[Enigmail] On signatures

Phil Stracchino alaric at metrocast.net
Fri Dec 14 07:00:23 PST 2007 

Robert J. Hansen wrote:
> ... Now, OpenPGP happens to be a perfect mathematical analogue to the
> alien truth alarm.  It will examine a message and attempt to determine
> the truth of the proposition "this message has been tampered with".  If
> OpenPGP tells me "the proposition 'this message has been tampered with'
> is false", then I can be assured the message is authentic.  If OpenPGP
> tells me "the proposition 'this message has been tampered with' is
> true", then I need to find out for myself what's happened.
> 
> Exactly the same as if OpenPGP had not given me any answer at all.

Well .....   Sort of.

If you did not use OpenPGP (or some other such tool), then you have no
information about the message's validity.

If you use ${OPENPGP_TYPE_TOOL} and it says "This message is authentic",
then as you point out, you know beyond any reasonable doubt that the
message is authentic (assuming that the sender's key has not been
compromised), and you almost certainly have no need to check further.

If you use ${OPENPGP_TYPE_TOOL}, and you either get no answer from it or
it asserts the message has (or may have been) tampered with, then you
know you need to perform further examination to determine the message's
validity.  The information "You do not know this message to be
authentic" is not the same as having no information.

Returning to your alien truth alarm analogy, if the device cannot ever
make a type I error, then as long as it continues to report that your
home is not on fire, you do not need to check that it is, in fact, not
on fire.  But if it stops reporting that your home is not on fire, or
reports that it is, you know you need to check and ascertain whether
your house is actually on fire or not.  Information has been conveyed,
even if that conveyance of information is only by the sudden absence of
certainty that your home is not on fire.  A state change of knowledge
has occurred.  It simply requires additional information to determine
unambiguously whether the house actually *is* on fire (or the message
has been altered).


I admit the distinction may be subtle, and possibly even academic, for
most purposes.  But the distinction exists nonetheless.


-- 
  Phil Stracchino, CDK#2         ICBM: 43.5607, -71.355
  Renaissance Man, Unix ronin, Perl hacker, Free Stater
  alaric at caerllewys.net            alaric at metrocast.net
          It's not the years, it's the mileage.

More information about the Enigmail mailing list