1553: "Public Key"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
Dr What
Posts: 69
Joined: Wed Dec 26, 2012 6:43 am UTC

1553: "Public Key"

Postby Dr What » Mon Jul 20, 2015 4:53 am UTC

Image
title="I guess I should be signing stuff, but I've never been sure what to sign. Maybe if I post my private key, I can crowdsource my decisions about what to sign."

The driver signature enforcement in Windows 8 was very annoying when I was using some old hardware.

gimmespamnow
Posts: 50
Joined: Wed Sep 14, 2011 6:35 am UTC

Re: 1553: "Public Key"

Postby gimmespamnow » Mon Jul 20, 2015 5:10 am UTC

So I work for the technical support department of a software/hardware company, and sometimes customers call us up and are having trouble connecting our devices to their WPA2-Enterprise WiFi network... The problem is usually that they need to load a X.509 certificate onto the device, and I explain how to do that, but you have to format the certificate file right (Base64, it is tough!) and put the file in the right place and then enable it, so sometime when people have trouble, so I tell them to send me the crt file and I can load it for them. And they inevitably end up sending me a file that contains not the cert, but their private key. Well, that is why it won't load...

sbkp
Posts: 29
Joined: Wed Jul 04, 2012 1:29 pm UTC

Re: 1553: "Public Key"

Postby sbkp » Mon Jul 20, 2015 6:46 am UTC

He should definitely sign his private key, though, for... Um... Well, you know. So we know it's really his.

bowlercaptain
Posts: 1
Joined: Mon Jul 20, 2015 9:16 am UTC

Re: 1553: "Public Key"

Postby bowlercaptain » Mon Jul 20, 2015 9:21 am UTC

Okay but seriously. Why aren't we, as a society, using crypto yet? Is it just too inconvenient? Too ugly? Does it seem like it requires more import than our day-to-day lives call for? I know a major problem is the small number of people who understand it enough to trust it, but what about those who do trust it? Why have I sent two PGP signed messages in the multi-year lifespan of my email address and key identity? -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

GAH!
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvKBxSb2JlcnQgTW9jayA8cm9iZXJ0amFtZXNtb2NrQGdtYWlsLmNv
bT4FAlWsvTgACgkQS4FrAUKmAsE43Q/+P55XnxSzMajTQ9SQUpCmcz5KDDd6NGhL
5iM8x5ynEfjdIeQZh3U2ZaEsh/VBXtb2wOQHFn76vim7NG62KImthZDFG8MC8FBG
jJGgGmOQq51+O5lCmOXSryojuRAbAviDJMfPYyR6Goayoaetnm/DyKjbHm5i6Qlb
jAiMUIi/XlTnLdUTjp1HNTYLt4XEnYHXctuJWh9fuDtTyfjY7661GM3n/G4/Kt0M
fdifWARoYz41P2jcdMR4yVlo3bdGMbC/+RXNz3H0SZ7fSV2n4zhzKeHMSzMwryb9
8zgm4IPFSHoFxW5stD/Kvxwbige+TvIm75wIv3dtNlyStVqtEC09dor/kN1IR3aP
trdjgqSQIBhi7S+CgQz1mQmZdDHez2BZoOWxYEYxGPKgt7Jrjst99uOO7+1zC/pp
Jdo3STMEYGpSfUy6LmGAIZC4eGBzLU5hb8fGcP51bcsU5IVZn/aZCYzXFyDSXsmN
NezBp06uXSDiVg9KE97VSFzUKFouJCouC5dwV9xL+TG0ts/AwRkH6c7kz5hGa4tL
BsM3h5CRnl8tHrKFY3V3qDehPYRpn7NXAvpasetHrbnj0glF/Ra4rYIqbJrNzZ1S
49rAZ68Z/zYcqY88Iy0zm+gvnEr2BN+k2EMDwA09s8jbWzswbiY1annzCeZhOCvh
OpqHzyJ+Plk=
=+TRS
-----END PGP SIGNATURE-----

User avatar
StClair
Posts: 409
Joined: Fri Feb 29, 2008 8:07 am UTC

Re: 1553: "Public Key"

Postby StClair » Mon Jul 20, 2015 10:26 am UTC

That feeling when you realize that nothing you have ever posted, or ever will, is actually interesting or valuable enough - to anyone - to bother encrypting.
That you are not even worth a $5 wrench.

