If he got a dollar every time someone says he has 0-days to sell we would be bossing bill gates around (as if we aren't now =)! )<br><br><div><span class="gmail_quote">On 7/17/07, <b class="gmail_sendername"><a href="mailto:Valdis.Kletnieks@vt.edu">
Valdis.Kletnieks@vt.edu</a></b> <<a href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Mon, 16 Jul 2007 21:12:04 +0200, Pieter de Boer said:<br><br>> Ohwell, signing with public keys is pointless anyhow.. *whistles innocently*<br><br>Signing it with the *recipient's* public key can be somewhat interesting, as
<br>it results in a signature that only the recipient can identify - if anybody<br>else tries to verify it, they can't, which results in a mostly-repudiatable<br>signature.<br><br>Of course, the *usual* use case is to either:
<br><br>*encrypt* with the recipients public key (so only their private key can decrypt<br>it), and then sign the whole thing with your private key (so they can verify<br>you did it by using your public key). This results in something that anybody
<br>can verify you sent, but only the recipient can read. or...<br><br>Sign with your private key, then encrypt with their public key - at that point<br>only the recipient can decode it. In addition, only the recipient can see the
<br>(now-decoded) signature and verify it.<br><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=14">http://www.goldwatches.com/watches.asp?Brand=14
</a><br><a href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a>