can you deny you sent a signed e-mail?

Mortimer Graf zu Eulenburg eulenburg at gmx.de
Tue Apr 27 22:28:17 CEST 2004


Am Dienstag, 27. April 2004 21:21 schrieb Neil Williams:
>On Tuesday 27 April 2004 6:37, Jerry Windrel wrote:
>> That's actually a crucial question that needs to be resolved in order for
>> digital signatures to be more widely adopted.  If anyone can just revoke
>> their key and claim a hacker break-in, then what good does it do to
>> generate signatures to begin with?

>Keyservers can also provide clues here, signatures can only be verified if
> the public key is public so each revoked key will show up on the keyserver.
> As these don't get deleted, a search for the user might shed some light if
> anyone has cause to doubt the sincerity of the claim of a compromise.

Hi Neal, 

Yes, but if people go in and fake complete signing networks that sign and 
revoke signs to make the keys appear sinister then it will be hard to argue 
around that your key underwent some sort of attack. It would be also very 
hard to defend such attacks, at last everybody is free to sign whomever key 
he wants to and revoke it with "key compromised" or such reason..

Greetz from Berlin, Mortimer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040427/1a329e87/attachment.bin


More information about the Gnupg-users mailing list