(related: "why do I even have a lock on my diary?")

User avatar
Locoluis
Posts: 102
Joined: Mon Dec 11, 2006 7:30 pm UTC
Location: Santiago, Chile
Contact:

Re: 1553: "Public Key"

Postby Locoluis » Mon Jul 20, 2015 10:38 am UTC

StClair wrote:That feeling when you realize that nothing you have ever posted, or ever will, is actually interesting or valuable enough - to anyone - to bother encrypting.


... or that most of us aren't influential enough for anyone to bother impersonating us. 8-)
Sueños del Sur - A webcomic about four siblings, their family, friends, adventures and dreams.
http://sds.lgm.cl/

User avatar
bachaddict
Handel Played it Better
Posts: 484
Joined: Wed Dec 19, 2012 7:18 am UTC
Location: Aotearoa

Re: 1553: "Public Key"

Postby bachaddict » Mon Jul 20, 2015 11:01 am UTC

Locoluis wrote:
StClair wrote:That feeling when you realize that nothing you have ever posted, or ever will, is actually interesting or valuable enough - to anyone - to bother encrypting.


... or that most of us aren't influential enough for anyone to bother impersonating us. 8-)

You can influence where your money goes. That's enough for a lot of people to want to impersonate you!
slinches wrote:Also, the OTC isn't a disease. In fact, it's the cure. As we all know, Time heals all wounds.

Thanks for the molpish wig ggh!
he/him/his

LockeZ
Posts: 51
Joined: Mon Jan 19, 2009 8:30 am UTC

Re: 1553: "Public Key"

Postby LockeZ » Mon Jul 20, 2015 12:42 pm UTC

They can't possibly make worse decisions about my money than the ones I'm making on my own.

User avatar
Whizbang
The Best Reporter
Posts: 2238
Joined: Fri Apr 06, 2012 7:50 pm UTC
Location: New Hampshire, USA

Re: 1553: "Public Key"

Postby Whizbang » Mon Jul 20, 2015 2:04 pm UTC

Image

User avatar
Echo244
Posts: 511
Joined: Wed May 20, 2015 9:49 am UTC
Location: Ping! Ping! Ping! Ping!

Re: 1553: "Public Key"

Postby Echo244 » Mon Jul 20, 2015 2:39 pm UTC

LockeZ wrote:They can't possibly make worse decisions about my money than the ones I'm making on my own.


...bitcoins? Greek bonds? Magic beans?
Unstoppable force of nature. That means she/her/hers.
Has committed an act of treason.

rmsgrey
Posts: 3655
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 1553: "Public Key"

Postby rmsgrey » Mon Jul 20, 2015 2:41 pm UTC

StClair wrote:That you are not even worth a $5 wrench.


How about a rock or a tree-branch? They're both significantly cheaper (well, maybe not once you take into account the opportunity cost of obtaining them).

Besides, convention dictates a length of rubber hose.

Yosarian2
Posts: 29
Joined: Wed Sep 14, 2011 9:28 pm UTC

Re: 1553: "Public Key"

Postby Yosarian2 » Mon Jul 20, 2015 5:23 pm UTC

Echo244 wrote:
LockeZ wrote:They can't possibly make worse decisions about my money than the ones I'm making on my own.


...bitcoins? Greek bonds? Magic beans?


I remember back when I was in college, my sister was making fun of me for buying magic cars while she was investing in stocks.

