PGP/MIME considered harmful for mobile

David Shaw dshaw at
Mon Feb 28 23:33:28 CET 2011

On Feb 28, 2011, at 4:59 PM, MFPA wrote:

>> It is reasonable
>> that if someone was being masqueraded, that person
>> would speak up and challenge the forger (e.g. "Hey,
>> you're not Martin!  I'm the real Martin, and I can
>> prove it by signing this message with the same key I've
>> used all along....").
> In John, John and Rob's experiment (if I understand correctly) they
> didn't post as each other, they simply all signed messages with the
> same secret key. I'm sure Martin would have something to say *if* he
> spotted his key's signature on messages he didn't write...

That experiment, while interesting, is not relevant to the "real Martin" / "fake Martin" situation we've been talking about.  If both Real Martin and Fake Martin have the same secret key, then there is no way to tell them apart using signatures.


More information about the Gnupg-users mailing list