-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 30 January 2014 at 10:03:53 PM, in <mid:1703510.WrKrPo3DPU@mani>, Johannes Zarl wrote: > If the same email-address is used together with the > same key for a long time, it effectively ties the > email-address to a person for all practical concerns. > After all, you are communicating via email with someone > you have never seen. Didn't two or three people on this list all use the same key to sign messages to this list a few years ago, for quite a while before anybody noticed? > If someone else hijacks (maliciously or not) the email > address without also infiltrating that person's PC and > stealing the secret key, then the key would change. Fair point. > If the initial communication was subject to a > MITM-attack, the key would change as soon as the MITM > attack stops or gets sidestepped. The quality of this > "canary" improves with the number of signatures over an > extended time. If the MITM attack lasts "an extended time" all the signatures would be on the key of the MITM-attacker... > In either scenario, you would notice that something was > afoul as soon as the key changes and investigate. You _might_ notice. > The result is not perfect glorious privacy, just pretty > good for the average(tm) user. (-; - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net A wise man once said ..."I don't know." -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLq/DtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pJw0D/iIg2+QPC9BhsyRJUeWvr9yuw0OzGrhO0ggq kdxWyzuKRVo2PLRWUhZ6hazO4miiosOW52D5WvTb6/UDM04xK7d4fjKmOmHobbgv fioOmpUCjWGxaKDo0kour7+gqiY54QVgi6XbdeXsmvLQcDJz+9oqWT53TtEnIdSq qDyTK9DO =E4xw -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
