Verifying signatures via WWW interface
Matthew Byng-Maddick
gnupg-devel@gnupg.org
Tue May 14 00:08:02 2002
On Mon, May 13, 2002 at 02:42:21PM -0700, Dmitri wrote:
> On Mon, 2002-05-13 at 14:22, Toxik - Fabian Rodriguez wrote:
> > I'd like to know if it's logical to offer to people to verify signatures of
> > short texts via a web interface.
> As long as you don't mind sending your plaintext over the network, and
> telling anyone who cares to sniff the traffic what messages and who
> receives, and from who, and when...
This is less of an issue (since we're talking about verifying signatures,
it may well have come in in plaintext) than an ability to trust that the
website is not just telling you that a signature is verified, without
having bothered to do the calculation. Or alternatively telling you it
isn't when it might have done.
It's easier to verify that a binary on your disk hasn't been modified.
MBM
--
Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/