Signing a key (meaning)

Jan Janka takethebus at
Mon Apr 11 10:18:36 CEST 2011

>>One reason we use GnuPG for is we think it 
>>is significant likeky there's a "man in the 
>>middle attack" or someone has access to email 
>>accounts he should not have. Given that, what 
>>benefit does one take from knowing my communication 
>>partner has access to a certain email account?

>The biggest benefit is that you can actually email the person. ;-)

That's through, but WHY should anybody (even an attacker) place an email address in the ID over wich they have no control? 

>If you don't believe or know (to a reasonable degree) that a person has
>control of his email, then you can't communicate with them securely by
>email.  At best, they never get the message and it's pointless.  At
>worst, some hypothetical exploit by some hypothetical attacker
>compromises your communications.  (Developing this hypothetical attack
>is left as an exercise to the reader...)

Unfortunately I'm not able to develope such an attack, and think there is none of importance. Could you please help me? 

Thnks for answers, 

More information about the Gnupg-users mailing list