Looking for Elgamal sign+encrypt key information

[Kurt Fitzner]

John might have also gotten a counter signature.  That's exactly my
point.  MIGHT have.  And MAYBE there isn't any point in trying to crack
signatures.  And POSSIBLY it wouldn't be in their best interest to crack
signatures anyways.  Are you willing to bet your identity on it, though?
The people for who would crack keys for gain want you to make exactly
that bet.

So why rest your identity on signature exchange methodologies?  Why rest
your identity on the fact that some people think that there's no point
in cracking a signature?  

The arguments against >1024bit signatures basically boil down to... why
bother, ugly signatures, probably isn't any point.  Really, then, why do
we all use GnuPG/PGP?  For 99% of us, it's probably 80% coolness factor,
with 20% paranoia/what-if/why not tossed in.  The very arguments I tend
to hear against >1024-bit signature keys are the very arguments against
GnuPG/PGP itself.  Why bother.  Ugly signatures.  Probably doesn't
matter anyways.

Even if it's mostly coolness-factor causing you to use it, my
suggestion: if you're going to use it, then USE it.  And lobby, as
users, for the algorithms, protocols, and standards that offer real
protection.

Regards,

	Kurt Fitzner

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of John A. Martin
Sent: March 16, 2004 7:35 AM
To: gnupg-users at gnupg.org
Subject: Re: Looking for Elgamal sign+encrypt key information


>>>>> "Kurt" == Kurt Fitzner
>>>>> "RE: Looking for Elgamal sign+encrypt key information"  Mon, 15 
>>>>> Mar 2004 22:36:53 -0700

    Kurt> We now have two conflicting sets of documents.  Both
    Kurt> apparently signed by the same key.

But John might have also have gotten a counter-signature of sorts like
perhaps <http://www.itconsult.co.uk/stamper/stampinf.htm>.  (See the
heading "Trusting Stamper".)

        jam