GPG testing...
Travis Roy
travis at scootz.net
Sun Dec 29 11:08:49 EST 2002
> I'm guessing that you don't really understand how OpenPGP
> works; the keyservers are *NOT* trusted, so problems with the
> keyservers do not affect the operation of GPG or PGP, except
> that it may make it harder to obtain a copy of someone's key.
I understand that the keyservers are not trusted, but as somebody else
pointed out earlier, I can make a bogus email address and user on my
server with your email address and screw with the headers all I want, I
can also make a PGP/GPG key with your email address and post that to the
public key servers then send out all the signed mail I want as you.
How do you prove to people that are now getting signed mail from me (but
PGP/GPG signed as you) that it's not you, and if they do believe you
then why wouldn't they if the e-mail wasn't signed at all?
More information about the gnhlug-discuss
mailing list