On Fri, 5 Mar 2004, suse@rio.vg wrote:
Quoting dproc <dproc@dol.net>:
(1) malicious person or malware could pre-register a key as easily as they can send mail to the list
This is absurd. None of these attacks are directed at the list specifically. They're just massmailing worms. Adding the key to the listserver would have to be done manually, and is just not something the massmailing script kiddies are interested in.
We're not trying to prevent someone from specifically attacking the list, but just trying to avoid the collateral damage and windows fallout from mass mailing exploits.
(2) honest person with useful info for list members often will not have access to the signing key (or even to openpgp software) at the machine they send mail from.
This is more likely and a valid concern. Whether to move to such a system really depends on just how annoying these massmailings get. Much like e-mail blacklists, there is a certain point when they simply must be implemented, no matter how much we'd rather not.
Perhaps something simpler is in order. We could require everyone to put a "#" at the end of the Subject string? Spammers and mass mailing worms won't know to put it in, and does not require any special software on posters machines. Replies to the list wouldn't even need to add it, as it would already be there from the previous post.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I'm glad at least one person agrees with me. The list only has to verify that the post is signed with the key that users register. It's a simple procedure and would not require a lot of effort. I don't know what the mechanism for this list, but it would only take a couple of scripts to accomplish. New users could be advised at signup time that they are required to sign posts, and they could supply their public key of choice simply by pasting it in an email. The key does not need to be signed by others to work, it's only purpose is to filter out automated posts. One or two people have suggested that worm writers would simply modify their worms to send keys to the system. This suggests that those writers don't fully understand what's going on here. The worm simply grabs all the email addresses it can find and sends itself to them. If the naysayers are truly concerned about the worm being capable of using the victim's key or generating their own key, they can implement a mechanism that requires human interaction, like many BBS and free mail systems do to foil automated signups. -linux_lad public key john@linuxlad.org