share/SpamAssassin/easy_ham_2/01012.235d771c2e3094e4b4310a86ac7e7352

From fork-admin@xent.com  Mon Aug 12 11:11:04 2002
Return-Path: <fork-admin@xent.com>
Delivered-To: yyyy@localhost.netnoteinc.com
Received: from localhost (localhost [127.0.0.1])
	by phobos.labs.netnoteinc.com (Postfix) with ESMTP id 149BE4417B
	for <jm@localhost>; Mon, 12 Aug 2002 05:57:17 -0400 (EDT)
Received: from phobos [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for jm@localhost (single-drop); Mon, 12 Aug 2002 10:57:17 +0100 (IST)
Received: from xent.com ([64.161.22.236]) by dogma.slashnull.org
    (8.11.6/8.11.6) with ESMTP id g7BLDpb14306 for <jm@jmason.org>;
    Sun, 11 Aug 2002 22:13:52 +0100
Received: from lair.xent.com (localhost [127.0.0.1]) by xent.com (Postfix)
    with ESMTP id 3BADE294190; Sun, 11 Aug 2002 14:10:07 -0700 (PDT)
Delivered-To: fork@spamassassin.taint.org
Received: from venus.phpwebhosting.com (venus.phpwebhosting.com
    [64.29.16.27]) by xent.com (Postfix) with SMTP id 6510B29418F for
    <fork@xent.com>; Sun, 11 Aug 2002 14:09:32 -0700 (PDT)
Received: (qmail 24843 invoked by uid 508); 11 Aug 2002 21:10:34 -0000
Received: from unknown (HELO hydrogen.leitl.org) (217.80.40.11) by
    venus.phpwebhosting.com with SMTP; 11 Aug 2002 21:10:34 -0000
Received: from localhost (eugen@localhost) by hydrogen.leitl.org
    (8.11.6/8.11.6) with ESMTP id g7BLAUZ05996; Sun, 11 Aug 2002 23:10:30
    +0200
X-Authentication-Warning: hydrogen.leitl.org: eugen owned process doing -bs
From: Eugen Leitl <eugen@leitl.org>
To: Gordon Mohr <gojomo@usa.net>
Cc: fork <fork@spamassassin.taint.org>
Subject: Re: Forged whitelist spam
In-Reply-To: <005301c24179$ac92b820$640a000a@golden>
Message-Id: <Pine.LNX.4.33.0208112259280.5045-100000@hydrogen.leitl.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: fork-admin@xent.com
Errors-To: fork-admin@xent.com
X-Beenthere: fork@spamassassin.taint.org
X-Mailman-Version: 2.0.11
Precedence: bulk
List-Help: <mailto:fork-request@xent.com?subject=help>
List-Post: <mailto:fork@spamassassin.taint.org>
List-Subscribe: <http://xent.com/mailman/listinfo/fork>, <mailto:fork-request@xent.com?subject=subscribe>
List-Id: Friends of Rohit Khare <fork.xent.com>
List-Unsubscribe: <http://xent.com/mailman/listinfo/fork>,
    <mailto:fork-request@xent.com?subject=unsubscribe>
List-Archive: <http://xent.com/pipermail/fork/>
Date: Sun, 11 Aug 2002 23:10:25 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 11 Aug 2002, Gordon Mohr wrote:

> > Users don't like entering passphrases when sending email. USB fobs, smart 
> > cards or other removable hardware are not yet widespread.
> 
> Bad assumption.

Not really. If code can sign stuff without me being aware of it that
pretty much invalidates the (already tenuous, since it assumes me trusting
the contents of the frame buffer) concept of a digital signature.

A secure piece of hardware puts the keyring outside of any code's reach.  
The key never leaves the hardware compartment. I have to mechanically
acknowledge a signing process. The cryto fob then falls back to the
default state: locked.
 
> A reasonable UI would have me enter my passphrase *at most* each 
> time I launch my mail program -- never more than once per day,
> sometimes once per week. 

I'm pretty comfortable with entering my passphrase every time. This is not 
production key, as I usually access my home box via a SSH session, and SSH 
sessions are easily attackable with a model of your typing pattern. So 
don't expect me to announce my plutonium shipments via this medium.
 
> For some of myy workstations, I'd even be happy with the necessary
> signing key being cached on disk, so signing is automatic when I
> hit 'send'.
> 
> If spammer code can read my local hard disk, I have bigger problems
> than spoofed spam.

I agree. Nevertheless, a number of people who use cryptography have their 
machines compromised. 
 
- -- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9VtLFqlgOiYPlygIRAlRGAJ9MbPmjQESIqXD0g43aVgsLFcESSQCePf8x
smDzFndB40MbQMv0l3yzMoY=
=acss
-----END PGP SIGNATURE-----

http://xent.com/mailman/listinfo/fork

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Keyboard Shortcuts