-----BEGIN PGP SIGNED MESSAGE----- Hello Hal <hfinney@shell.portal.com> and cypherpunks@toad.com hfinney wrote (but didn't sign):
jbaber@mi.leeds.ac.uk writes (where I have taken the liberty of reformatting for 80 columns):
Now mail is far easier to fake/intercept than a digital signature/encryption - at least I hope so. Therefore if Hal where to ...
Well, this is not necessarily the case. A MITM may be signing my messages for me, and then putting them back the way they were before I am allowed to see them. Granted, this would not be easy, and perhaps ... futile. Doesn't this bother you?
The point is that what if there's a MIMT who is changing the signatures on the hfinney posts? What if originally they were signed "Alice" but then a MIMT went and substituted "Hal"? Then any reputation I attached to Hal should really go to Alice, no? And even when I get a certified key for Hal, I still can't really put the reputation onto it, since maybe the reputation really belongs to Alice. Doesn't this bother you? At least with digital signatures I can be certain that the same person always signed the messages (and that ri cannot repuditate them), even if I don't necessarily know who that person is. (I guess the issue becomes plagiarism rather than impersonation.) Hope that makes sense... Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMIyOySxV6mvvBgf5AQFJUQP/Wf8wHYUw4JbE4PBxWbSX1nzgOA2EYYsn L2FuBjKuLXqAG+xRSdJe8ySgaqiPV1JWP16NX97x5YOkMH99DMH73DMmYntvmYy1 G6NdXxhejLQgv0vx0VmVCE171ACB4A+uNe3b6EAsbsKTvd3b5TOWDl9KFQ5wtqGf VK0o3j6S95U= =QdEN -----END PGP SIGNATURE-----