Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: selling office 2003 & 2007 0day

From: "James Matthews" <nytrokiss () gmail com>
Date: Tue, 17 Jul 2007 08:53:14 -0700
If he got a dollar every time someone says he has 0-days to sell we would be
bossing bill gates around (as if we aren't now =)! )

On 7/17/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:


On Mon, 16 Jul 2007 21:12:04 +0200, Pieter de Boer said:

> Ohwell, signing with public keys is pointless anyhow.. *whistles
innocently*

Signing it with the *recipient's* public key can be somewhat interesting,
as
it results in a signature that only the recipient can identify - if
anybody
else tries to verify it, they can't, which results in a
mostly-repudiatable
signature.

Of course, the *usual* use case is to either:

*encrypt* with the recipients public key (so only their private key can
decrypt
it), and then sign the whole thing with your private key (so they can
verify
you did it by using your public key).  This results in something that
anybody
can verify you sent, but only the recipient can read.  or...

Sign with your private key, then encrypt with their public key - at that
point
only the recipient can decode it.  In addition, only the recipient can see
the
(now-decoded) signature and verify it.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
http://www.goldwatches.com/watches.asp?Brand=14
http://www.jewelerslounge.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: