Bruno Wolff III wrote: > Because the messages are signed with the same key. So whoever is creating > the signed messages has access to the private key. Key servers don't add a lot > of assurance on top of this. And they add a risk that it tells other parties > who you are communicating with. thank you. another reason, at least as i was told, key servers do not verify who submits a key is actual owner of address. i have not verified this by trying to submit a key for a different email address, but being that person who told me was deeper into pgp and sigs, i accept his word, as it does sound reasonable. if someone did forge an email address and pgp sig, email origin can still be determined by other information in header. or at least as i understand how it all works. -- peace out. tc,hago. g . **** in a free world without fences, who needs gates. ** help microsoft stamp out piracy - give linux to a friend today. ** to mess up a linux box, you need to work at it. to mess up an ms windows box, you just need to *look* at it. ** learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html 'The Linux Documentation Project' http://www.tldp.org/ 'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html 'HowtoForge' http://howtoforge.com/ ****
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines