On 1/17/2016 2:17 AM, Peter Lebbing wrote:
On 17/01/16 03:19, Doug Barton wrote:
Further I don't see signing as all that interesting either.
[...]
We can infer things about these topics from our knowledge/beliefs
about the sender, but I can't think of any rational person would go
along with a request to "Pay Joe $10,000" just because the message
was PGP signed. Forget the validity of the key, that kind of request
would require serious OOB authentication.
Just because someone would
not agree to an outlandish request based on a valid signature, this
doesn't mean there aren't reasonable requests that are horribly bad.
[after lots of snipping]
Your example is a good one, but again I assert that it would be
overwhelmingly foolish to rely on *just the signature* to indicate that
the request to meet is a legitimate one.
You glossed over the points in my previous messages about the fact that
we cannot know for sure if the person sending the message is actually
who we think it is (i.e., that the legitimate correspondent has not lost
control of the key), and that they are not being coerced, based on the
signature alone. At minimum there should be some sort of "steganography"
based on how the message is constructed, certain words or phrases, etc.
That combined with the signature may be enough to prove the validity of
the message.
But this thread started trying to refute my assertion that keeping
certification keys air-gapped is pointlessly complicated. I haven't seen
a refutation of that premise yet. :)
Doug
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
