Re: PGP Lame question (PKI 101)



"Ari Silverstein" <abcarisilversteinn@xxxxxxxxxxxx> wrote in message
news:tp39svot6sqc.tif5rir49f41.dlg@xxxxxxxxxxxxx
[on PGP signing flaw]
> The sending of the email presupposes that the PGP (in this case)
> protection
> scheme has been broken (for instance by attack on the passphrase or
> reading
> a Post-it note). Now what we have is a real, known email address from a
> Forger. Authentication (verification "you are who you say you are") of the
> user becomes paramount if there is a compromise of the signatory
> mechanisms.

Once again, because I know this has been told to you several times during
this conversation. PGP signs then encrypts. The intended recipient can
decrypt, leaving the signature in tact. The intended recipient can then
reencrypt the signed message, and resend it. The end, there is no attack on
the passphrase no matter how many times you pretend it to be so.

>
> As per my first comment in this thread.

And you were wrong then too.

>>> Agree but when he re-encrypts, the private key has changed to the
>>> Forwarder's yes?
>
> On Mon, 05 Dec 2005 00:27:58 GMT, Joseph Ashwood wrote:
>
>> No. The signing key will remain the same, as the message is simply
>> re-encrypted, not re-signed. I really feel it would be useful for you, in
>> light of that fact that you have claimed to be developing a "secure"
>> email
>> system for a not-for-profit, to read up on such fundamentals as PGP and
>> PKCS7 both of which will likely be of great use in understanding what you
>> are undertaking.
>
> Appreciate the comment.

Obviously you did not appreciate the content of the comment fully. The
documents I suggested fully and completely refute your view, and reveal the
actual nature of the designs stated. This nature is in extreme contrast to
your misunderstanding of them.

>> Actually this attack has nothing to do with forgery, the signature
>> included
>> is in fact 100% authentic.

> In fact, it has everything to do with forgery since the presupposition as
> stated above.

Mistaken presuppositions have nothing to do with reality. Allow me to
introduce you to one of the fundamental lemmas of logic; if you reach a
conclusion that cannot be true, either your argument is flawed, or your
assumptions. You have reached this state, now as it turns out, both your
argument and assumptions were flawed.
Joe


.