Signing a key (meaning)
MFPA
expires2011 at ymail.com
Mon Apr 11 12:40:41 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Monday 11 April 2011 at 9:18:36 AM, in
<mid:20110411081836.81540 at gmx.net>, Jan Janka wrote:
> but WHY should anybody (even an
> attacker) place an email address in the ID over wich
> they have no control?
People make mistakes. And plenty of people have previous email
addresses they no longer have access to (for example, accounts from
defunct IPSs or addresses they have abandoned because of spam, or
addresses on domains they used to own...).
And an attacker may include an email address they are hoping/planning
to gain control/access to in the future.
- --
Best regards
MFPA mailto:expires2011 at ymail.com
The problem is not that we're paranoid;
it's that we're not paranoid enough.
-----BEGIN PGP SIGNATURE-----
iQE7BAEBCgClBQJNotqunhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pBLkEAJxR
Mw7cbnrxMCMPvAat+623OtKqQ+n3PhiCcyXXlTPCpWOSPvdjn/Falqdi8ivyaR+n
l64OSqMkbe8G5v7TcuXhUuZj7bojuJ2cz+QS2v655WFrl6NIKHvfVYhTOEW26o+F
bib7zPpIKRczum4UFUgnQihUXYrQhL0Dy+9SuCpK
=OWxW
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list