Opportunistic Encryption [Was: Keys not trusted]

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Fri May 16 08:29:02 2003


--Boundary-02=_9VIx+9iK/4lI5V8
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Thursday 15 May 2003 19:13, darren chamberlain wrote:

> An anonymous key could be used to establish that multiple messages came
> from the same user (or didn't).  It would let you know that the person
> you were corresponding with was the same person from message to message,
> even though it won't tell you who that person is.  It would (or could,
> at least) prevent someone other than the owner of the key from claiming
> to be that person in the future.

This only gives security to the *sender* of the messages. The recipients=20
cannot know that he didn't post his secret key to misc.test or something.

But the sender can easily ask proof if anybody tries to impersonate him (as=
=20
far you can impersonate an anonymous person :-)

(yes, as noted, it also gives the sender a return path for people to answer=
 in=20
secret).

cheers
=2D- vbi

=2D-=20
featured link: http://fortytwo.ch/time

--Boundary-02=_9VIx+9iK/4lI5V8
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj7EhX1gGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjQmbWQ1c3VtPTgxNjMwYmFhYmU5YTA2NzBi
YjE5YzFmYTg1MjdhN2FiAAoJEIukMYvlp/fW3hkAnjVnsBSY5cJ5Lb6Q9hDGHUky
PK9wAKCtWy+AFHzhum28w17FhZWB91zGZg==
=qnfp
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.4&md5sum=81630baabe9a0670bb19c1fa8527a7ab

--Boundary-02=_9VIx+9iK/4lI5V8--