Mailinglist Archive: opensuse (3166 mails)
| < Previous | Next > |
Re: [SLE] [OT] pgp/gpg signatures & security (was 8.2 Announced)
- From: "Theo v. Werkhoven" <twe-suse.e@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 22 Mar 2003 23:33:30 +0100
- Message-id: <20030322223330.GA17977@xxxxxxxxxxxxxxxx>
On Sat, 22 Mar 2003, rex just had to get this off his chest:
> Theo v. Werkhoven <twe-suse.e@xxxxxxxxxxxxxxxxxxxx> [2003-03-22 09:31]:
> >
> > So the last bit ("However, PGP 6.58 fails to verify your sig.") was
> > Rex's.
>
> Theo, I'm getting a bad sig message from PGP:
>
> [-- PGP output follows (current time: Sat 22 Mar 2003 12:15:03 PM PST) --]
> WARNING: Bad signature, doesn't match file contents!
>
> Bad signature from user "Theo v. Werkhoven (Usenet and personal mail) <theo@xxxxxxxxxxxxxxxxxxxx>".
> Pretty Good Privacy(tm) Version 6.5.8
> [...]
> [-- End of PGP output --]
It is strange, yes. Today I asked some people on IRC to check my GPG
sig. One person had no problem verifiying the sig (ihe is using Mutt 1.4i and GPG
1.2.1), the other person said my sig wasn't valid according to his
setup (he is using Mutt 1.3.27 and GPG 1.0.6).
>
> I emailed you about it (your key shows as expired in PGP), but your ISP is
> blocking mail from dialup IP ranges:
They're not, I am.
>
> Error 571: ACCESS DENIED by Wirehub! Internet DynaBlock
> a.k.a. Dynamic IP range listed by Wirehub! Internet DynaBlock (Nederlands)
>
> The only dynamically assigned IP addresses (esp. dynamically assigned
> dial-up connections) our mail servers want to talk to are our own. Plain and
> simple. You're not accused of being a spammer, but the fact is that spammers
> prefer to use dial-up connections to send unwanted e-mail. If you feel
> victimized by this, you're a victim of the spamming industry, just like we
> are.
>
> This makes about as much sense as not allowing anyone on a bus who pays
> cash because a few people who pay cash cause problems.
In: MAIL From:<rex@xxxxxxxxxxxx> SIZE=694
Out: 250 Ok
In: RCPT To:<twe-suse.e@xxxxxxxxxxxxxxxxxxxx>
Out: 554 Service unavailable; Client host [209.221.198.133] blocked using
dynablock.wirehub.net; Dynamic IP range listed by Wirehub! Internet
DynaBlock - http://dynablock.wirehub.net/errors.html
I'm sorry you're on the "wrong" end of the stick, but it is your
choice to use a mail-setup that is a known source of spam. Please
read the rest of the advice:
If your Internet connection is based on dynamic IP assignments,
please send your outgoing mail through your ISP's smtp server; if
you're running a mail server on a dynamic IP address, make your
ISP's smtp server your smarthost/relayserver/nexthop. If these terms
mean nothing to you, you should not be running a mailserver in the
first place. If you're on a fixed IP (e.g. you're running a mail
server on a static IP address) and you're blocked by our
DynaBlocker, chances are that your IP address is located within a
netblock full of dynamic IP addresses (which is a sign of poor
network and/or systems management!) Please contact
abuse@xxxxxxxxxxxxxxxxx and state the IP address that was rejected.
We will see what we can do.
> It's quite disappointing to see that signing/encryption failures are so
> common after public key encryption has been in use for so long (I started
> using PGP in 1994 and used another public-key encryption program before
> that). It's bad enough when the parties can communicate openly, but it's
> much worse when remailers and pseudonyms are used.
I coudn't agree more.
Theo
--
Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org
ICBM 52 13 27N , 4 29 45E.
SuSE 8.0 x86
Kernel k_Athlon 2.4.19-4GB
See headers for PGP/GPG info.
> Theo v. Werkhoven <twe-suse.e@xxxxxxxxxxxxxxxxxxxx> [2003-03-22 09:31]:
> >
> > So the last bit ("However, PGP 6.58 fails to verify your sig.") was
> > Rex's.
>
> Theo, I'm getting a bad sig message from PGP:
>
> [-- PGP output follows (current time: Sat 22 Mar 2003 12:15:03 PM PST) --]
> WARNING: Bad signature, doesn't match file contents!
>
> Bad signature from user "Theo v. Werkhoven (Usenet and personal mail) <theo@xxxxxxxxxxxxxxxxxxxx>".
> Pretty Good Privacy(tm) Version 6.5.8
> [...]
> [-- End of PGP output --]
It is strange, yes. Today I asked some people on IRC to check my GPG
sig. One person had no problem verifiying the sig (ihe is using Mutt 1.4i and GPG
1.2.1), the other person said my sig wasn't valid according to his
setup (he is using Mutt 1.3.27 and GPG 1.0.6).
>
> I emailed you about it (your key shows as expired in PGP), but your ISP is
> blocking mail from dialup IP ranges:
They're not, I am.
>
> Error 571: ACCESS DENIED by Wirehub! Internet DynaBlock
> a.k.a. Dynamic IP range listed by Wirehub! Internet DynaBlock (Nederlands)
>
> The only dynamically assigned IP addresses (esp. dynamically assigned
> dial-up connections) our mail servers want to talk to are our own. Plain and
> simple. You're not accused of being a spammer, but the fact is that spammers
> prefer to use dial-up connections to send unwanted e-mail. If you feel
> victimized by this, you're a victim of the spamming industry, just like we
> are.
>
> This makes about as much sense as not allowing anyone on a bus who pays
> cash because a few people who pay cash cause problems.
In: MAIL From:<rex@xxxxxxxxxxxx> SIZE=694
Out: 250 Ok
In: RCPT To:<twe-suse.e@xxxxxxxxxxxxxxxxxxxx>
Out: 554 Service unavailable; Client host [209.221.198.133] blocked using
dynablock.wirehub.net; Dynamic IP range listed by Wirehub! Internet
DynaBlock - http://dynablock.wirehub.net/errors.html
I'm sorry you're on the "wrong" end of the stick, but it is your
choice to use a mail-setup that is a known source of spam. Please
read the rest of the advice:
If your Internet connection is based on dynamic IP assignments,
please send your outgoing mail through your ISP's smtp server; if
you're running a mail server on a dynamic IP address, make your
ISP's smtp server your smarthost/relayserver/nexthop. If these terms
mean nothing to you, you should not be running a mailserver in the
first place. If you're on a fixed IP (e.g. you're running a mail
server on a static IP address) and you're blocked by our
DynaBlocker, chances are that your IP address is located within a
netblock full of dynamic IP addresses (which is a sign of poor
network and/or systems management!) Please contact
abuse@xxxxxxxxxxxxxxxxx and state the IP address that was rejected.
We will see what we can do.
> It's quite disappointing to see that signing/encryption failures are so
> common after public key encryption has been in use for so long (I started
> using PGP in 1994 and used another public-key encryption program before
> that). It's bad enough when the parties can communicate openly, but it's
> much worse when remailers and pseudonyms are used.
I coudn't agree more.
Theo
--
Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org
ICBM 52 13 27N , 4 29 45E.
SuSE 8.0 x86
Kernel k_Athlon 2.4.19-4GB
See headers for PGP/GPG info.
| < Previous | Next > |