[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PGP and Signed Messages,

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] PGP and Signed Messages,
From: Seth David Schoen <schoen@xxxxxxx>
Date: Fri, 19 Feb 2016 11:53:15 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Feb 2016 14:53:33 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=QuUNC5Gqx9w2frFlHXUlh/0nG125KmLVa47ma0Mai94=; b=oqiW10iTt8q8H38QC5+vmQTc1EA3/4eZfAWf5KgvJZP1lkYPU56rQ8N7c6eTmNWypjiFe9E0xsUapp20vI0oONuqLSgtTHNW2ZB0jV3Y1qwG+I74Qh9MAgtYXSVFnMf8vDrorssqxgerNoYhUulqiY5UCPSyWcZtFjhYQTgemZo=;
In-reply-to: <20160219171249.GE7036@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD--ZDVZECJ+gcx5MF51VTJ97pMzzROSVrDmpR7L1F-_hOF1OA@xxxxxxxxxxxxxx> <20160219171249.GE7036@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

Seth David Schoen writes:

> People also don't necessarily check it in practice.  Someone made fake
> keys for all of the attendees of a particular keysigning party in
> 2010 (including me); I've gotten unreadable encrypted messages from
> over a dozen PGP users as a result, because they believed the fake key
> was real or because software auto-downloaded it for them without
> checking the signatures.

This happened once again today, shortly after I wrote this message!
The person who made the mistake was a cryptography expert who has done
research in this area.  So I fear the web of trust isn't holding up
very well under strain, at least in terms of common user practices with
popular PGP clients.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] PGP and Signed Messages,
  - From: Nathaniel Suchy
- Re: [tor-talk] PGP and Signed Messages,
  - From: Seth David Schoen

Prev by Author: Re: [tor-talk] PGP and Signed Messages,
Next by Author: Re: [tor-talk] Tracking blocker
Previous by thread: Re: [tor-talk] PGP and Signed Messages,
Next by thread: Re: [tor-talk] PGP and Signed Messages,
Index(es):
- Author
- Thread