[Enigmail] On signatures

[Robert J. Hansen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Other example: A smoke detector can give a false alarm, but that doesn't
> mean that a smoke detector "possesses absolutely no informational value."

It appears you've made a category error.

Particularly, you're confusing Type I and Type II errors, and ascribing
to digital signatures the possibility of making a Type I error.  That
mis-ascribing is the category error.  Then you're arguing by analogy to
smoke detectors, which can make the precise kind of error digital
signatures can't.

The null hypothesis in examining a message is "this message, signed by a
valid and trusted key, has been tampered with".  This is the hypothesis
we must refute in order to reach our desired answer, "this message is
authentic."

If we reject the null hypothesis (conclude "this message is authentic")
when the null hypothesis is actually true (the message really was
tampered with), we have committed a Type I error.  The likelihood of an
OpenPGP digital signature making a Type I error is less than 2**-160;
this is so close to zero that for purpose of argument I will treat it as
zero and claim OpenPGP digital signatures cannot make Type I errors.

If we accept the null hypothesis (conclude "this message has been
tampered with") when the null hypothesis is false ("this message has not
been tampered with"), we make a Type II error.  As I showed in my
earlier email, OpenPGP is rife with the potential for Type II errors.

Smoke detectors are capable of both Type I and Type II errors.
Therefore, arguing by analogy is inherently flawed, because the failure
modes are not analogous.

=====

> But these things can usually be overcome:
> Just tell the sender about it and ask him to send the message again
> (modify settings if necessary). Repeat that until the message comes
> through correctly.

Yes.  But that doesn't require you be told the signature was bad.  You
can draw these exact same conclusions from the absence of a signature.
I have been known to ask correspondents to "please re-send that message
with a signature attached" (usually when people are emailing me their
acceptance of an AUP).  Whether there is no signature present or whether
the signature was bad, the conclusion I draw is identical--"you need to
resend that message with a good signature."

Thus, since the data "the signature was bad" in no way alters my action,
it is noise as opposed to information.

=====

> This conclusion is just wrong.
> I don't *need* a 100% prove that the message was tampered with. Just
> the possibility of alteration is enough reason to do some checking.

Yes.  And that possibility exists in the total absence of signature
data.  Whether there is a bad signature on the message or no signature
on the message, your action is the same: "there is no good, valid,
trusted signature on this message, so I need to do some checking."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJHYo5wAAoJELcA9IL+r4EJnrkH/1GjNdG0Ucb289gGsLQBUXVD
K0IxpBCOXg9I6DCemY+lLmjB5fXeBJQMkx6H5O6Iw0C/isqiOc2rthhVLDlE66IY
O5evPsosksb6+ApbN+GlNAIHcv9Y9lqZLoeXwMMufeVLO9T1XiPsptqC3qnh4OmO
blCfC65MB9tlvT4mLl35GfGcKSY28KsdgPS8xUFjfUCTH8cqKFNkMHToFqRhDkr3
7hLVFZqAFtGRmDcL+btKY0iJiT7kKWT7P0vNBgMLmCw30b4fqAzEK7KaoE438V52
82NgcuZBODmhlUritHpKHRKDlgCfYaqyCAB5goGxpAIo/eE+fxMK/VXzMVZ3xq4=
=nC/h
-----END PGP SIGNATURE-----