Signing a key (meaning)
expires2011 at ymail.com
Mon Apr 11 12:40:41 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 11 April 2011 at 9:18:36 AM, in
<mid:20110411081836.81540 at gmx.net>, Jan Janka wrote:
> but WHY should anybody (even an
> attacker) place an email address in the ID over wich
> they have no control?
People make mistakes. And plenty of people have previous email
addresses they no longer have access to (for example, accounts from
defunct IPSs or addresses they have abandoned because of spam, or
addresses on domains they used to own...).
And an attacker may include an email address they are hoping/planning
to gain control/access to in the future.
MFPA mailto:expires2011 at ymail.com
The problem is not that we're paranoid;
it's that we're not paranoid enough.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users