Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2014-09-15 📝 Original message:On Mon, Sep 15, 2014 at ...
📅 Original date posted:2014-09-15
📝 Original message:On Mon, Sep 15, 2014 at 3:51 PM, Matt Whitlock <bip at mattwhitlock.name> wrote:
> On Monday, 15 September 2014, at 5:10 pm, Thomas Zander wrote:
>> So for instance I start including a bitcoin public key in my email signature.
>> I don't sign the emails or anything like that, just to establish that everyone
>> has my public key many times in their email archives.
>> Then when I need to proof its me, I can provide a signature on the content
>> that the requester wants me to sign.
>
> That would not work. You would need to sign your messages. If you were merely attaching your public key to them, then the email server could have been systematically replacing your public key with some other public key, and then, when you would later try to provide a signature, your signature would not verify under the public key that everyone else had been seeing attached to your messages.
If the server could replace the public key, it could replace the
signature in all the same places.
Please, can this stuff move to another list? It's offtopic.
📝 Original message:On Mon, Sep 15, 2014 at 3:51 PM, Matt Whitlock <bip at mattwhitlock.name> wrote:
> On Monday, 15 September 2014, at 5:10 pm, Thomas Zander wrote:
>> So for instance I start including a bitcoin public key in my email signature.
>> I don't sign the emails or anything like that, just to establish that everyone
>> has my public key many times in their email archives.
>> Then when I need to proof its me, I can provide a signature on the content
>> that the requester wants me to sign.
>
> That would not work. You would need to sign your messages. If you were merely attaching your public key to them, then the email server could have been systematically replacing your public key with some other public key, and then, when you would later try to provide a signature, your signature would not verify under the public key that everyone else had been seeing attached to your messages.
If the server could replace the public key, it could replace the
signature in all the same places.
Please, can this stuff move to another list? It's offtopic.