[messaging] On Signed-Only Mails
Bjarni Runar Einarsson
bre at pagekite.net
Wed Dec 7 15:34:26 PST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Trevor,
Thanks for your comments. A couple of questions!
Trevor Perrin <trevp at trevp.net> wrote:
> On Wed, Dec 7, 2016 at 11:36 AM, Bjarni Runar Einarsson
> <bre at pagekite.net> wrote:
>
> You're relying on a different property: An attacker given
> (public key, message, signature) can't output a *different* key
> pair with a public key that also verifies the message.
Not "the message"... "all the messages."
The threshold is trivially configurable. Does that change
anything, or is it all the same? Or does nobody know since it
hasn't been well studied?
> But this is still a confused and risky use of signatures, IMO.
I see. How would you recommend I determine whether the whole
scheme is dangerous and should be abandoned, or if it's still
better than the status quo?
- Bjarni
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJYSJyRAAoJEI4ANxYAz5SRUIYIAJm2aWGiJEZV3rDzYaiY7rJ3
gg2HdHDOnL/cDlXIclRWcJ4BMgSvYve03R+6w/06tfcDLzClL/xzwFS3lqOBM5X2
fnEdNlikAK7o3ys9cwp95yK+f9NtLHGkAREBt/RIJa4O3fS18i0HlH75hoGvmSV3
TMHwzRn15a+o2Hy+6wnAglZpIhkL9D2YEmi0B6DMYRhnSsjJn+8Hmuhsr5E9x/nf
xJCAwasGozNFJkVGrxVVFOE/GmuT25kYGF8iDJSmPh5e57HXyxjfhyNkrpAVwK0U
I0IW5yP9KQUkxXpGdA+DMOCGReBdiy/+WBn4PuNZYtZKU1P4FtDxhOCYljTdeyg=
=AGR2
-----END PGP SIGNATURE-----
More information about the Messaging
mailing list