E-mail with deniable authentication

Robert J. Hansen rjh at sixdemonbag.org
Tue Aug 29 20:33:46 CEST 2017

> We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the 
> communication. It is my understanding that the other party can 
> publish the signature and the unencrypted message and thus prove
> that somebody in the possession of the private key wrote (or at
> least signed) the message.

This is not true except in a theoretical mathematical sense.

For instance, several people in the community (I know I have, and I
recall Werner saying he as well) have seen PGP-signed spam mails that
are the result of a home user using Symantec's PGP mail proxy, then
getting infested by malware which sends out spam.  Since all mail goes
through the proxy and the credentials are cached, the spam mails were

You can prove origination *only if* you can prove the originating PC was
not compromised.  Given how common compromise is today -- a few years
ago Vint Cerf estimated one in four desktop PCs was compromised -- this
is a very high threshold to clear.

In a theoretical sense, OpenPGP is a nonrepudiable protocol.  But in a
practical sense, it is not.

More information about the Gnupg-users mailing list