mailing list pgp signatures...
g
geleem at bellsouth.net
Sat Jul 11 00:49:58 UTC 2009
Bruno Wolff III wrote:
> Because the messages are signed with the same key. So whoever is creating
> the signed messages has access to the private key. Key servers don't add a lot
> of assurance on top of this. And they add a risk that it tells other parties
> who you are communicating with.
thank you.
another reason, at least as i was told, key servers do not verify who
submits a key is actual owner of address.
i have not verified this by trying to submit a key for a different email
address, but being that person who told me was deeper into pgp and sigs,
i accept his word, as it does sound reasonable.
if someone did forge an email address and pgp sig, email origin can still
be determined by other information in header. or at least as i understand
how it all works.
--
peace out.
tc,hago.
g
.
****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090711/9d577db8/attachment-0001.sig>
More information about the fedora-list
mailing list