easy email encryption
Michael H. Warfield
mhw at wittsend.com
Mon Oct 21 22:18:02 CEST 2002
On Mon, Oct 21, 2002 at 09:24:36AM +0200, Werner Koch wrote:
> On 20 Oct 2002 22:47:21 -0500, Jacob Perkins said:
> > following: given an email (address + message), retrieves a pgp/gpg key
> > locally or from a key server (local network or public), then encrypts
> This can't work because a public keysever may carry several keys
> for the same email address. You need another criteria to decide which
> key to use; probablky the best thing is to require a key signature
> from a well-known key.
Even worse... Those keys may not even come from the owner of
the E-Mail address.
Bruce Schneier says there is a key on the ring with his address
on it but it's not his. He gave up trying to get rid of it since the
keyservers resync it back faster than he can nuke copies and he can't
get to all the copies. Obviously, he can revoke it either, since he
didn't generate it. So the owner of an E-Mail address can even get
rid of malicious or bogus keys in his own name.
> Shalom-Salam,
> Werner
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the Gnupg-devel
mailing list