1992-12-23 - Re: Signing text messages…

Header Data

From: ghsvax!hal@uunet.UU.NET (Hal Finney)
To: cypherpunks@toad.com
Message Hash: 4c454656fb7056325fea8fa08be9a24e1cf8091af020625c9924dc0b4fff5f12
Message ID: <9212232118.AA23889@nano.noname>
Reply To: N/A
UTC Datetime: 1992-12-23 21:46:51 UTC
Raw Date: Wed, 23 Dec 92 13:46:51 PST

Raw message

From: ghsvax!hal@uunet.UU.NET (Hal Finney)
Date: Wed, 23 Dec 92 13:46:51 PST
To: cypherpunks@toad.com
Subject: Re: Signing text messages...
Message-ID: <9212232118.AA23889@nano.noname>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Zaphod writes:

> By including your public key WITH your signed messages, aren't you inviting
> people to intercept it, replace it with they're own public key, and re-sign
> the message?  If I didn't have a trusted copy of your public key already I
> wouldn't be able to verify your signature.

I'm not sure what attack you are proposing here.  Are you suggesting
that someone else could take credit for my (brilliant?) message by
removing the PGP signature and substituting one of their own?  But
digital signatures can't stop other people from doing this.

Or are you suggesting that someone else could create a bogus public
key claiming to mine, re-sign the message using that public key, and
then get people to think it was from me?  Or, worse, they could create
a whole new message saying "I am a turkey, signed Hal Finney", sign it
with this bogus "Hal Finney" public key, and post it.  Then I'd really
have egg on my face, right?

But no, I wouldn't, because people would (or should) know not to trust
a random public key to be from whom it claims.  My posted key is
signed by Phil Zimmermann.  This doesn't absolutely prove it is from
me, but I think it makes it worthwhile to post the key.

Anyway, the real reason I posted the key in this case was so that
people could check the cleartext signature to see if it had been
mangled by various mail gateways.  That was the topic of discussion in
the message, so I wanted to make it easy for people to try checking
the signature.

Hal
74076.1041@compuserve.com






Thread