Anyone know what became of the Gaim-E Project?

Ingo Klöcker kloecker at kde.org
Mon Nov 3 21:08:29 CET 2008


On Monday 03 November 2008, David Picón Álvarez wrote:
> As far as I'm concerned signature semantics are indeed a bit
> problematic, not the least reason being that it isn't really the user
> who signs, but a piece of software, ideally by the agency of the
> user, but in actuality this is in itself hard to verify. I think an
> idea is that digital signatures should rather be regarded as seals,
> like in the ancient days when documents were authenticated that way.
> The reason I think this is a better metaphor is it follows more
> closely the reality of digital signing: it authentifies that the
> document passed through the hands of the seal-holder, but was not
> necessarily authored by them; it gives a clear feel of what happens
> when you lose your privkey (same as when you lose a seal, anyone can
> seal with it); and it detaches the idea of signing (which often
> implies active consent) from sealing (which is more like a mechanical
> act), which is good because a digital seal can end up there by
> accident (for instance if someone does not compromise your keys but
> compromises your mail client, they might be able to get you to send
> something with your seal).

There's a slight problem with the seal analogy. The seal has to be 
broken before one can read the letter and once the seal has been broken 
it does no longer prove anything. This can even be a good thing because 
it would have prevented the "Remember, you need to deliver the product  
at midnight." attack described by Robert (unless Bob would have 
forwarded the sealed letter to Charlie without having read it).


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20081103/c9c6833a/attachment.pgp>


More information about the Gnupg-users mailing list