[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora 11: Switching to single user mode (runlevel 1) -- Hey g.



On 7/11/2009 11:10 PM, Tim wrote:
> On Sat, 2009-07-11 at 22:49 -0400, David wrote:
>> Did I understand correctly that 'g' thinks that since he 'signs' his
>> emails to this list with an unpublished key that no one from this
>> list, for example me, can email him directly? Directly to his email
>> address instead of to the list?
> 
> That's not what I understood, more like the common belief that:
> 
> The general idea is that /real person/ signs their mail, so everyone
> else knows that the real person was the one who sent certain messages.
> But /some forger/ can't send their forged mail signed with the same
> signature, and everyone can check whether a post came from the real
> person or the forger.
> 
> However, it falls apart for various reasons:
> 
> The signature doesn't really prove much, if anything.  Other than,
> perhaps, that a message hasn't been altered in transit by another
> person.
> 
> The forger can create a signature, upload that to a key server, and fool
> some people.
> 
> The real person can send unsigned mail, and claim that it wasn't them
> that sent it, because it wasn't signed.  (An old trick for getting away
> with sending nasty mail.)


Okay. I understand the theory and the practice of GnuPG. I have for
years. I use it 'personelly' with friends, family, and close associates
for encrypted, private, emails.

My 'problem' is with the 'not publish the Public Key' thinking.

Can you explain his thinking on that?

-- 


  David


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]