[Full-Disclosure] a PGP signed mail? Has to be spam!
Daniel
dan at lockedbox.net
Wed Nov 12 04:24:11 GMT 2003
Michael Gale <michael at bluesuperman.com> wrote:
> Hello,
>
> Do you know how PGP signatures work, you need to have the person who
> signed it / created the PGP sig to somehow securely provide you with
> their key to validate it.
Ummm, no, that is why we have public/private keys. The private key can be used
to sign and the public key used to verify. Yes you can create a key from an
address that is not your own. But if you recieve a message from
bill at microsoft.com you would exspect a key to say the same.
Regards,
Daniel B.
----------------------------------------
Please do not send me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
Full-Disclosure is hosted and sponsored by Secunia.