13 Jul
2016
13 Jul
'16
4:49 p.m.
On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote:
OK, let's see if you can spoof my email address, and produce a signed message with a valid signature :)
Spoofing your email detectably is trivial, e.g. with netcat by hand. If I could sign in your name, why kill your private key publicly, scaring gpg lusers? Wouldn't it be better for me to profit from your private key? IMHO for the majority of lusers, getting their private key is not related to crypto, more to apps sploits. lol, just trolling ;) @juan: denying you wrote something signed is possible too. just revoke the key, claiming hax0r attack. for plausibility you can leak the private signing key (assuming it is worthless as it should be on ML).