"Paul R. Ramer" <free10...@gmail.com> wrote: > Stan Tobias <st...@privatdemail.net> wrote: > >Yes, but by remote communication. The reasoning goes like this: The > >signature is validated by my certificate (or, in case 2a, by my > >friends' > >whom I trust fully). The message is authenticated by X's valid > >signature, > >therefore the message has not been tampered with and its author is X. > >X says he uses a new key K2. Because I've got this message from X, > >I have verified the ownership of K2, so I can sign it. > > Sorry, but this is wrong. The certificate of the first key is valid, > the signature of the message is valid, but your correspondent's claim > to ownership of the second key is not yet proven. While you know that > whoever has control of the first key sent you that message, you have > not confirmed that he can decrypt and sign with the second key.
This is a "technicality" that can be fixed by sending and an encrypted unknown message and awaiting a decrypted version, just as you've described elsewhere. I haven't tried to cover every minute detail of verification, my general idea is to replace direct contact with electronic signed messages, after having properly initialized the exchange (verified, etc.). The question is: do signatures supply an authenticated channel which can serve instead of physical contact, or not? For me, at this point, the question is still open. I've been reading subsequent discussion, I think Leo Gaspard has made a few excellent points. I have nothing significant to add here. I have one question, though. My understanding is that e-mail verification by sending encrypted message is part of identity verification (it defends against petty fraud, but that's the least we can do). Why is it important to verify the owner can _decrypt_ a message? Can you sketch a problem this verification defends against? Stan Tobias _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users