MUA "automatically signs keys"?
2014-667rhzu3dc-lists-groups at riseup.net
Fri Jan 31 02:28:20 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 30 January 2014 at 10:03:53 PM, in
<mid:1703510.WrKrPo3DPU at mani>, Johannes Zarl wrote:
> If the same email-address is used together with the
> same key for a long time, it effectively ties the
> email-address to a person for all practical concerns.
> After all, you are communicating via email with someone
> you have never seen.
Didn't two or three people on this list all use the same key to sign
messages to this list a few years ago, for quite a while before
> If someone else hijacks (maliciously or not) the email
> address without also infiltrating that person's PC and
> stealing the secret key, then the key would change.
> If the initial communication was subject to a
> MITM-attack, the key would change as soon as the MITM
> attack stops or gets sidestepped. The quality of this
> "canary" improves with the number of signatures over an
> extended time.
If the MITM attack lasts "an extended time" all the signatures would
be on the key of the MITM-attacker...
> In either scenario, you would notice that something was
> afoul as soon as the key changes and investigate.
You _might_ notice.
> The result is not perfect glorious privacy, just pretty
> good for the average(tm) user.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
A wise man once said ..."I don't know."
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users