Full Disclosure mailing list archives
Re: Mail Drives Security Considerations
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Sun, 5 Nov 2006 18:18:10 -0500
On Fri, Nov 03, 2006 at 11:28:27AM -0500, Matthew Flaschen wrote:
Why can't message signing offer backwards compatibility (assuming you use multipart/signed)?
Seems to me that adding a PGP signature verification to every operation on files (even ls(1); you have to check to make sure it's not a spoofed file) would rather noticeably impact the performance of what's already got to be pretty slow on most users' connections, and it adds a layer of complexity to the setup (you have to generate the key pair, and have the private key available on any system which you intend have write access) but that would certainly work. Spam will still be a DoS against storage space, of course. Never mind that this software violates gmail's acceptable use policy and is transmitted back and forth in the clear (unless you want to roll PGP encryption into the mix, in which case keeping paths in the clear in the subject breaks the security), so it'd be hard to view data stored this way as being "secure" to begin with... -- gabriel rosenkoetter gr () eclipsed net
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mail Drives Security Considerations Darkz (Nov 03)
- Re: Mail Drives Security Considerations Matthew Flaschen (Nov 03)
- Re: Mail Drives Security Considerations gabriel rosenkoetter (Nov 05)
- Re: Mail Drives Security Considerations Darkz (Nov 06)
- Re: Mail Drives Security Considerations Matthew Flaschen (Nov 06)
- Re: Mail Drives Security Considerations Darkz (Nov 07)
- Re: Mail Drives Security Considerations Matthew Flaschen (Nov 07)
- Re: Mail Drives Security Considerations Matthew Flaschen (Nov 03)