[OT] Why kill a private key publicly?

Mirimir mirimir at riseup.net
Wed Jul 13 20:42:05 PDT 2016


On 07/13/2016 10:49 AM, Georgi Guninski wrote:
> On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote:
>> OK, let's see if you can spoof my email address, and produce a signed
>> message with a valid signature :)
>>
> 
> Spoofing your email detectably is trivial, e.g. with netcat by hand.

For sure.

> If I could sign in your name, why kill your private key publicly,
> scaring gpg lusers? Wouldn't it be better for me to profit from your
> private key?

For lulz :)

And anyway, Mirimir has nothing worth stealing except reputation.

> IMHO for the majority of lusers, getting their private key is not
> related to crypto, more to apps sploits.

True. Not so trivial, though.

> lol, just trolling ;)

:)

> @juan: denying you wrote something signed is possible too. just revoke
> the key, claiming hax0r attack. for plausibility you can leak the
> private signing key (assuming it is worthless as it should be on ML).

:)



More information about the cypherpunks mailing list