Trusting other keys a message was encrypted to

Ingo Klöcker kloecker at
Sun Nov 8 20:48:46 CET 2015

On Saturday 07 November 2015 17:31:38 MFPA wrote:
> On Saturday 7 November 2015 at 12:30:53 PM, in
> <mid:563DEEFD.7080404 at>, Daniel Baur wrote:
> > I don’t really understand what is the earn here.
> > 
> > If I send a encrypted message to you and EvilPerson
> > (together in the same eMail), you receive the email and
> > gpg would warn you “Heh, you don’t trust EvilPerson!”:
> > What would improve? The EvilPerson received already the
> > email, neither you or I could do anything about that.
> Having it flagged up to me that "EvilPerson" can also read the message
> may cause me to act differently in response to the message contents,
> or to act differently in future dealings with the sender.

As vedaal explained, anybody between the sender and you can add 
arbitrary fake ESK packets to the message, e.g. a packet for 
EvilPerson's key. So, the attacker could make you think that EvilPerson 
could also read the message even though EvilPerson can't. Lacking 
EvilPerson's private key you have no way of telling whether the ESK 
packet is genuine or fake. Consequently, drawing conclusions solely from 
the presence (or absence) of other ESK packets seems like a bad idea.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151108/dabdc2de/attachment.sig>

More information about the Gnupg-users mailing list