Signing a key (meaning)

Grant Olson kgo at
Tue Apr 12 01:34:11 CEST 2011

On 04/11/2011 07:09 PM, MFPA wrote:
> Hi
> On Monday 11 April 2011 at 11:49:10 PM, in
> <mid:4DA38566.4030401 at>, Grant Olson wrote:
>> I don't think it counts as the middle if you have
>> access to the email account.
>> If I've got your logon info, and I'm accessing your
>> account that way, it's no longer invisible when I try
>> to quickly delete the original message and throw up a
>> fake replacement.  You might see a message hit the
>> inbox, get deleted, and see a similar one pop up from
>> your mail client.  And if you reply to the forged
>> message, I can't stop that from going out into the
>> world to trick the other party.
> That's all fair enough, but I still think the standard MITM attack is
> an example of "some hypothetical exploit by some hypothetical attacker
> compromises your communications."

Yes, of course.  I was referring to the scenario somewhere in this
thread where a malicious user has illegal access to your email account.
 For that case, I have a hard time conjuring up a reliable exploit where
people are sending you stuff that gets to your inbox with the attacker's
key, and you don't notice anything suspicious.


"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110411/6feaa9da/attachment.pgp>

More information about the Gnupg-users mailing list