de and then an IMAP gmail account , still receive the
same set of errors:

Thunderbird 2.0.0.23 -Alert pop-up box shows :
" An error occured while sending mail. The mail server responded : 5.7.1
Authentication required : recipientname <at> gmail.com. Please check the
message recipients and try again. "

then it followed with :"Sending Message Error" titled pop-up box
Sending of message failed.
Please verify that your Mail & Newsgroups account settings are correct
and try again.

OpenPGP options selected :
-Attach My Public Key
-Sign Message

email message options
-plain text
-gmail IMAP TLS/SSL

Because of this I can never proceed to the step of "Encrypting message".
Please help .
Thank you.

Re: question error sending signed message

Hi anonymous enigmail user,

> I sent to adele-en <at> gnupp.de

so you could send to and got a response from the robot?

> I send to an IMAP gmail account but always get mail server response
>   5.7.1 Authentication required: recipientname <at> gmail.com.
>   Please check the message recipients and try again.

This points to an SMTP settings error and has got nothing to do with
Enigmail.

Olav

Re: question error sending signed message

Olav Seyfarth wrote:
| Hi anonymous enigmail user,
|
|> I sent to adele-en <at> gnupp.de
|
| so you could send to and got a response from the robot?
|
|> I send to an IMAP gmail account but always get mail server response
|>   5.7.1 Authentication required: recipientname <at> gmail.com.
|>   Please check the message recipients and try again.
|
| This points to an SMTP settings error and has got nothing to do with
| Enigmail.
|
It may not be your SMTP settings if your ISP is like mine (Verizon). They
often have problems with their server and I cannot login to it. Sometimes
waiting a day fixes the problem, but sometimes I must reset my password to
what it already was. As if they just got an error in their database where
passwords are kept.

--
~  .~.  Jean-David Beyer          Registered Linux User 85642.
~  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
~ /( )\ Shrewsbury, New Jersey    http://counter.li.org
~ ^^-^^ 09:10:01 up 5 days, 18:09, 3 users, load average: 4.29, 4.13, 4.18