What is the benefit of signing an encrypted email
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 12 18:17:10 CET 2011
On 01/12/2011 12:10 PM, Hauke Laging wrote:
> I mean: It is POSSIBLE to steal my secret key but it is not EASY. For normal
> email communication I regard this as enough. For signing treaties or other
> keys I use other keys (and a different environment).
yes, that's true; but here we've been talking about attacks that don't
require stealing of the key (e.g. taking a signed message and placing it
in another context). if you sign context-dependent messages as a matter
of course, then it's trivial for me to replay one of those messages and
have it imply an entirely different meaning. Is this a desirable outcome?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110112/9454e9a8/attachment.pgp>
More information about the Gnupg-users
mailing list