[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mailing list pgp signatures...

Bruno Wolff III wrote:

> Because the messages are signed with the same key. So whoever is creating
> the signed messages has access to the private key. Key servers don't add a lot
> of assurance on top of this. And they add a risk that it tells other parties
> who you are communicating with.

thank you.

another reason, at least as i was told, key servers do not verify who
submits a key is actual owner of address.

i have not verified this by trying to submit a key for a different email
address, but being that person who told me was deeper into pgp and sigs,
i accept his word, as it does sound reasonable.

if someone did forge an email address and pgp sig, email origin can still
be determined by other information in header. or at least as i understand
how it all works.


peace out.



in a free world without fences, who needs gates.
help microsoft stamp out piracy - give linux to a friend today.
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]