About PGP Signing a File.
Matthew Flaschen
matthew.flaschen at gatech.edu
Tue Feb 13 09:48:42 UTC 2007
Michael R. Head wrote:
> On Mon, 2007-02-12 at 22:13 -0800, John L Fjellstad wrote:
>> Ouattara Oumar Aziz <wattazoum at gmail.com> writes:
>>
>>> That's why, when I see some people on some mailing list signing there
>>> mail using PGP I just wonder what they want to prove. We have no way to
>>> check the authority behind that key.
>> Authority has nothing to do with (unless you know the person). But you
>> can be sure that the person who claims he wrote an email yesterday is
>> the same person who wrote the email today if the signature match.
>
> Correction: *reasonably sure*
>
> It's entirely possible that the guy's keys were stolen in the
> intervening night.
Also true, but that's what revocation certificates
(http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.html) are for.
Constant vigilance.
Matthew Flaschen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070213/d20f51e9/attachment.sig>
More information about the ubuntu-users
mailing list