Trusting other keys a message was encrypted to
Ingo Klöcker
kloecker at kde.org
Sun Nov 8 20:48:46 CET 2015
On Saturday 07 November 2015 17:31:38 MFPA wrote:
> On Saturday 7 November 2015 at 12:30:53 PM, in
> <mid:563DEEFD.7080404 at dabpunkt.eu>, Daniel Baur wrote:
> > I don’t really understand what is the earn here.
> >
> > If I send a encrypted message to you and EvilPerson
> > (together in the same eMail), you receive the email and
> > gpg would warn you “Heh, you don’t trust EvilPerson!”:
> > What would improve? The EvilPerson received already the
> > email, neither you or I could do anything about that.
>
> Having it flagged up to me that "EvilPerson" can also read the message
> may cause me to act differently in response to the message contents,
> or to act differently in future dealings with the sender.
As vedaal explained, anybody between the sender and you can add
arbitrary fake ESK packets to the message, e.g. a packet for
EvilPerson's key. So, the attacker could make you think that EvilPerson
could also read the message even though EvilPerson can't. Lacking
EvilPerson's private key you have no way of telling whether the ESK
packet is genuine or fake. Consequently, drawing conclusions solely from
the presence (or absence) of other ESK packets seems like a bad idea.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151108/dabdc2de/attachment.sig>
More information about the Gnupg-users
mailing list