can you deny you sent a signed e-mail?
linux at codehelp.co.uk
Tue Apr 27 21:21:22 CEST 2004
On Tuesday 27 April 2004 6:37, Jerry Windrel wrote:
> That's actually a crucial question that needs to be resolved in order for
> digital signatures to be more widely adopted. If anyone can just revoke
Adoption will only move as fast as the trust. Signing with an untrusted key
declares your willingness to use GnuPG/PGP but the crucial element here is
about keysigning and trust.
> their key and claim a hacker break-in, then what good does it do to
> generate signatures to begin with?
Claiming a compromise when none occurred is deceitful, the costs of such lies
will impact on the keyowner but how much depends on the web of trust.
If the key is part of the strong set, i.e. if it's signed by other strong keys
rather than a long list of nonsense keys, then there is a lot to lose by
revoking the key. Denying a digital signature on such an email (like this
one) is going to be costly in terms of the trust held in that key and it's
Someone who habitually revokes keys is going to find it hard to get his key
repeatedly signed by other strong keys, so far less people will end up
trusting the new key.
A signature is much more than just anti-tamper - a valid signature from an
untrusted key is not as useful as a valid signature from a trusted key.
Anyone can create a new key that carries the same name and email address as
an untrusted key. Until the key (and therefore the keyid) can be trusted, you
can't know if this is a new key for an existing untrusted user or a new key
from an unknown user.
Keyservers can also provide clues here, signatures can only be verified if the
public key is public so each revoked key will show up on the keyserver. As
these don't get deleted, a search for the user might shed some light if
anyone has cause to doubt the sincerity of the claim of a compromise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040427/8df9b29b/attachment.bin
More information about the Gnupg-users