Trusting other keys a message was encrypted to

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sun Nov 8 23:32:25 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 8 November 2015 at 7:48:46 PM, in
<mid:5218342.OUena8rEHD at thufir>, Ingo Klöcker wrote:


> As vedaal explained, anybody between the sender and you
> can add  arbitrary fake ESK packets to the message,
> e.g. a packet for  EvilPerson's key. So, the attacker
> could make you think that EvilPerson could also read
> the message even though EvilPerson can't. Lacking
> EvilPerson's private key you have no way of telling
> whether the ESK  packet is genuine or fake.
> Consequently, drawing conclusions solely from the
> presence (or absence) of other ESK packets seems like a
> bad idea.

Fair enough.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

The meaning of life is to find your gift.
The purpose of life is to give it away.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJWP82aXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbWAIAJWcoF0p6dDTo0nT+dZs4jg6
10IOlugNt6i59kaSbrCA89qHrl2s1dVcdFY/d3MRZ+T0qg1MnhtzRx+iSgwU7S1P
ppdSH4qSmyx4afMcjKjXQJwMLI/g95zaSQjkj0r/WDXj5OE3x9LVj0fK6LG6oCdQ
J/bAIuIeeH4dH2HeXtO6OYUUTY2TvxxB2BQUGRprqnaJm1EpS4GvJVCsFcAstAx3
ETwMe4T+7cHZ3X5WEymnlPzbF5SINWobwjoouQvZWr0t1bnJYoYtAtxoUhmFs4hs
YlZGHO0gGRIvbmqxNVaPXRY1+vo3eWXAWnm876kFOL1iUua70jV0/wCLb8VP3aWI
vgQBFgoAZgUCVj/NoF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45J2/AQCnOFqLRGz0anMEVeKMYhbOwiYY
JLvrkcbl9829d4PH8AEAih30CpicFipsG2aSRjEvAGVqgZWlldu0DPsfK6xl3AA=
=F3+u
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list