| 2) |
Lately all messages begin with these two statements.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What does this mean?
Answer:
We sign our messages to achieve reliabel communication.
Read more:
The meaning of a PGP/GnuPG key certificate
The meaning of a PGP key certificate is actually not absolutely defined. There are different interpretations of such a signature. For example:
1. I confirm, that the signed key belongs to the person mentioned in the UserID-field.
This statement is not very precise. Often the name mentioned in the UserID (like Joe Smith) can belong to multiple persons.
2. I confirm, that the person with the name mentioned in the UserID field told me, that this key belongs to him.
This statement can be done, if Joe Smith shows his picture ID and says: Here are my key properties. Please sign my key.
3. I confirm, that his key belong to a person with the name mentioned in the UserID field. This statement can be done, if Joe Smith:
* shows his picture ID.
* gives you his key properties.
* proves that he can decrypt a message encrypted with this public key.
By decrypting the encrypted message, Joe Smith proves, that he has access to the secret key which belongs to the given public key.
Even if there was the possibility to show the intended meaning of a key certificate, there are still open questions:
1. What kind of ID was used by Joe Smith to prove his identity?
2. How sure can you be about the correctness of his ID?
3. How sure can you be, that the ID really belongs to the person showing you this ID?
4. How sure can you be, that the secret key has not been stolen?
Some of the questions have to be posed on every person identification....
If you think about such questions, think about the meaning of a signature on a piece of paper...
taken from --> http://www.rubin.ch/pgp/meaningsig.en.html
Learn more:
http://www.openpgp.org
http://www.rubin.ch
http://www.pgpi.org/doc/whypgp/en/
|
