> If that was what he meant to say, he didn't say it. Peter's right, and you're moving the goalposts. Please stop.
> So, I'll make my question more general. Is anyone aware of a case in > which the validity or enforceability of an OpenPGP signature has been > argued? To repeat my answer: yes. Because it's a digital signature and courts have repeatedly found them enforceable. Courts have *not* found them non-repudiable, though: you repudiate a digital signature in more or less the exact same way you repudiate a real one. You say "that wasn't me, Your Honor" and you show the judge why he or she should believe it wasn't you. Werner and I (and maybe others) have seen PGP-signed spam. Someone was using Symantec's signing proxy, had it configured to sign all outgoing mail, had no passphrase on the certificate, and then got hit by a botnet that used their PC to send out Viagra spam. Did it have a valid signature? Yes. Was the signature repudiable? Yes. "Your Honor, forensic analysis shows my PC was compromised by malware. I didn't authorize those spams to be sent out and I didn't authorize their signature." Non-repudiability is a big myth when it comes to OpenPGP. In this era where, per Vint Cerf, one in five desktop PCs is pwn3ed, repudiability is cheap and easy. "Malware, Your Honor..." _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
