GPG testing...
bscott at ntisys.com
bscott at ntisys.com
Sat Dec 28 13:53:09 EST 2002
On Sat, 28 Dec 2002, at 1:45pm, mkomarinski at wayga.org wrote:
> Isn't one of the points of GPG to validate that the person you're talking
> to is really who they say they are?
It validates that the sender had access to your private key. Presumably,
only you have access to your key, but even that is far from a given in
anonymous communications.
> GPG allows me to do that, by signing my e-mails. If it's not signed, then
> it's not from me.
Well, you can assert that, but GPG has nothing to do with it. An unsigned
message has no authentication information, one way or the other. There is
certainly nothing keeping you from sending an unsigned message. Of course,
people you know might beleive you when you say that if it was not signed, it
was not from you, but presumably, if people are willing to trust your word
on that, they would also trust your word if you just said you did not send
the mail in question in the first place.
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list