PGP/MIME considered harmful for mobile

Aaron Toponce aaron.toponce at
Mon Feb 28 21:42:05 CET 2011

On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote:
> On 2/28/11 10:13 AM, Aaron Toponce wrote:
> > If a key has falsified signatures, it should be easy enough to find out.
> Why?
> I have never understood the tendency of people, particularly on this
> list, to assume that people who are technologically skilled and up to no
> good will not devote more than thirty seconds to coming up with
> effective methods of skulduggery.

Because all the signatures on the key will be falsified, that can be
verified by recursively extracing the signature keys from the
keyservers, and examining their signatures. Oh hey, look. The keys are
isolate from the rest of the world. Hmm.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110228/c4ad95bb/attachment-0001.pgp>

More information about the Gnupg-users mailing list