MUA "automatically signs keys"?
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Fri Jan 31 02:28:20 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Thursday 30 January 2014 at 10:03:53 PM, in
<mid:1703510.WrKrPo3DPU at mani>, Johannes Zarl wrote:
> If the same email-address is used together with the
> same key for a long time, it effectively ties the
> email-address to a person for all practical concerns.
> After all, you are communicating via email with someone
> you have never seen.
Didn't two or three people on this list all use the same key to sign
messages to this list a few years ago, for quite a while before
anybody noticed?
> If someone else hijacks (maliciously or not) the email
> address without also infiltrating that person's PC and
> stealing the secret key, then the key would change.
Fair point.
> If the initial communication was subject to a
> MITM-attack, the key would change as soon as the MITM
> attack stops or gets sidestepped. The quality of this
> "canary" improves with the number of signatures over an
> extended time.
If the MITM attack lasts "an extended time" all the signatures would
be on the key of the MITM-attacker...
> In either scenario, you would notice that something was
> afoul as soon as the key changes and investigate.
You _might_ notice.
> The result is not perfect glorious privacy, just pretty
> good for the average(tm) user.
(-;
- --
Best regards
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
A wise man once said ..."I don't know."
-----BEGIN PGP SIGNATURE-----
iPQEAQEKAF4FAlLq/DtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pJw0D/iIg2+QPC9BhsyRJUeWvr9yuw0OzGrhO0ggq
kdxWyzuKRVo2PLRWUhZ6hazO4miiosOW52D5WvTb6/UDM04xK7d4fjKmOmHobbgv
fioOmpUCjWGxaKDo0kour7+gqiY54QVgi6XbdeXsmvLQcDJz+9oqWT53TtEnIdSq
qDyTK9DO
=E4xw
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list