TOFU

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sun Jun 25 13:11:49 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Friday 23 June 2017 at 12:49:28 PM, in
<mid:2460ac1a-55f7-79d9-af02-e6b1bde30394 at digitalbrains.com>, Peter
Lebbing wrote:-


> When you say "not altered in transit", that would
> very much depend on
> your definition of "in transit". If a Man in the
> Middle changes both the
> text and the signature, I'd say it /was/ altered in
> transit. But it was
> altered in such a way that it once again has an
> "UNTRUSTED Good"
> signature, by a different (attacker-controlled) key.

> So IMO, "good" doesn't even mean "not altered in
> transit", as you said.

Fair enough. "In transit" was not the best choice of words. But "good
signature" _does_ mean when the signature was verified the message had
not been altered since it was signed. Or maybe that the original
message data has been replaced with new message data that hashes to
the same value.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Keep them dry and don't feed them after midnight
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWU+adl8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5IwTAQDSxCPcfubnikvHpm5Ss8OthAioYuXQrdrNCk88zGupzwEAm3/GwEZp3OSk
dltsW2rZFUbtuG/KsUfDO36M6sh3qQaJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWU+ag18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8IO3B/oC5FQW9De6mMK091ItFKvPIEOC
OoBM62xdGcyWYp+mBAWNsrS5ZUN3RlWlxdJuJ14KtYy+MXHLHJWxr9JcEeUXs8+A
oIIJ0pabMRcpPj3FTFGIeserkBPnZToPIiFqQwVL4VDpPVQ/IbHDMvLdPgBxC7SX
pS381XyFYw2Y69zzVChuFwXICqgw0gAGR9HY021UG9BZR9uxPPxntj446gznDCkR
2HMR2l0MKoiU6+jU3yZfl3B8YWRBg1Yoy6S5p0E5UDQZ0hIPUp4mQ+RrrNwEvokU
mQKuOX0eegC00SljveMIZTLwe9zgDfXSre5wox/E7U94qdeNoTNiGdueir2K
=Mgyw
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list