Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
2015-09-24 06:43:24Tony Finch <dot(_at_)dotat(_dot_)at> writes:
John R Levine <johnl(_at_)taugh(_dot_)com> wrote:A straightforward example is that the mail system, through malice or outside pressure, does an MITM attack on users who have their own keys, so it publishes a key it controls and re-encrypts mail on the way through to the user's own key.The user should notice this since their encrypted mail will appear to come from their mail provider not from the sender. (PGP signature doesn't match 822 From:)
Not really -- OpenPGP does not reveal anything about the identity of the encrypting entity. If the mail provider signed the email, it would be noticeable, but there is no requirement to sign encrypted emails. /Simon
signature.asc
Description: PGP signature
| Previous by Date: | Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Simon Josefsson |
|---|---|
| Next by Date: | Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Phillip Hallam-Baker |
| Previous by Thread: | Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Tony Finch |
| Next by Thread: | Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Phillip Hallam-Baker |
| Indexes: | [Date] [Thread] [Top] [All Lists] |