Signing local variable lists.

Signing local variable lists.

[Richard Stallman]

To: rms@gnu.org
Subject: Re: Is this a bad idea?
In-Reply-To: <E1BANif-0006Ra-Sm@fencepost.gnu.org>
From: Hugo Gayosso <hugo@gnu.org>
Original-Original-Sender: hugo@gnu.org
Mail-Host-Address: gnu.org
Organization: The GNU Project
Date: 07 Apr 2004 21:30:06 -0400
Sender: GNU User <hgayosso@myrealbox.com>
X-Spam-Status: No, hits=-5.4 required=5.0
	tests=IN_REP_TO,PGP_SIGNATURE,QUOTED_EMAIL_TEXT,REFERENCES,
	      REPLY_WITH_QUOTES,USER_AGENT_GNUS_UA
	version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Since you have some understanding of security issues,
> what do you think of this suggestion?

>> Ok, I have had an idea which might be stupid or not.  And it might
>> also have political implications which I am too stupid to see.  I just
>> want to put it out.

Ok, I will answer putting any "political implications" aside as I
don't understand exactly what he meant with that.


> How about the following then?
> 
> ;;; Local variables:
> ;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun)
> ;;; end:
> ;;; gpg-signed: iD8DBQFAbwnJBo350SLJfmgRAhf9AKCFvutpMNxc4oGK/vh2fdVV0MT/dgCeJn66
> ;;; Qc8BXtn2zlGbofY2YMLIAg8=
> ;;; =s5sr
> 
> Something like that.  I would then customize a variable that tells
> whose signatures I trust enough not to get the stupid question again
> and again.

I think it is OK.


* User A attaches the signature to the block.

  This part needs to be worked out exactly which format, the way I did
  it in Emacs was via 'mc-sign' and it generated the following:

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

;;; Local variables:
;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun)
;;; end:
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAdKlzMNObVRBZveYRAu5JAJ9y+5wq23ikydU0HzrQ9wiJfYW0YQCeNxl0
xX90PViGg/sfK+YxBZ/roVg=
=HShG
- -----END PGP SIGNATURE-----


> Obviously, this also makes it possible for me to look at the local
> variable block once, decide that it is good enough for me, and sign
> it.

I could think in another scheme where the same block can be signed by
different people at the same time, so in theory the more signatures it
has, the most trust you can have that it is the real thing.

The signatures could be stored in the same file, or we could have a
special directory where you store signatures and a table that shows to
which file they belong.


> Any change in local variables will render the signature invalid, of
> course.

I agree.


Hope it helps,
- -- 
Hugo Gayosso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAdKsdMNObVRBZveYRAochAJ0c8ZltlFw9TpFwZFyxP/qGHmddkgCfaLgm
2oSdu2V02mMrGALMe4H0aMw=
=rrej
-----END PGP SIGNATURE-----

Re: Signing local variable lists.

[Richard Stallman]

    >> Ok, I have had an idea which might be stupid or not.  And it might
    >> also have political implications which I am too stupid to see.  I just
    >> want to put it out.

    Ok, I will answer putting any "political implications" aside as I
    don't understand exactly what he meant with that.

Since this is authentication, not encryption, it should not cause
any legal difficulties.

Re: Signing local variable lists.

[Jason Rumney]

Richard Stallman <rms@gnu.org> writes:

> Since this is authentication, not encryption, it should not cause
> any legal difficulties.

Does that mean we can ship RSA and DH code for use in authentication,
as long as we do not explicitly provide the hooks to use the same
algorithms for encryption?

Re: Signing local variable lists.

[Richard Stallman]

    Does that mean we can ship RSA and DH code for use in authentication,
    as long as we do not explicitly provide the hooks to use the same
    algorithms for encryption?

I am not sure precisely what that means.  But the answer is probably yes.