Something else.

So, public key signatures aren’t the way to go.

Mebbe something else.

Advertisements

6 thoughts on “Something else.

  1. Brandon Shollenberger

    I’m not sure I understand the logic of what you’re doing, but more on that in a second. The main thing I wanted to say is posting any lengthy string of characters at the end of your comments will get annoying for other people. A better option would be to use HTML to mask it. There are a few ways to do it, but the easiest would probably be just to embed the string as a link. The link obviously won’t work, but anyone can copy the URL from it to get the string. That would let you include the string in comments without it being obnoxious.

    As for what you’re doing, it seems you were just posting an encryption key along with your comments. That doesn’t accomplish anything. Posting the same key over and over means anyone can just copy the string and post it themselves. At a minimum, what you would need to do is to use that encryption key to encrypt something.which you would then post. The problem with that is if you used something anyone could decrypt to verify your identity, then everyone would have enough information to clone your identity.

    The only way I see it truly working is if you worked with the people you want to be able to verify your identity. There are a lot of ways to do that. You just run the risk of every person who can verify your identity being able to steal your identity.

    Like

    Reply
    1. markbofill Post author

      Oh, hello Brandon! 🙂

      I’m not sure I understand the logic of what you’re doing, but more on that in a second. The main thing I wanted to say is posting any lengthy string of characters at the end of your comments will get annoying for other people. A better option would be to use HTML to mask it. There are a few ways to do it, but the easiest would probably be just to embed the string as a link. The link obviously won’t work, but anyone can copy the URL from it to get the string. That would let you include the string in comments without it being obnoxious.

      Yeah. It got annoying. I did it three times and people complained & Dr. Curry started editing the signatures off. 😦
      Masking it sort of defeats the purpose.

      As for what you’re doing, it seems you were just posting an encryption key along with your comments. That doesn’t accomplish anything. Posting the same key over and over means anyone can just copy the string and post it themselves. At a minimum, what you would need to do is to use that encryption key to encrypt something.which you would then post. The problem with that is if you used something anyone could decrypt to verify your identity, then everyone would have enough information to clone your identity.

      No, actually I was posting a PGP signature. The idea was, one can copy that part into the clipboard and use gpg4win to validate the signature if you’ve downloaded the public key for that user and put it in your keyring. It wouldn’t be the same key [edit:signature] over and over; I was putting a name date timestamp in there with a comment reference number. Not ideal, I know.

      The only way I see it truly working is if you worked with the people you want to be able to verify your identity.

      Yup, there’s the rub. PGP is too much trouble to take, nobody’s gonna bother.

      The trouble right now over at CE is that registration scares away some commenters Dr. Curry would like to keep, but turning off registration permits some fool or group of fools to impersonate other denizens. This takes Dr. Curry’s time and attention, to weed those comments out. Also it’s annoying to have a conversation with someone and have to figure out if you’re talking to the person you thought you were or to a sockpuppet.

      CE is on WordPress.com. I’m looking at python script solutions that Dr. Curry could run to help automate handling of the problem right now.

      Always good to hear from you sir, hope you’re doing well! 🙂

      Like

      Reply
      1. markbofill Post author

        You know, now that I’ve thought through what you said, the link thing is a darn good idea…
        Still, nobody’s gonna take the trouble to check.

        Like

      2. markbofill Post author

        The part I forgot to mention; the signature gets generated using my private key. I post my public key, and I use my private key to generate the signatures. Giving away signed messages and my public key don’t let people forge me, although they can certainly copy my signed messages they can’t change them. It behooves the user to change the signed part in some meaningful way every post. Hence the time stamp thing.

        Like

      3. markbofill Post author

        A surviving example of the experiment here.

        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA256
        
        MarkBofill 04/17/2015 at 6:55 AM, signed comment #1
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v2
        
        iQEcBAEBCAAGBQJVMPTCAAoJEIMVEIWKyBYtnrEH+wYNWAVYEY4AAP1eyn4hqAja
        EaBnT92cN+F3/gXp9C9D0oAtk4AFX/Mxf1/vZxsFYIwXWGUZmAac3cpVnmtRDQOP
        mMNBmeUUTxg5hKSRbKoArLDd7cEgSgrgQgffrFVMn2imix3C2YmhlbR4i7m9NTfO
        MMr56UUQ+lYllo+Cd93dprKsg/4RU2IGWY2a4leYbrK7GqgTBXSq+xkKhIwenM1U
        JKiVretOEXi/I8NhNbSe25y8qCZpr0rL6V4iSRY4sx23U9GHcY3E5LHYAr1Tgkmc
        00fmV/VG6HgGRGn4oyUFB/VZbTWV7CUdRkEV4/avq7LzVK79mUIobOwyPnHvpVU=
        =ATv7
        -----END PGP SIGNATURE-----
        

        So, the part between BEGIN PGP and END PGP is validate-able. The MarkBofill 04/17/2015 at 6:55 AM, signed comment #1 is the protected payload. The whole shebang can be copied, but changing the payload would invalidate the signature. Since the payload’s a timestamp and sequence number, … yeah I know. A piece of software would cheerfully do this sort of processing, human users not so much.
        It was a fun little excursion though.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s