Signature semantics (was Re: Anyone know what became of the Gaim-E Project?)

David Shaw dshaw at
Tue Nov 4 18:04:19 CET 2008

On Mon, Nov 03, 2008 at 06:38:08PM -0500, Robert J. Hansen wrote:
>> which is fairly wide open to whatever meaning
>> anyone wants to apply to it (that's a feature, not a bug).
> Right, and this much doesn't bother me.  It's when people start  
> ascribing meaning to bad signatures, or the nonexistence of signatures, 
> that I begin to get frustrated.  A bad signature doesn't mean the message 
> was tampered with -- the alteration could have been in the signature and 
> not the message itself, just to name one possibility.

Indeed.  The alteration also may or may not be malicious.  The most
common alteration I've ever seen are mail programs that break the
signature via word-wrap or the like.  (Hence the frequent "Does my
signature verify now?" message chains on some crypto mailing lists).


More information about the Gnupg-users mailing list