[Cryptography] PGP-Signed Email
grarpamp
grarpamp at gmail.com
Sat Aug 26 01:57:46 EDT 2017
> Does a signed email mean that it came from the sender?
Who is the "sender", who is the "signer", who is the mitm?
What is being asserted? What out of band is there? etc...
> Agree that this is possible, however is there any evidence that it
Yes, happens with http (which includes html mail list archives), often with
tor (even tls mitm there upon the stupid), lesser "offshore" hosting svcs, etc.
> unsigned email listing a specific key followed then by an email signed
One might prefer to see now and then evidence of ongoing sign / decrypt ability,
not just keylisting ability in some long forgotten email sig tagline.
PGP is just a tool... appropriate context, application, and usage is everything.
More information about the cryptography
mailing list