-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> So, the other part, that I mistakenly thought I'd read
here, some
> months ago, is not so .. and not likely to happen I
take it?! So,
> OK, I'll erase that part from my memory ... the part
about
> continuous
> signing making it easier to crack.
>
> thanks RH, or Harry Lime, or Terry Micklethorpe ....
I believe the 'exchange' you were/are remembering had to
do with the
Thread surrounding the "successful attacks on
SHA1" and what was said
dealt primarily with providing fodder for a direct attack
against a
'specific' Sig.
It was the portion of the Thread surrounding the fact that
SHA1 (and
the 'late' MD5) were *not* as 'intertwined' with the
Encryption Key
as they are in SHA2 sigs used with an RSA Key. If Personal
RAM
serves me; this was one of the primary arguments given by
Robert for
"moving slowly to the Fire Exits" &
gradually migrating to an RSA Key
vs. using a DH/DSS Key.
As to 'Sigs' on email are concerned....they are amusing to
Me for for
many reasons. When GnuPG 'spots' one and goes in
'search' of it for
me; I like seeing a.)Did it find it? b.)Can I? c.)If found,
did
Enigmail portray a Green (trusted) bar or a Blue (untrusted)
bar.
If a Key that wasn't previously on my Keyring is shown as
Green/Trusted, I like to 'Open' the Key and examine the
"Trust Path"
(via Signatures on the Key) and check out the 'Trust
Pedigree'
involved.
Knowledge conveyed via a Group/List Post needn't be
"trusted" as it
can be independently confirmed through other sources. Never
confuse
Trust with Respect. The "Man Called Hansen" is
generally pretty
accurate and has the ability to visit more Conferences than
I. I,
therefore, 'Respect' this individuals relayed knowledge;
but loaning
him even enough to visit a Vending Machine, Well, that
requires
'Trust' on My part.
For that I gotta know that if/when he defaults and cheats me
outta my
money; I can hunt him down and kill him. Or, write it off
as a
'gift' and make a mental note to *never*, *ever* 'Trust'
him again.
I respect a great many folks that I wouldn't trust with
anything.
JOHN 
Timestamp: Monday 20 Feb 2006, 14:19 --500 (Eastern
Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: Gossamer Spider Web of Trust: www.gswot.org
iQIVAwUBQ/oWRSIVXNyTGwuwAQIdrA//QlWrR2HFlqW5bjNhkjDEjt/8nYhX
czft
EUR0llqC0pdHe/ZmaKEEXAatElZejzgAbsP5lOfkrzB+clCxj0lzChBmgO+m
Rgwh
kt7hp0SkIqjIjSuvUWFsgmF4FUpuUujeNdAVfuq94ntVpY8iCP+HisWBVL4d
8x/2
WYEeAWXreq+gijvZcsmyySBTftmDDLFZR1/D61NFspAB6A5jsVXOBwsK0BG4
QH2v
kQrrVuUyY9ERg9+H9au45/lv/9Nwicwbonn5zoWDoj/1w4EOThBDpKMN2WlJ
f/Wu
iCvwoD/7EpBNFKUCwMjGajgftZoc8yOJ3wFMVZQTD6oHjwnxfZ13+ckR86+E
qkaH
TMmcJC2Ad9d05vpXA+8x272HeIzT1ik5Df84JOtTJm4gVvyIVXXsnhY62Bxb
O7KH
9sSSpQMkQjsoMMZicL3fh8vMVg3ulSWHB/VKgszCjKzUwm9D6B6YAK55hAt3
mKqq
VvnUAGESS4ev1IvhBJ5JD8QzCIDEwp5Sx0ijoYxAwnNBRyKKaYSSQdPwDakO
02bu
ZBQM6HQOFGhaatyhv3c6RCEuY4jahz+2iRUc/nKzoBjG4j5a1e5090usAn0+
CNbs
qlLwotoiuJg2ueL3edvNx7S14lFz4X7/8hp++IIaPEMhs4cV4kttS5n9+4np
Aomn
cQoFCbLU0Sk=
=xFPe
-----END PGP SIGNATURE-----
____________________________________________________________
__
Archives: htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:
mailto:PGP-Basics-OT-subscribe@yahoogroups.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://grou
ps.yahoo.com/group/PGP-Basics/
<*> To unsubscribe from this group, send an email to:
PGP-Basics-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|