PGP/MIME considered harmful for mobile

Aaron Toponce aaron.toponce at gmail.com
Mon Feb 28 16:13:48 CET 2011


On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote:
> Unfortunately, barring the case where you have an actual trust path to either Martin, key signatures don't tell you much.  After all, FM could easily make up dozens of fake people keys and use them to sign his key.

Yes. Understood. I should have mentioned that. However, as you mentioned
in a previous subthread, it isn't difficult to parse the dates of the
signatures, identify where they've been held, and grab other metadata.
If a key has falsified signatures, it should be easy enough to find out.
At least the recursion of grabbing keys from keyservers will be rather
short for false sigs.

At any event, I digress.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110228/04909fe7/attachment.pgp>


More information about the Gnupg-users mailing list