[Enigmail] On signatures
Robert J. Hansen
rjh at sixdemonbag.org
Fri Dec 14 07:06:50 PST 2007
Phil Stracchino wrote:
> The information "You do not know this message to be
> authentic" is not the same as having no information.
Or, rephrased, "the sudden lack of certainty is itself information". I
will agree this is true.
However, the same sudden lack of certainty exists whether the signature
exists and is bad, or whether no signature exists at all. If you read
100 correctly-signed messages and read one for which OpenPGP can't
verify, you get that same information-of-state change regardless of
whether the signature is bad or whether no signature exists.
Hence, my assertion that there is no information contained in the bad
signature. What information exists is contained in the absence of a
good signature; there is no additional information to be derived from a
bad signature as opposed to no signature.
More information about the Enigmail
mailing list