My response was "My magic cards actually turned out to be a better investment." (This was right after the dot.com bubble burst...)

xtifr
Posts: 366
Joined: Wed Oct 01, 2008 6:38 pm UTC

Re: 1553: "Public Key"

Postby xtifr » Mon Jul 20, 2015 10:31 pm UTC

So now we can eliminate Debian Developer from the list of jobs that Cueball might have ever held! :)

In addition to using my keys with Debian, I also actually did receive an unsolicited email from someone that was encrypted with my public key, once. Still to this day not sure why it was encrypted, but it did feel pretty neat to see!

Edit (a bit later): This article by the EFF just appeared in my feed: https://www.eff.org/deeplinks/2015/07/ethiopian-arrests-internet-security-training-undermine-right-privacy

I think this is a timely reminder that while many of us have the comfort of treating encryption as a toy we can play with and mostly ignore for, say, fifteen years or so, in some parts of the world, it may be more a matter of life or death.
"[T]he author has followed the usual practice of contemporary books on graph theory, namely to use words that are similar but not identical to the terms used in other books on graph theory."
-- Donald Knuth, The Art of Computer Programming, Vol I, 3rd ed.

functoruser
Posts: 10
Joined: Mon Apr 28, 2008 8:13 am UTC

Re: 1553: "Public Key"

Postby functoruser » Tue Jul 21, 2015 1:50 am UTC

bachaddict wrote:
Locoluis wrote:
StClair wrote:That feeling when you realize that nothing you have ever posted, or ever will, is actually interesting or valuable enough - to anyone - to bother encrypting.


... or that most of us aren't influential enough for anyone to bother impersonating us. 8-)

You can influence where your money goes. That's enough for a lot of people to want to impersonate you!

Sure, but that's why your bank's web site, and any site that asks for your credit card number, does use crypto (or should).

User avatar
SunAvatar
Posts: 206
Joined: Sat Dec 15, 2007 3:36 pm UTC
Location: Austin, TX
Contact:

Re: 1553: "Public Key"

Postby SunAvatar » Tue Jul 21, 2015 2:39 am UTC

bowlercaptain wrote:Why have I sent two PGP signed messages in the multi-year lifespan of my email address and key identity?

I'm pretty sure that's on you. I sign every outgoing email I send. Admittedly this is partially a one-man awareness campaign on my part---I look forward to the occasions when someone asks "What's this signature.asc thing?" so that I can explain it to them---but it serves a practical purpose as well, that of setting the expectation that my email will be signed. If I only sign some emails, then no one will necessarily be suspicious if a message that purports to come from me isn't signed, and I want them to be suspicious!

That said, periods of time have gone by when I wasn't able to sign my mail for one reason or another, and I never got any commentary about it, even when my sig specifically said "If it's not signed, it's not from me." So I'm probably kidding myself that this will serve any practical purpose for the foreseeable future. I'm keeping up the habit anyway because it does have the awareness benefits, it doesn't cost me much time, and I am, after all, kind of a geek.

(Incidentally, I tried about twelve different ways of formatting this message so that I could sign it and WebPG would see the signature as valid, but nothing worked. Does anyone else have a working method?)
Non est salvatori salvator,
neque defensori dominus,
nec pater nec pater,
nihil supernum.

rmsgrey
Posts: 3655
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 1553: "Public Key"

Postby rmsgrey » Tue Jul 21, 2015 1:55 pm UTC

SunAvatar wrote:
bowlercaptain wrote:Why have I sent two PGP signed messages in the multi-year lifespan of my email address and key identity?

I'm pretty sure that's on you. I sign every outgoing email I send. Admittedly this is partially a one-man awareness campaign on my part---I look forward to the occasions when someone asks "What's this signature.asc thing?" so that I can explain it to them---but it serves a practical purpose as well, that of setting the expectation that my email will be signed. If I only sign some emails, then no one will necessarily be suspicious if a message that purports to come from me isn't signed, and I want them to be suspicious!

