[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: subjective names and MITM
-----BEGIN PGP SIGNED MESSAGE-----
Hello Hal <[email protected]>
and [email protected]
hfinney wrote (but didn't sign):
> [email protected] writes (where I have taken the liberty of
> reformatting for 80 columns):
> > Now mail is far easier to fake/intercept than a digital
> > signature/encryption - at least I hope so. Therefore if Hal where to
> Well, this is not necessarily the case. A MITM may be signing my
> messages for me, and then putting them back the way they were before I
> am allowed to see them. Granted, this would not be easy, and perhaps
> futile. Doesn't this bother you?
The point is that what if there's a MIMT who is changing the signatures
on the hfinney posts? What if originally they were signed "Alice" but
then a MIMT went and substituted "Hal"?
Then any reputation I attached to Hal should really go to Alice, no?
And even when I get a certified key for Hal, I still can't really put
the reputation onto it, since maybe the reputation really belongs to
Doesn't this bother you?
At least with digital signatures I can be certain that the same person
always signed the messages (and that ri cannot repuditate them), even
if I don't necessarily know who that person is. (I guess the issue
becomes plagiarism rather than impersonation.)
Hope that makes sense...
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----