About PGP Signing a File.
Matthew Flaschen
matthew.flaschen at gatech.edu
Sun Feb 11 18:17:33 UTC 2007
Jeffrey F. Bloss wrote:
> This is why PGP/GnuPG are primarily data integrity tools and not proof
> of authorship tools. Indeed most digital signature schemes can't be
> used to reliably authenticate origin, just guarantee data hasn't been
> tampered with. The more refined tools like GnuPG and PGP implement
> methods of forming trusted relationships, but they are in general not so
> robust and easily exploited. Certainly not to be relied on for any
> mission critical work.
They can be quite useful. You just have to verify key ownership "out of
band". I.E. the same way you first check identities for this mission
critical project, including in person.
Matthew Flaschen
Matthew Flaschen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070211/f94e5085/attachment.sig>
More information about the ubuntu-users
mailing list