Anyone know what became of the Gaim-E Project?

Kevin Hilton kevhilton at gmail.com
Mon Nov 3 16:58:41 CET 2008


I'm going to try to steer this back onto a relevant topic

Robert

I love your "off the cuff feelings" about things.  Its when you are at
your best.  Question:

What value do signatures serve then however other than to provide data
authentication but not sender authentication? How can you be sure in
any case that if you get an unsigned transmission, that the data is
secure, was altered, or that a signature was just mistakingly not
appended?  As a counter argument -- if the private key was stolen and
a message signed using the stolen signature, it really doesn't act to
prove sender authenticity either -- but I guess it does serve to prove
data authenticity.

So in the best case scenario if the private keys are kept truly
private and secure, the signature mechanism works as designed.  In
unideal circumstances however, this "trust" mechanism falls apart
however.  Seems like somewhat of a quandary?



More information about the Gnupg-users mailing list