Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!apple!usc!sdd.hp.com!ucsd!ucbvax!van-bc!rsoft!mindlink!a577 From: a577@mindlink.UUCP (Curt Sampson) Newsgroups: comp.org.eff.talk Subject: Re: Digital Signatures and Public Key Cryptography Message-ID: <2998@mindlink.UUCP> Date: 29 Aug 90 16:10:57 GMT Organization: MIND LINK! - British Columbia, Canada Lines: 35 > jik@athena.mit.edu writes: > > |> Keep in mind that if I had signed a contract a year ago and then > |> made public my private key so that I could claim that I hadn't signed it, > it > |> would enable *anyone* to read *any* of my correspondence for the past > year. > > This is only true if they actually have read access to the correspondence. > Personally, I don't keep any of my mail world-readable, so this wouldn't be a > problem for me, and if you are sending sensitive information over the mail, I > would suggest that you print it out and then delete your on-line copies as > soon as possible. So this isn't really much of a problem. Yes, but as soon as mail goes out over a network it's basically publicly readable. Newer networks may have better security than usenet does, but this is what's currently the case. Anyone interested in your documents would simply collect all of them as they go by and keep copies. > |> It would also > |> enable people who had signed contracts with me to claim that anything I > had > |> allegedly signed might be forged. > > Not really, if you say, "I just discovered that my private key was > accidentally made public on . Anything signed with my key > on or after that date may not have actually been signed by me. However, I am > certain that anything signed with me key before that date was definitely done > by my own hand." Not that I pointed this out. My hypothetical case was that of someone who, a year after the fact, decided to renge on a contract. All of the contracts during that year could be claimed to be possible forgeries. -cjs ( Curt_Sampson@mindlink.UUCP )