[dathinab]

> However, they are also repudiatable (i.e. non-opposable) -- since all packet signatures are produced with symmetric keys, the recipient of a message cannot, at any point in time, prove to a third party that he was not in fact the author of that message.

So basically there is intentionally no way to prevent message forgery by the recipient. Why?

Also tbh. how can I trust a person who in 2021 still hasn't understood that/why HTTPS is important for security even if you only provide read only content with making proper crypto/security decisions?

[asciilifeform]

Author of linked article speaking. (How it ended up here -- I have no idea, I'm rather surprised that it was of interest to more than the 3 people for whom it was written.)

This flame is doubly funny given how the article specifically concerns algorithms for possible decentralized cryptonets.

HTTPSism is deliberately broken on my WWW, to annoy unthinking servants of the PKI Reich.

For the thick: at the start, there is a PGP-signed copy of the text offered. And yes I in fact live and die by my PGP identity. And not Verisign et al's NSA-controlled PKI horror, no.

[dathinab]

> at the start, there is a PGP-signed copy of the text offered

Which shows you don't understand the problem.

HTTPS on content only sides is primary about preventing people with tampering with the website in ways which potentially can hurt you from just opening them. The increased trust-ability of the content is important too, but only secondary.

A PGP signed copy helps me to verify the content after I already fully loaded it with a lot of additional overhead.

It doesn't prevent JS injected into your side from being executed, does it prevent a injected http redirect to a fingerprinting site or similar (which e.g. could use non JS fingerprinting or potential non JS based RCE attack vectors, which luckily I haven't heard of in browsers in recent years but are not impossible at all.).

As long a browsers don't check the signature before loading/parsing any content it isn't secure.

EDIT: In general in 2021 using HTTS "doesn't cost you anything" (in the sense of nearly anyone can afford it), neither does it prevent you from still doing what you currently do (standing by PGP(oversimplified)) and being against the by now pretty much not-undoable not-decentralized HTTS infrastructure. But realism is a important part of security.

[asciilifeform]

> HTTPS on content only sides is primary about preventing people with tampering with the website

"people" here specifically excluding Verisign & its successor racketeers, the NSA (plus bananistani national equivalents thereof).

> in ways which potentially can hurt you from just opening them

Running shitware is optional.

> It doesn't prevent JS injected into your side from being executed

The only solution to malicious JS is... to switch off JS. Asking people you don't know to pay the cert tax does not somehow guarantee that their JS is not malicious.

> ... check the signature before loading/parsing any content it isn't secure.

"Secure content" is what you obtained from someone you actually trust and verified with a pubkey you received out of band (ideally -- meatspace). All other content may as well have been authored by evil martians, despite any pretense to the contrary.

> by now pretty much not-undoable not-decentralized HTTS infrastructure

What part of "Where I still have the freedom not to use the Reich's master-keyed pseudocryptographic garbage - I will not use it" is hard to understand?

IMHO it is quite strange that the "HTTPS-everywhere" nonsense isn't immediately understood by everyone for what it is -- simply Google's latest effort to stymie ad-blocking (with the applause of NSA, whose mission today consists largely of efforts to retard the development of actual - i.e. not masterkeyed and not escrowed - crypto.)

[wizzwizz4]

“Message forgery by the recipient” is a bit strong. It's more like “lying by the recipient”, since the signature is only meaningful to the recipient.

This stops stuff you say in chat from following you around, unless you choose to sign it with your regular private key.

[dathinab]

“Message forgery by the recipient” is a bit strong.

It's exactly what it allows: The recipient can forge a message they supposedly did receive.

Try explaining "yes it's encrypted and prevents forgery, but not if it's forged by the recipient" to a judge or the media after there was a scandal ;=)

[wizzwizz4]

Messages are put into wax-sealed envelopes before being sent over the internet. This evidence is an open envelope with some wax on it.

This digital signature proves the message was written by a party to the communication, but it doesn't prove which one.

Encryption keys can be used to make digital signatures. Anyone with the key for this communication could've made that signature; not just the sender, but the receiver as well.

(I'm sure you can think of more.)

[nerdponx]

I find this weird and almost the opposite of what I would want.

I would want a system where I cannot repudiate messages that I sent, but I must repudiate (i.e. cannot claim authorship of) messages that I did not send.

As far as I understand, isn't that how asymmetric encryption typically works? What's the advantage of symmetric encryption in this case?

[eru]

See https://en.wikipedia.org/wiki/Off-the-Record_Messaging