SHA3 IANA registration - method?

Hauke Laging mailinglisten at hauke-laging.de
Mon Dec 17 23:20:12 CET 2012


Am Mo 17.12.2012, 14:05:32 schrieb Andrey Jivsov:

> > And how is he supposed to check the signature without having the key? Who
> > would accuse anyone of anything without even being able to make a
> > signature
> > verification for himself?

> My description includes "I quickly update the key file on the website".
> That refers to the update with the second key with colliding fingerprint.

Sure but what difference does that make? The new key does not verify the 
signature.

I think it boils down to the point that anyone who wants to make claims about 
a signature but does not store the respective public key is just plain stupid. 
This is not a technical problem.


Hauke
-- 
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121217/ee1207a3/attachment.pgp>


More information about the Gnupg-devel mailing list