gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56bdc100.hantslug.org.uk.2735': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu Apr 10 15:39:25 2008 BST
gpg: using DSA key 2FF22CF403F94B5D
gpg: Can't check signature: No public key
> From distant memory, DH key exchange also manages to have some
> protection against man-in-the-middle attacks (but I could be wrong
> about that -- my crypto books are at home).
I think is because DH can also be used for digital signatures (e.g.,
compute message hash, sender *DE*crypts that using their private key,
receiver uses sender's public key to encrypt this and check the hash).
This can be forged by a MITM, but the attacker would have to
poison/intercept the sender's public key, which would more than likely
just kill its trustworthyness. Hence public keys are normally packed
into certificates which are checked and digitally signed by either a
"trusted" authority (like HTTPS-enabled sites) to help ensure their
integrity. The other approach is the PGP-style keysigning web-of-trust.
James
--
The Holy ettlz TheHolyettlz@???
PGP key ID: 03F94B5D
-----------------------------------------------------------------------
