R v.Lambert House of Lords and RIP reverse-burden-of-proof
Matthew Pemble
matthew.pemble at btinternet.com
Wed, 11 Jul 2001 17:36:37 +0100
Adrian Midgley wrote:
>
> From: Owen Lewis <oml@eloka.demon.co.uk>
>
> >> sending him some enciphered material (having created
> >> a key in his name which I later discard).
> >
> >This is one reason why PGP as 'strong cryptography for the masses' is
> a
> >flawed system. You would not be able to do this to me or to many
> others,
> >only to those who lay themselves open to this form of abuse.
> >
> >Owen
>
> That appears to be trivially easy to do, to me. What am I missing?
Nothing. It is trivial. Unlike a competent CA (or any other
mythological creature) PGP does not (and cannot) check that you own the
email address you are generating the key for.
--
Matthew Pemble
Eur Ing CEng MIEE MBCS AIMgt
Technical Director
Idrach Ltd
Tel: + 44 (0) 7050 128620
Fax: + 44 (0) 1324 610367
Email: matthew@idrach.com
Web: www.idrach.com