Trusting other keys a message was encrypted to
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Sun Nov 8 23:32:25 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Sunday 8 November 2015 at 7:48:46 PM, in
<mid:5218342.OUena8rEHD at thufir>, Ingo Klöcker wrote:
> As vedaal explained, anybody between the sender and you
> can add arbitrary fake ESK packets to the message,
> e.g. a packet for EvilPerson's key. So, the attacker
> could make you think that EvilPerson could also read
> the message even though EvilPerson can't. Lacking
> EvilPerson's private key you have no way of telling
> whether the ESK packet is genuine or fake.
> Consequently, drawing conclusions solely from the
> presence (or absence) of other ESK packets seems like a
> bad idea.
Fair enough.
- --
Best regards
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
The meaning of life is to find your gift.
The purpose of life is to give it away.
-----BEGIN PGP SIGNATURE-----
iQF8BAEBCgBmBQJWP82aXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbWAIAJWcoF0p6dDTo0nT+dZs4jg6
10IOlugNt6i59kaSbrCA89qHrl2s1dVcdFY/d3MRZ+T0qg1MnhtzRx+iSgwU7S1P
ppdSH4qSmyx4afMcjKjXQJwMLI/g95zaSQjkj0r/WDXj5OE3x9LVj0fK6LG6oCdQ
J/bAIuIeeH4dH2HeXtO6OYUUTY2TvxxB2BQUGRprqnaJm1EpS4GvJVCsFcAstAx3
ETwMe4T+7cHZ3X5WEymnlPzbF5SINWobwjoouQvZWr0t1bnJYoYtAtxoUhmFs4hs
YlZGHO0gGRIvbmqxNVaPXRY1+vo3eWXAWnm876kFOL1iUua70jV0/wCLb8VP3aWI
vgQBFgoAZgUCVj/NoF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45J2/AQCnOFqLRGz0anMEVeKMYhbOwiYY
JLvrkcbl9829d4PH8AEAih30CpicFipsG2aSRjEvAGVqgZWlldu0DPsfK6xl3AA=
=F3+u
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list