PGP/MIME considered harmful for mobile
aaron.toponce at gmail.com
Mon Feb 28 16:13:48 CET 2011
On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote:
> Unfortunately, barring the case where you have an actual trust path to either Martin, key signatures don't tell you much. After all, FM could easily make up dozens of fake people keys and use them to sign his key.
Yes. Understood. I should have mentioned that. However, as you mentioned
in a previous subthread, it isn't difficult to parse the dates of the
signatures, identify where they've been held, and grab other metadata.
If a key has falsified signatures, it should be easy enough to find out.
At least the recursion of grabbing keys from keyservers will be rather
short for false sigs.
At any event, I digress.
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users