pgpfan:downgrade
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
| pgpfan:downgrade [2020/07/09 16:17] – Better order for more clarity b.walzer | pgpfan:downgrade [2020/07/11 15:01] – A good way to think about this b.walzer | ||
|---|---|---|---|
| Line 18: | Line 18: | ||
| The preference information is in the secure part of the identity. That means that it is signed by the public key also embedded in the identity. This is the public key that will be used to encrypt the email so the preferences are linked to the public key in a way that means that you would have to break the underlying encryption to modify the preferences. If you could do that then you would not have to bother with a downgrade attack. | The preference information is in the secure part of the identity. That means that it is signed by the public key also embedded in the identity. This is the public key that will be used to encrypt the email so the preferences are linked to the public key in a way that means that you would have to break the underlying encryption to modify the preferences. If you could do that then you would not have to bother with a downgrade attack. | ||
| + | |||
| + | You can think of this as a secure signed message embedded in the PGP identity intended to inform those who want to send you secure messages. | ||
| PGP means that you get to choose how you want your messages sent to you. There is no opaque process somewhere in the middle that can override that preference. | PGP means that you get to choose how you want your messages sent to you. There is no opaque process somewhere in the middle that can override that preference. | ||
pgpfan/downgrade.txt · Last modified: 2020/07/11 15:05 by b.walzer