On 07/13/2016 10:49 AM, Georgi Guninski wrote: > On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote: >> OK, let's see if you can spoof my email address, and produce a signed >> message with a valid signature :) >> > > Spoofing your email detectably is trivial, e.g. with netcat by hand.
For sure. > If I could sign in your name, why kill your private key publicly, > scaring gpg lusers? Wouldn't it be better for me to profit from your > private key? For lulz :) And anyway, Mirimir has nothing worth stealing except reputation. > IMHO for the majority of lusers, getting their private key is not > related to crypto, more to apps sploits. True. Not so trivial, though. > lol, just trolling ;) :) > @juan: denying you wrote something signed is possible too. just revoke > the key, claiming hax0r attack. for plausibility you can leak the > private signing key (assuming it is worthless as it should be on ML). :)
