On Mon, Sep 15, 2014 at 3:51 PM, Matt Whitlock <b...@mattwhitlock.name> wrote:
> On Monday, 15 September 2014, at 5:10 pm, Thomas Zander wrote:
>> So for instance I start including a bitcoin public key in my email signature.
>> I don't sign the emails or anything like that, just to establish that 
>> everyone
>> has my public key many times in their email archives.
>> Then when I need to proof its me, I can provide a signature on the content
>> that the requester wants me to sign.
> That would not work. You would need to sign your messages. If you were merely 
> attaching your public key to them, then the email server could have been 
> systematically replacing your public key with some other public key, and 
> then, when you would later try to provide a signature, your signature would 
> not verify under the public key that everyone else had been seeing attached 
> to your messages.

If the server could replace the public key, it could replace the
signature in all the same places.

Please, can this stuff move to another list? It's offtopic.

Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
Bitcoin-development mailing list

Reply via email to