[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository

On Mon, 23 Jun 2008 22:31:02 +0200 Arnoud Engelfriet wrote:

> Francesco Poli wrote:
> > On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
> > > I don't think that "modifying" has any reasonable meaning when talking
> > > about cryptographic keys.
> > 
> > Why not?
> Because it implies that you'd obtain something meaningful after
> the modification. The intent of the right to modify is that you
> can do something meaningful with the work.

Never underestimate the unexpected results you can obtain by giving
some permission to unknown people!   ;-)

I mean: just because you cannot think of any meaningful modifications,
it does not mean that nobody will ever come up with some.
Maybe someone will turn your public key into some sort of ASCII art!
Or who knows what?

> I do not see any meaningful modification I can do with someone's
> key block.
> > 5454 may be modified into 5457 by adding 3.
> > Or into 2727 by dividing by 2.
> Well, if that's what you want, then the key block is source enough
> for the purpose.


> I just don't understand the point. It gets much
> more interesting if you want to modify, say, the name and e-mail 
> address in an informational field in the key block.

I suppose you can do that without access to the secret key.
Of course at that point you would break the self-signature: at least I
hope so, otherwise forging a fake public key would be too easy!   ;-)

 The nano-document series is here!
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgp_I1mEYJETd.pgp
Description: PGP signature

Reply to: