[Enigmail] On signatures
Jan Steffen
steffenjan at web.de
Fri Dec 14 09:35:24 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen wrote:
> Hence, my assertion that there is no information contained in the bad
> signature. What information exists is contained in the absence of a
> good signature; there is no additional information to be derived from a
> bad signature as opposed to no signature.
Some important facts can be concluded from a bad signature:
The sender has an openpgp-key or certificate.
The sender bothered to sign his message, so he really wants me to check
the authenticity of the message.
=> So my conclusion from a bad sig is to try and get a good sig for this
message. And I should at least inform the sender about the bad sig.
If there is no sig at all, I can conclude that the sender doesn't have a
key/certificate or that he does not bother to use it.
If the authenticity of the message is important enough for me, I can go
ahead and try to teach the sender about cryptography, but usually there
is not much I can do about it.
Jan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHYr7cSa1Uad4+pFcRCMxeAJ9Dwzim2jZFyqoSclUmrOkPJF4c9wCePfkL
VDo+iOEAoX2F88zE70I4kEM=
=IYls
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list