About PGP Signing a File.

rpowersau at gmail.com rpowersau at gmail.com
Tue Feb 13 11:35:43 UTC 2007


On 2/13/07, Matthew Flaschen <matthew.flaschen at gatech.edu> wrote:
> Michael R. Head wrote:
> > On Mon, 2007-02-12 at 22:13 -0800, John L Fjellstad wrote:
> >> Ouattara Oumar Aziz <wattazoum at gmail.com> writes:
> >>
> >>> That's why, when I see some people on some mailing list signing there
> >>> mail using PGP I just wonder what they want to prove. We have no way to
> >>> check the authority behind that key.
> >> Authority has nothing to do with (unless you know the person).  But you
> >> can be sure that the person who claims he wrote an email yesterday is
> >> the same person who wrote the email today if the signature match.
> >
> > Correction: *reasonably sure*
> >
> > It's entirely possible that the guy's keys were stolen in the
> > intervening night.
>
> Also true, but that's what revocation certificates
> (http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html) are for.
>  Constant vigilance.

Your key is not something physical that you would notice was missing.
It could be hours/days/weeks before you realise. Revocation is not
much use until you are aware the key has been stolen.

>
> Matthew Flaschen
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>


-- 
Regards,
Russ




More information about the ubuntu-users mailing list