key-signing and stolen subkeys
David Shaw
dshaw at jabberwocky.com
Tue May 25 17:52:44 CEST 2004
On Sun, May 23, 2004 at 11:49:56PM -0500, David Champion wrote:
> * On 2004.05.23, in <Pine.BSD.4.58L0.0405231823100.55001 at erfrnepu.fhfcvpvbhf.bet>,
> * "Atom 'Smasher'" <atom at suspicious.org> wrote:
> >
> > i wouldn't expect ~you~ to fall for this trick... but someone who is new
> > to pgp and doesn't fully understand public key crypto can be tricked into
> > using this broken keysigning protocol:
>
> Someone who's that green can be tricked, misguided, or can himself
> stumble into a lot of bad behaviors. If you try to address them all in
> documentation, as in software, you wind up with a cumbersome mass that
> doesn't suit the needs of some other set of users as well as it could.
>
> Perhaps a note concerning how to go about a key signing belongs in
> some kind of beginner material, but such a note should focus more on
> describing good procedure more than on admonishing against bad. There
> are always many more bad procedures.
Exactly. There is no need to hypothesize complicated ways for Alice
to make a mistake. If we're starting with the assumption that she
doesn't know what she is doing, just hypothesize that Mallory asks
Alice for her passphrase and key and Alice complies. Done. :)
David
More information about the Gnupg-users
mailing list