Anyone know what became of the Gaim-E Project?

David Picón Álvarez david at
Mon Nov 3 17:23:32 CET 2008

As far as I'm concerned signature semantics are indeed a bit problematic, 
not the least reason being that it isn't really the user who signs, but a 
piece of software, ideally by the agency of the user, but in actuality this 
is in itself hard to verify. I think an idea is that digital signatures 
should rather be regarded as seals, like in the ancient days when documents 
were authenticated that way. The reason I think this is a better metaphor is 
it follows more closely the reality of digital signing: it authentifies that 
the document passed through the hands of the seal-holder, but was not 
necessarily authored by them; it gives a clear feel of what happens when you 
lose your privkey (same as when you lose a seal, anyone can seal with it); 
and it detaches the idea of signing (which often implies active consent) 
from sealing (which is more like a mechanical act), which is good because a 
digital seal can end up there by accident (for instance if someone does not 
compromise your keys but compromises your mail client, they might be able to 
get you to send something with your seal).

Where I have a difference is in the I love you example. Clearly you could 
send the unsealed data (plaintext, whatever) to someone else and end up in 
trouble, but the reasonable thing to do would be to send the document sealed 
by the original sender, as you received it, same as when you forward an 
e-mail the headers are on top indicating it does not come from you, so the 
example is, I think, a bit contrived and inapplicable.


More information about the Gnupg-users mailing list