> We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the > communication. It is my understanding that the other party can > publish the signature and the unencrypted message and thus prove > that somebody in the possession of the private key wrote (or at > least signed) the message.
This is not true except in a theoretical mathematical sense. For instance, several people in the community (I know I have, and I recall Werner saying he as well) have seen PGP-signed spam mails that are the result of a home user using Symantec's PGP mail proxy, then getting infested by malware which sends out spam. Since all mail goes through the proxy and the credentials are cached, the spam mails were signed. You can prove origination *only if* you can prove the originating PC was not compromised. Given how common compromise is today -- a few years ago Vint Cerf estimated one in four desktop PCs was compromised -- this is a very high threshold to clear. In a theoretical sense, OpenPGP is a nonrepudiable protocol. But in a practical sense, it is not. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
