Email address challenge script for KMail
Rob Kaper
cap at capsi.com
Fri Sep 12 02:30:07 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday September 11 2003 9:23 pm, Thomas Zander wrote:
> > If your key would have been compromised then anyone could have added a
> > new user id and then written and signed the above message.
>
> I dismiss your problems to this approuch based on the fact that this is
> a very silly idea. Allow me to explain:
> When the key is compromised (including the password since the email was
> signed) absolutely no assumptions based on any identity can be made
> anymore. i.e. total (electronic) identity theft.
> I feel that if you take the standpoint that a key _can_ be compromised; you
> should not even be using and trusting PGP to begin with.
No, you should not just not sign/trust users who don't have a revocation
certificate stored in a truly secure location (dvd/cd-r(w), floppy).
Rob
- --
Rob Kaper | "They that can give up essential liberty to obtain a little
cap at capsi.com | temporary safety deserve neither liberty nor safety."
www.capsi.com | - Benjamin Franklin, Historical Review of Pennsylvania, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/YQWCtppIl2G1SjcRAg6XAKCauQv6HGYEkx9mDTss2kdoWHYBHgCfUJtM
/9iUW2nOF6VSr1u0NXKzXXc=
=wbOR
-----END PGP SIGNATURE-----
More information about the NoveHrady
mailing list