Verifying signatures via WWW interface

Matthew Byng-Maddick gnupg at lists.colondot.net
Tue May 14 01:08:02 CEST 2002


On Mon, May 13, 2002 at 02:42:21PM -0700, Dmitri wrote:
> On Mon, 2002-05-13 at 14:22, Toxik - Fabian Rodriguez wrote:
> > I'd like to know if it's logical to offer to people to verify signatures of
> > short texts via a web interface.
> As long as you don't mind sending your plaintext over the network, and
> telling anyone who cares to sniff the traffic what messages and who
> receives, and from who, and when...

This is less of an issue (since we're talking about verifying signatures,
it may well have come in in plaintext) than an ability to trust that the
website is not just telling you that a signature is verified, without
having bothered to do the calculation. Or alternatively telling you it
isn't when it might have done.

It's easier to verify that a binary on your disk hasn't been modified.

MBM

-- 
Matthew Byng-Maddick         <mbm at colondot.net>           http://colondot.net/




More information about the Gnupg-devel mailing list