SHA3 IANA registration - method?
Hauke Laging
mailinglisten at hauke-laging.de
Mon Dec 17 23:20:12 CET 2012
Am Mo 17.12.2012, 14:05:32 schrieb Andrey Jivsov:
> > And how is he supposed to check the signature without having the key? Who
> > would accuse anyone of anything without even being able to make a
> > signature
> > verification for himself?
> My description includes "I quickly update the key file on the website".
> That refers to the update with the second key with colliding fingerprint.
Sure but what difference does that make? The new key does not verify the
signature.
I think it boils down to the point that anyone who wants to make claims about
a signature but does not store the respective public key is just plain stupid.
This is not a technical problem.
Hauke
--
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121217/ee1207a3/attachment.pgp>
More information about the Gnupg-devel
mailing list