Question regarding clearsigning emails automatically

Brian Minton
Sat, 16 Dec 2000 20:36:07 -0600

Hash: SHA1

On Sat, Dec 16, 2000 at 11:00:34PM +0100, Martin wrote:

> On Saturday, December 16, 2000 (CS:6.50.351) 12:42:49 [PM] (-0600)
> Brian Minton [] wrote...
> > yes, but not completely, since at a later time, you can always produce your
> > public key at a later time if necessary to prove that you did in fact write a
> > given message, or that you did not.
> ^^^^^^^^^^^^^^^^^^^^
> Thats not possible! If you signed a message (which you do with your private
> key) and i verify it with your public key (and im sure its yours) i can be
> sure YOU and nobody else wrote that message.
> If you generate a new key pair i would see that and would still have you
> public key.
okay, that makes sense. If you upload your key, and send messages with it, and have several people who are associated with you in real life, there is a pretty good chance that the key is in fact your key. The only possible scenario in which you might be able to prove (or at least indicate) that you didn't write a message, would be if it was *purportedly* signed with your key, but the signature doesn't verify. However, even then, that is not really proof. However, I stand by my statement that you might need to prove that you did write a message. On the gripping hand, that still doesn't give any plausible scenario for not sending your key. Given that the keyservers may be accessed through email and http, as well as the modified http used normally, I don't see any reason for someone to be sending messages to a public forum and not sending the public key to the keyserver. Mind you in a closed setting such as a corporate intranet, with messages not going out to the internet, I suppose you wouldn't need to, but otherwise, I don't see any reason why people don't do it, except that perhaps they aren't aware of the existence of the public keyservers. - -- Brian Minton Caution: in case of rapture, this computer will be unoccupied! PGP 0xE177AFF0 fingerprint AB94 E395 78CE 0967 2542 A7B3 178C 3E66 E177 AFF0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see iD8DBQE6PCZXp0PPDCS0QgIRAk2XAJ4uNlqO0I8ml+SDb2v51uGeTjbDKwCfRvXj 2egxaSe8fCC+xO/bJ579fhk= =cLcF -----END PGP SIGNATURE----- -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to