Signing a key (meaning)
Grant Olson
kgo at grant-olson.net
Tue Apr 12 01:34:11 CEST 2011
On 04/11/2011 07:09 PM, MFPA wrote:
> Hi
>
>
> On Monday 11 April 2011 at 11:49:10 PM, in
> <mid:4DA38566.4030401 at grant-olson.net>, Grant Olson wrote:
>
>
>> I don't think it counts as the middle if you have
>> access to the email account.
>
>> If I've got your logon info, and I'm accessing your
>> account that way, it's no longer invisible when I try
>> to quickly delete the original message and throw up a
>> fake replacement. You might see a message hit the
>> inbox, get deleted, and see a similar one pop up from
>> your mail client. And if you reply to the forged
>> message, I can't stop that from going out into the
>> world to trick the other party.
>
> That's all fair enough, but I still think the standard MITM attack is
> an example of "some hypothetical exploit by some hypothetical attacker
> compromises your communications."
>
>
Yes, of course. I was referring to the scenario somewhere in this
thread where a malicious user has illegal access to your email account.
For that case, I have a hard time conjuring up a reliable exploit where
people are sending you stuff that gets to your inbox with the attacker's
key, and you don't notice anything suspicious.
--
-Grant
"Look around! Can you construct some sort of rudimentary lathe?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110411/6feaa9da/attachment.pgp>
More information about the Gnupg-users
mailing list