What is the benefit of signing an encrypted email
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 12 18:17:10 CET 2011
On 01/12/2011 12:10 PM, Hauke Laging wrote:
> I mean: It is POSSIBLE to steal my secret key but it is not EASY. For normal
> email communication I regard this as enough. For signing treaties or other
> keys I use other keys (and a different environment).
yes, that's true; but here we've been talking about attacks that don't
require stealing of the key (e.g. taking a signed message and placing it
in another context). if you sign context-dependent messages as a matter
of course, then it's trivial for me to replay one of those messages and
have it imply an entirely different meaning. Is this a desirable outcome?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users