Unattended signing
Ingo Klöcker
kloecker at kde.org
Tue Feb 24 21:25:17 CET 2015
On Tuesday 24 February 2015 01:36:25 Daniele Nicolodi wrote:
> Hello Daniel,
>
> thanks for your reply.
>
> On 21/02/15 20:11, Daniel Kahn Gillmor wrote:
> > On Wed 2015-02-18 13:46:19 -0500, Daniele Nicolodi wrote:
> >> I have a sufficient trust in the security of the server where the
> >> automated process runs, but I would like to reduce to a minimum the
> >> risks.
> >
> > there are risks with unattended signing in general, related to what
> > messages you allow to get passed to your system. I'm sure you've
> > already thought about this, but i'll just put it out there in case
> > someone else reading this later hasn't thought about it enough.
>
> I was not very clear on this: the unattended signing is performed by an
> application that collects some sensible data and sends them by email
> encrypted and signed.
I can understand that you want to encrypt the sensible data. But why do you
want to sign it?
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150224/3320f1f9/attachment.sig>
More information about the Gnupg-users
mailing list