Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] signing mails
  • From: -linux_lad <john@xxxxxxxxxxxx>
  • Date: Fri, 5 Mar 2004 08:18:42 -0800 (PST)
  • Message-id: <Pine.LNX.4.58.0403050817350.11591@xxxxxxxxxxxxxxxxxxx>
On Fri, 5 Mar 2004, suse@xxxxxx wrote:

> Quoting dproc <dproc@xxxxxxx>:
> >
> > (1) malicious person or malware could pre-register a key as easily as
> > they can send mail to the list
>
> This is absurd. None of these attacks are directed at the list specifically.
> They're just massmailing worms. Adding the key to the listserver would have to
> be done manually, and is just not something the massmailing script kiddies are
> interested in.
>
> We're not trying to prevent someone from specifically attacking the list, but
> just trying to avoid the collateral damage and windows fallout from mass
> mailing exploits.
>
> > (2) honest person with useful info for list members often will not have
> > access to the signing key (or even to openpgp software) at the machine
> > they send mail from.
>
> This is more likely and a valid concern. Whether to move to such a system
> really depends on just how annoying these massmailings get. Much like e-mail
> blacklists, there is a certain point when they simply must be implemented, no
> matter how much we'd rather not.
>
> Perhaps something simpler is in order. We could require everyone to put a "#"
> at the end of the Subject string? Spammers and mass mailing worms won't know
> to put it in, and does not require any special software on posters machines.
> Replies to the list wouldn't even need to add it, as it would already be there
> from the previous post.
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

I'm glad at least one person agrees with me. The list only has to verify
that the post is signed with the key that users register. It's a simple
procedure and would not require a lot of effort. I don't know what the
mechanism for this list, but it would only take a couple of scripts to
accomplish. New users could be advised at signup time that they are
required to sign posts, and they could supply their public key of choice
simply by pasting it in an email. The key does not need to be signed by
others to work, it's only purpose is to filter out automated posts.

One or two people have suggested that worm writers would simply modify
their worms to send keys to the system. This suggests that those writers
don't fully understand what's going on here. The worm simply grabs all the
email addresses it can find and sends itself to them. If the naysayers are
truly concerned about the worm being capable of using the victim's key or
generating their own key, they can implement a mechanism that requires
human interaction, like many BBS and free mail systems do to foil
automated signups.

-linux_lad
public key john@xxxxxxxxxxxx

< Previous Next >