On 01/07/2010 09:45 AM, Daniel Kahn Gillmor wrote: > Why is this all relevant? There are good reasons why you might be > interested in knowing that someone specific signed something public , of > course (e.g. software signatures, advice on mailing lists or other fora, > etc). But for non-public communications: you *must* know who the remote > endpoint is in order to have truly secret communications. Without that > knowledge, you are communicating with an unknown party, so who are you > keeping things secret from? > > "secret" communications with an unknown remote party over a > trivially-compromised communications medium are anything but secret.
They’re only unknown the first time you contact them. It is useful to know that the second time you contact f...@example.com it’s the same party you contacted the first time. Or that the phishing email you received from b...@example.com didn’t actually come from the same party you corresponded with last week. Many people have correspondence with people they never have and never will meet in person, and knowing that it’s always the same person is still helpful. -Alex Mauer “hawke”
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
