A weakness in PGP signatures, and a suggested solution (long)

E. ALLEN SMITH EALLENSMITH at ocelot.Rutgers.EDU
Wed Jan 17 00:56:04 PST 1996


From: ckey2 at eng.ua.edu (Christopher R. Key)

>First of all, if the recipient is a newsgroup, why would that particular
information need to be part of the signed information?  If you post to a
newsgroup a message that is only signed (as opposed to encrypted also), 
then you are obviously not worried about who reads it.  The signature is 
only a method of proving that the important text (message) is unchanged and
intact, and that the person who it is supposed to be from is the same who 
signed it.
--------------
     How about proving that you _weren't_ spamming? I.e., an enemy spots a
message on a newsgroup from you with a signature, then duplicates it with
header modifications on 500 newsgroups including news.admin.net-abuse.misc
(to add insult to injury). Sorry if a bunch of other people have pointed this
out by the time my message gets to toad.com, but...
     -Allen






More information about the cypherpunks-legacy mailing list