That said, periods of time have gone by when I wasn't able to sign my mail for one reason or another, and I never got any commentary about it, even when my sig specifically said "If it's not signed, it's not from me." So I'm probably kidding myself that this will serve any practical purpose for the foreseeable future. I'm keeping up the habit anyway because it does have the awareness benefits, it doesn't cost me much time, and I am, after all, kind of a geek.

(Incidentally, I tried about twelve different ways of formatting this message so that I could sign it and WebPG would see the signature as valid, but nothing worked. Does anyone else have a working method?)


Signatures are often hidden by default - either by the mail client or by the recipient's own wetware - so using them for content is a bit optimistic...
Last edited by rmsgrey on Tue Jul 21, 2015 3:55 pm UTC, edited 1 time in total.

User avatar
SunAvatar
Posts: 206
Joined: Sat Dec 15, 2007 3:36 pm UTC
Location: Austin, TX
Contact:

Re: 1553: "Public Key"

Postby SunAvatar » Tue Jul 21, 2015 3:19 pm UTC

rmsgrey wrote:Signatures are often hidden by default - either by the mail client or by the recipient's own wetware - so using the for content is a bit optimistic...

The signature I'm talking about doesn't really have anything to do with a 'signature' in the sense of a human-readable statement at the end of the email. For people whose mail clients aren't set up to automatically handle PGP/MIME signatures, it appears as an attachment, "signature.asc"; for people whose mail clients are, it usually shows up as a soothing green bar at the top saying that the signature is valid (or a yellow bar saying the signing key isn't recognized, if the recipient doesn't have my public key on file).

That said, it's still true that the attachment goes without comment from most recipients, not even "Stop sending me weird attachments," so I guess you're right about it being hidden. As far as I'm concerned this isn't so bad, since it means I can keep signing all my mail without worrying about coming off as preachy.
Non est salvatori salvator,
neque defensori dominus,
nec pater nec pater,
nihil supernum.

rmsgrey
Posts: 3655
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 1553: "Public Key"

Postby rmsgrey » Tue Jul 21, 2015 3:54 pm UTC

SunAvatar wrote:
rmsgrey wrote:Signatures are often hidden by default - either by the mail client or by the recipient's own wetware - so using them for content is a bit optimistic...

The signature I'm talking about doesn't really have anything to do with a 'signature' in the sense of a human-readable statement at the end of the email. For people whose mail clients aren't set up to automatically handle PGP/MIME signatures, it appears as an attachment, "signature.asc"; for people whose mail clients are, it usually shows up as a soothing green bar at the top saying that the signature is valid (or a yellow bar saying the signing key isn't recognized, if the recipient doesn't have my public key on file).

That said, it's still true that the attachment goes without comment from most recipients, not even "Stop sending me weird attachments," so I guess you're right about it being hidden. As far as I'm concerned this isn't so bad, since it means I can keep signing all my mail without worrying about coming off as preachy.


Yeah, but you mentioned having the statement "If it's not signed, it's not from me." in your sig, which only does anything if they actually read it.

User avatar
SunAvatar
Posts: 206
Joined: Sat Dec 15, 2007 3:36 pm UTC
Location: Austin, TX
Contact:

Re: 1553: "Public Key"

Postby SunAvatar » Tue Jul 21, 2015 4:10 pm UTC

Oh yeah, I did say that, didn't I.

Good point.
Non est salvatori salvator,
neque defensori dominus,
nec pater nec pater,
nihil supernum.

piratejohn
Posts: 16
Joined: Mon Aug 03, 2015 5:26 am UTC

Re: 1553: "Public Key"

Postby piratejohn » Mon Aug 03, 2015 5:50 am UTC

Echo244 wrote:
LockeZ wrote:They can't possibly make worse decisions about my money than the ones I'm making on my own.


...bitcoins? Greek bonds? Magic beans?


Magic Greek bitcoins


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Keyman, Soup and 107 guests