Re: PGP Lame question
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: PGP Lame question

From: Ari Silverstein <abcarisilversteinn@yahoo.comxyz>
Date: Thu Dec 08 2005 - 06:11:52 CET



On 7 Dec 2005 16:46:37 -0800, vedaal wrote:



>>>>A year or so later, Bob's in disgrace over some dodgy investment thing


>>>>that went wrong, and they've split up.  Being a vindictive kind of chap,


>>>>he digs up Alice's message, removes the outer encryption, and now


>>>>effectively has a signed confession by Alice


> 


>> At which point Alice claims to not have been the sender, that she and her


>> machine were compromised and that there is no personal authenticator that


>> proves she ever sent it


> 


> the problem is, that if, as is quite likely,


> Alice has signed things before and afterwards, with the same key,


> and has acknowledged her authentication of those 'other' signed


> documents,


> and there is an objective e-mail server record of when she sent the


> signed incriminating


> message to Bob, as well as other messages before and after,


> 


> then it is very difficult to selectively deny


> 'only' that message,


> (which would have required her revoking her key at that time)


> and still stand by her signatures on later messages


> 


> it is, of course,  *possible*


> to claim that she was called away from her computer for an


> urgent errand, 'forgot' to take her keys,


> and was unaware of the forgery until Bob later produced it ...


> 


> but such fictions become less and less credible,


> [  Bob suddenly 'appeared' from another city, just to forge this


> message on Alice's computer ? ;-)  ]


> 


> the burden of proof is upon Alice,


> and the more time that passes since she signed it,


> the more difficult it is to resolve


> 


> vedaal



Several defenses for Alice.



One, I don't care if Bob didn't forge me, determine who did?


Second, forget I am guilty, I stand that I am innocent until you do.


Third, There is nothing except circumstantial evidence that I produce this


confessional email. 


Fourth, the technology exists that my ID could be authenticated so,


consequently, it is not outside the court to understand that the


prosecution is incumbent to admit this testimony could exist but does not.



blah blah blah



Alice has a great chance of walking on this one. although the sig/key


encryption methodologies is compelling, it does not biometricaly place the


fingerprinted email in her hand.



-- 
Drop the alphabet for email


Received on Sun Dec 11 14:26:13 2005