basic identity mgmt

Doug Barton dougb at
Sun Jan 17 21:00:45 CET 2016

On 1/17/2016 2:17 AM, Peter Lebbing wrote:
> On 17/01/16 03:19, Doug Barton wrote:
>> Further I don't see signing as all that interesting either.
>> [...]
>> We can infer things about these topics from our knowledge/beliefs
>> about the sender, but I can't think of any rational person would go
>> along with a request to "Pay Joe $10,000" just because the message
>> was PGP signed. Forget the validity of the key, that kind of request
>> would require serious OOB authentication.
> Just because someone would
> not agree to an outlandish request based on a valid signature, this
> doesn't mean there aren't reasonable requests that are horribly bad.

[after lots of snipping]

Your example is a good one, but again I assert that it would be 
overwhelmingly foolish to rely on *just the signature* to indicate that 
the request to meet is a legitimate one.

You glossed over the points in my previous messages about the fact that 
we cannot know for sure if the person sending the message is actually 
who we think it is (i.e., that the legitimate correspondent has not lost 
control of the key), and that they are not being coerced, based on the 
signature alone. At minimum there should be some sort of "steganography" 
based on how the message is constructed, certain words or phrases, etc. 
That combined with the signature may be enough to prove the validity of 
the message.

But this thread started trying to refute my assertion that keeping 
certification keys air-gapped is pointlessly complicated. I haven't seen 
a refutation of that premise yet. :)


More information about the Gnupg-users mailing list