On Jan 12, 2011, at 2:12 PM, MFPA wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > > On Wednesday 12 January 2011 at 4:13:44 PM, in > <mid:a50e1f63-4b2c-440f-8619-6d6995166...@sixdemonbag.org>, Robert J. > Hansen wrote: > > >> Show me the worth in a signed message that has any of >> (a) an incorrect signature, (b) from an invalid key, or >> (c) from someone you believe is utterly untrustworthy. > > Perhaps (b) can provide a level of assurance that the messages on a > list or newsgroup from the same name actually come from the same > person.
Or keyholder (of which there might be multiples of), but basically yes. The examples aren't really great, since "worth" isn't really easy to quantify here, and is somewhat subjective as well. The a) case is the only one where a message with no signature and one with an incorrect signature are effectively the same thing: an unsigned message. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
