Re: kernel.org status: establishing a PGP web of trust

From: Valdis . Kletnieks
Date: Fri Oct 07 2011 - 14:23:47 EST

Next message: Oleg Nesterov: "Re: [PATCH v5 3.1.0-rc4-tip 12/26] Uprobes: Handle breakpointand Singlestep"
Previous message: Sam Ravnborg: "Re: MODULE_LICENSE("GPL") not working for me"
In reply to: Arnaud Lacombe: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Greg KH: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 07 Oct 2011 12:59:30 EDT, Arnaud Lacombe said:

> How so ? The public key BOb has is mathematically tied to the private
> key Alice has. If Bob sends Alice a mail, and then, she send a reply
> signed with her key, which is tied to the mail address used by Bob.
> Then, Bob successfully verifies the signature. This proves Alice has
> control over the key tied and the mail address, don't it ?

As I said - yes, that *DOES* prove control over key and email address.

The point is that signing something random does not prove anything about
control of the *KEY ONLY* that isn't also proved by using the key to sign
another key.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Oleg Nesterov: "Re: [PATCH v5 3.1.0-rc4-tip 12/26] Uprobes: Handle breakpointand Singlestep"
Previous message: Sam Ravnborg: "Re: MODULE_LICENSE("GPL") not working for me"
In reply to: Arnaud Lacombe: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Greg KH: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]