[Fwd: Czech attack to PGP]
Charles Lindsey
Charles Lindsey <chl at clw.cs.man.ac.uk>
Fri, 23 Mar 2001 18:52:58 +0000 (GMT)
On Fri, 23 Mar 2001 13:24:24 +0000 (/etc/localtime)
Ben Clifford <benc@hawaga.org.uk> said...
>
> > 4. Plod does not believe you, but he cannot prove it is not signature
> > only. But he deperately needs your passphrase (for whatever reason).
> > So he invites you to "demonstrate this is a signature key" by signing
> > something with it.
>
> Does signing something demonstrate that the key is a signature *only* key?
>
> Getting you to sign something would allow them to check that it is the
> same key that you have used to sign stuff with, but I don't see how that
> proves that it is not an encryption key.
You know that, and I know that, and Plod knows that. But does the poor
victim know it?
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5