Re: Back-signatures, part II

ietf-openpgp

Re: Back-signatures, part II

2003-10-28 21:34:56


At 10:34 PM 10/28/2003 -0500, Michael Young wrote:
[...]

Also, note that the specification already provides a "signer userId"
subpacket that could be used to nearly the same effect as a "signer
primary fingerprint" subpacket.

I think that would prevent the version of this where the attacker tries toconvince the verifier that the signed message came from his *name*.

It wouldn't prevent the version where the attacker tries to convince theverifier that the signed message came from his *key*, which is what using akey fingerprint adds.

Trevor

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Back-signatures, part II, David Shaw Re: Back-signatures, part II, Michael Young Re: Back-signatures, part II, Trevor Perrin <= Re: Back-signatures, part II, Michael Young Re: Back-signatures, part II, Trevor Perrin Re: Back-signatures, part II, David Shaw Re: Back-signatures, part II, Trevor Perrin Re: Back-signatures, part II, David Shaw Re: Back-signatures, part II, Trevor Perrin Re: Back-signatures, part II, David Shaw Re: Back-signatures, part II, Trevor Perrin Re: Back-signatures, part II, David Shaw Re: Back-signatures, part II, Trevor Perrin

Previous by Date:	Re: Back-signatures, part II, Trevor Perrin
Next by Date:	Re: Back-signatures proposal, David Shaw
Previous by Thread:	Re: Back-signatures, part II, Michael Young
Next by Thread:	Re: Back-signatures, part II, Michael Young
Indexes:	[Date] [Thread] [Top] [All Lists]