Can I create domain keys?

Mark H. Wood mwood at IUPUI.Edu
Wed Aug 14 16:50:35 CEST 2013 

On Wed, Aug 14, 2013 at 10:06:59AM +0000, Henry Hertz Hobbit wrote:
> On 08/14/2013 08:33 AM, Johan Wevers wrote:
> > On 14-08-2013 5:36, Foo Bar wrote:
> > 
> >> I would like to create a domain key, which can be used for all
> >> emails in a particular domain. For example, if the key is for
> >> "*@example.com", then sending to both "foo at example.com" and
> > "bar at example.com"
> >> would use this key.
> >>
> >> Is this possible with GPG?
> > 
> > You can use each key for each mail, your sender address doesn't have to
> > be the address in the key.
> > 
> 
> I am not saying you are wrong because I don't know. But it does
> seem dangerous from a real world practical point of view.
> Should I really be able to send a message pretending to come
> from herrprofessor at monsters.edu when I am really just a visitor
> to the University being awarded an Honery degree?  Part of that
> was being given a hhhobbit at monsters.edu email account since
> all people granted a Ph.D. are also given an email account that
> they can use until they are dead unless they ask that it be
> closed down.

How could you successfully pretend to be herrprofessor when your
signature (the only mechanically verifiable attribute of the message)
says hhhobbit?  The signature doesn't say anything about what the
message means or from where it was sent, only that someone controlling
a given key bound the text to himself.  Like those political ad.s
ending with "I'm John Q. Candidate and I approved this message," we
don't learn anything about the truth of the message, only that someone
recognizable is willing to stake his reputation on getting us to
believe it.

I would interpret the signature as an explicit denial that the sender
was someone other than the holder of that key.

Now, if I knew that herrprofessor and hhhobbit are the same person,
then I wouldn't think it very strange to see the two identities
mingled.  It would depend on how I have known him to use his
identities.  But if they are the same person, then what harm?  I try
to keep my personal and professional identities distinct, but some
people don't.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130814/6e27c67e/attachment.sig>

More information about the Gnupg-users mailing list