-----BEGIN PGP SIGNED MESSAGE----- Hello Jon Lasser <jlasser@rwd.goucher.edu> and jimbell@pacifier.com (jim bell) and cypherpunks@toad.com jim bell wrote:
On Tue, 28 Nov 1995, Adam Hupp wrote: ...
One reason why Alice might not want to use PGP would be that posession of the secret key would be ipso facto evidence that he is Alice. ...
spoofed, HE WILL KNOW because he will see a message with his signature that HE KNOWS he didn't send. At that point, he will at least be able to reduce the number of spoofed messages to 1 before he alerts us that there is a problem. We won't necessarily know who to believe, of course, but we will ...
Who to believe: at that stage, Alice will simply cease to exist. The key will be revoked and Alice will be no more. A new Alice may or may not arise, but no-one will know if it's the same one. If Alice is afraid of loss of identity (as if he had one now), he could have a permanent key at home (where he does his OTP work), and on his e-mail machine have only a temporary key. When the key on the public machine is compromised, it is revoked and a new one is issued. (The same can be done with real-name keys, BTW; viz my own key.) ...
3. Somebody found out how to break 1024-bit PGP keys easily. (Very unlikely, of course.) ...
In this case I think we are all stuffed. Adiau' Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBML2cAyxV6mvvBgf5AQFU7wP/ap/HA2SzMfRoM+5Rihw+j9RHC7aZNCtq ZcUbXJRVXA2iDZfTE/vd5NgYDxEflyb9FwcGd8MZ8s0pxmee/iqEx3YXI0M2b7gL HOex526hifweAQmaPoSQLWqiN4XVZ51XVBvKOJos/9eOX9FAZDRQZd6KFBaSqIcc ZpzQ54NLm0g= =BLPi -----END PGP SIGNATURE-----