On 09/21/15 13:20, Matthew Woehlke wrote: > On 2015-09-20 12:58, Phil Stracchino wrote: >> A Privacy red-flag is a little harder to quantify. About the only case >> I can think of is if a message is encrypted, but with a key that has >> been revoked or does not match the claimed sender. But this should >> probably be considered an Authenticity failure. > > No, actually you were right the first time. Authentication is based on > the integrity of the SENDER'S private key. Encryption is based on the > integrity of the RECEIVER'S private key(s).
Doh! You're correct of course. > I could certainly imagine this happening if someone sends you a message > encrypted using an old public key of yours that you happen to know is > compromised, because the sender is not aware that it is compromised / > revoked. Yup. That would be a valid case. -- Phil Stracchino Babylon Communications [email protected] [email protected] Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
