[Enigmail] Sender under duress
John Clizbe
John at Mozilla-Enigmail.org
Sat Oct 4 17:58:09 PDT 2008
Eitan Adler wrote:
> Cryptographic signatures are generally not meant to verify the honesty
> of the sender. They can only be used reliably to verify that a specific
> person sent a message.
I think you're layering too much meaning onto a cryptographic signature.
All you can be reliably certain of, if the signature verifies, was that it was
made with a given key and that the message was not altered in transit.
The duress hypothesis of this thread is a perfect example that a signature does
not guarantee that the keyholder is actually in control of the key.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20081004/b574a241/attachment.bin>
More information about the Enigmail
mailing list