Question regarding clearsigning emails automatically

Brian Minton minton@csc.smsu.edu
Sat, 16 Dec 2000 20:36:07 -0600 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Dec 16, 2000 at 11:00:34PM +0100, Martin wrote:

> On Saturday, December 16, 2000 (CS:6.50.351) 12:42:49 [PM] (-0600)

> Brian Minton [minton@csc.smsu.edu] wrote...

> 

> > yes, but not completely, since at a later time, you can always produce your

> > public key at a later time if necessary to prove that you did in fact write a

> > given message, or that you did not.  

>                  ^^^^^^^^^^^^^^^^^^^^

> Thats not possible! If you signed a message (which you do with your private

> key) and i verify it with your public key (and im sure its yours) i can be 

> sure YOU and nobody else wrote that message.

> If you generate a new key pair i would see that and would still have you

> public key.


okay, that makes sense.  If you upload your key, and send messages with it,
and have several people who are associated with you in real life, there is a
pretty good chance that the key is in fact your key. The only possible
scenario in which you might be able to prove (or at least indicate) that you
didn't write a message, would be if it was *purportedly* signed with your key,
but the signature doesn't verify.  However, even then, that is not really
proof.  However, I stand by my statement that you might need to prove that you
did write a message.  On the gripping hand, that still doesn't give any
plausible scenario for not sending your key.  Given that the keyservers may be
accessed through email and http, as well as the modified http used normally, I
don't see any reason for someone to be sending messages to a public forum and
not sending the public key to the keyserver.  Mind you in a closed setting
such as a corporate intranet, with messages not going out to the internet, I
suppose you wouldn't need to, but otherwise, I don't see any reason why people
don't do it, except that perhaps they aren't aware of the existence of the
public keyservers.

- -- 
Brian Minton
minton@csc.smsu.edu
Caution: in case of rapture, this computer will be unoccupied!
PGP 0xE177AFF0 fingerprint AB94 E395 78CE 0967 2542  A7B3 178C 3E66 E177 AFF0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6PCZXp0PPDCS0QgIRAk2XAJ4uNlqO0I8ml+SDb2v51uGeTjbDKwCfRvXj
2egxaSe8fCC+xO/bJ579fhk=
=cLcF
-----END PGP SIGNATURE-----

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org