On Mon, Jan 07, 2002 at 07:17:06PM -0500, Derek D. Martin wrote:
> Perhaps, but unless I misunderstand how mutt verifies the signature,
> even that isn't an indication that the mail was signed by the person
> the e-mail claims to be from. AFAIU, it is only an indication that
> the signature was verified as being made by a key that's in your
> keyring. Only the gpg/PGP output will identify who actually signed
> the mail. Is that not so?
Or if it can find the matching key on the keyservers.
> If so, then if you had my key, and I knew you had someone else's key,
> and I knew that you depended only on checking the s or S, I could
> easily forge mail as the other person, and you'd think that it was
> signed by them, when in fact it was signed by me.
No not if you wanted people to non-obviously think it was sent by them.
You see your email is the perfect example. Mutt did not show it as
authenticated. Even though GPG did. Why? Because your key didn't
match the email address you sent it from.
From: "Derek D. Martin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: signed emails, why ?
Date: Mon, 7 Jan 2002 19:17:06 -0500
User-Agent: Mutt/1.3.22.1i
[-- PGP output follows (current time: Mon 07 Jan 2002
09:30:52 PM PST) --]
gpg: Signature made Mon 07 Jan 2002 04:17:06 PM PST using DSA key ID
81CFE75D
gpg: Good signature from "Derek Martin <[EMAIL PROTECTED]>"
gpg: aka "Derek Martin <[EMAIL PROTECTED]>"
gpg: aka "Derek Martin <[EMAIL PROTECTED]>"
gpg: key 54C0D38D: secret key without public key - skipped
gpg: key B8AA3B99: secret key without public key - skipped
gpg: key 24E92061: secret key without public key - skipped
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: 3A6F E9A6 B62D 6B47 DC49 6B6D 7637 6542 81CF E75D
[-- End of PGP output --]
37 sL Jan 07 Derek D. Martin (1.9K) x x mq>
^^
Note the small s.
--
Ben Reser <[EMAIL PROTECTED]>
http://ben.reser.org
"I wish it need not have happened in my time," said Frodo.
"So do I," said Gandalf, "and so do all who live in such times. But
that is not for them to decide. All we have to decide is what to do
with the time that is given us."
