can you deny you sent a signed e-mail?
linux at codehelp.co.uk
Tue Apr 27 23:02:40 CEST 2004
On Tuesday 27 April 2004 9:28, Mortimer Graf zu Eulenburg wrote:
> Yes, but if people go in and fake complete signing networks that sign and
That is a seriously difficult task - a completely separate signing network is
easy - getting people in the strong set to trust it requires a lot of
security-aware people to be duped.
> revoke signs to make the keys appear sinister then it will be hard to argue
You cannot make someone else's strong key appear sinister by adding and
revoking signatures, you just make their key very cluttered. It's revoked
KEYS that are important in denying a signed email. If you revoke your
signature on my key, that does not affect the validity of my digital
signature and it may even have no particular effect on the level of trust in
my key because there are lots of other signatures on my key.
> around that your key underwent some sort of attack. It would be also very
> hard to defend such attacks, at last everybody is free to sign whomever key
Have you misunderstood signing, perhaps?
If you sign my key, you can only revoke your signature on my key. That doesn't
affect the validity of my key as atested by other signatures.
So if you 'attack' my key, all that happens is that I get another nonsense
signature added to the key. It doesn't invalidate the signatures made by
others and in particular is does NOT make your key trusted - I have to sign
YOUR key to make it trusted. That requires YOU to prove to me that you are
the physical person declared in the key. I will not sign your key without
full verification, so your key never becomes trusted.
A long collection of revoked signatures on a key is NOT the same as a long
list of revoked keys by a single user. It again comes back to trust - how
trustworthy are the signatures that remain? GnuPG disregards any revoked
signatures as well as signatures by untrusted keys, when calculating trust.
> he wants to and revoke it with "key compromised" or such reason..
You are free to revoke your key, but that alone cannot affect my key. That's
the strength of the web of trust, it is a web, not a chain.
There is more than one path from my key to X key in the strong set, say
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040427/61c628e4/attachment.bin
More information about the Gnupg-users