On 07/13/2016 10:49 AM, Georgi Guninski wrote:
On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote:
OK, let's see if you can spoof my email address, and produce a signed message with a valid signature :)
Spoofing your email detectably is trivial, e.g. with netcat by hand.
For sure.
If I could sign in your name, why kill your private key publicly, scaring gpg lusers? Wouldn't it be better for me to profit from your private key?
For lulz :) And anyway, Mirimir has nothing worth stealing except reputation.
IMHO for the majority of lusers, getting their private key is not related to crypto, more to apps sploits.
True. Not so trivial, though.
lol, just trolling ;)
:)
@juan: denying you wrote something signed is possible too. just revoke the key, claiming hax0r attack. for plausibility you can leak the private signing key (assuming it is worthless as it should be on ML).
:)