On 25/06/17 13:11, MFPA wrote: > But "good signature" _does_ mean when the signature was verified the > message had not been altered since it was signed.
However, I don't think that this information is in any way relevant to a user if the key that signed it was not valid. I'm afraid the current formulation doesn't do enough to discourage people to attach value to a signature by an invalid key. The word "good" is weakening the message of the word "UNTRUSTED", IMO. The gpg command line also uses the word "good". But it is much more verbose about it being made by an invalid key: > gpg: Good signature from "First Name Last Name <email>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. I am aware that changing the formulation doesn't make people use it correctly; using it correctly is hard. But I think it would be much better if it just said "UNTRUSTED signature". And if the signature is not "good", it'll simply say "Error - signature verification failed". > Or maybe that the original message data has been replaced with new > message data that hashes to the same value. Well, let's assume that this is not possible. When weak hashes are disabled, this should not be possible. If we start to include this kind of things in our assumptions, we should also add "or that somebody managed to compute the private key for the key that signed this message". Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
