Signature semantics (was Re: Anyone know what became of the Gaim-E Project?)
Robert J. Hansen
rjh at sixdemonbag.org
Tue Nov 4 00:38:08 CET 2008
> which is fairly wide open to whatever meaning
> anyone wants to apply to it (that's a feature, not a bug).
Right, and this much doesn't bother me. It's when people start
ascribing meaning to bad signatures, or the nonexistence of
signatures, that I begin to get frustrated. A bad signature doesn't
mean the message was tampered with -- the alteration could have been
in the signature and not the message itself, just to name one
possibility.
The flaw isn't in OpenPGP, but rather in the popular conception (or,
in this case, misconception) of it.
More information about the Gnupg-users
mailing list