[cryptography] Is it just me or is this fundamentally broken?
stpeter at stpeter.im
Tue Mar 5 12:02:05 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 3/5/13 5:17 AM, ianG wrote:
> On 5/03/13 02:42 AM, Peter Gutmann wrote:
>> Quoting http://xmpp.org/extensions/xep-0027.html#signing:
>> Signing enables a sender to verify that they sent a certain
>> block of text. [...] The text that is signed MAY be the empty
>> (There's no metadata or anything there, just a raw signature).
> The crux of the problem is, what does the signature mean? What is
> the claim that is being made by the key when it signs that data?
> In the above, the sender verifies they sent a certain block of
> Not much meat there, but we can try it. If that's it, and the
> sender insists on sending "nothing" (perhaps in answer to a
> question to which the answer is "nothing") then the signer still
> needs a way to indicate "I'm sending nothing." Elsewise the
> protocol mechanics of ACKs and so forth mean that the other side
> will continue to say "I'm not hearing nothing from you, please send
> nothing again..." Over and over...
> Without that understanding, we're floating. It's like asking
> whether an empty beer glass is cheating in a drinking game, before
> we've established the rules of the game.
See my earlier reply. This technology is not actively used and we (the
XSF) will change the specification to Obsolete.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the cryptography