small security glitches

Peter Lebbing peter at digitalbrains.com
Tue Nov 1 13:51:29 CET 2011


On 01/11/11 13:35, Aaron Toponce wrote:
> The "glitch" is that for security AND trust, messages must be both
> encrypted and signed.

In that case, I find it to be phrased very awkwardly.

Encryption provides encryption: people can't see what is in it. Period.

Signing provides a form of integrity: people can see that the signer attests
that the data is correct in some way.

So how is it a security glitch that encryption does not provide trust? It is a
glitch in someone's thinking to think that it does. PEBKAC. The advice to also
sign is sound, the absolute "you should always" is overdoing it, IMHO.

Personally, I was more thinking along the lines of the reasons to introduce the
MDC. Can't remember off the top of my head how that all pieced together.

In that case it might be useful to revise the text to say a few words on MDC's.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list