On 7/11/2009 11:10 PM, Tim wrote: > On Sat, 2009-07-11 at 22:49 -0400, David wrote: >> Did I understand correctly that 'g' thinks that since he 'signs' his >> emails to this list with an unpublished key that no one from this >> list, for example me, can email him directly? Directly to his email >> address instead of to the list? > > That's not what I understood, more like the common belief that: > > The general idea is that /real person/ signs their mail, so everyone > else knows that the real person was the one who sent certain messages. > But /some forger/ can't send their forged mail signed with the same > signature, and everyone can check whether a post came from the real > person or the forger. > > However, it falls apart for various reasons: > > The signature doesn't really prove much, if anything. Other than, > perhaps, that a message hasn't been altered in transit by another > person. > > The forger can create a signature, upload that to a key server, and fool > some people. > > The real person can send unsigned mail, and claim that it wasn't them > that sent it, because it wasn't signed. (An old trick for getting away > with sending nasty mail.) Okay. I understand the theory and the practice of GnuPG. I have for years. I use it 'personelly' with friends, family, and close associates for encrypted, private, emails. My 'problem' is with the 'not publish the Public Key' thinking. Can you explain his thinking on that? -- David -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
