[clue] Speaker for 2014-11-11 talk.
David L. Anselmi
anselmi at anselmi.us
Mon Nov 10 19:57:31 MST 2014
Aaron D. Johnson wrote:
>
> Encrypting and signing it before sending it assures the receiver that
> its contents were not disclosed in transit and that the contents of
> the file were not modified while moving across a network controlled by
> other, possibly hostile, parties.
I think it's fairly difficult to modify an encrypted message in a way that allows it to decrypt as
something different than the original. So if the message decrypts you're reasonably sure it wasn't
modified and no signature is required for that.
The signature likely verifies the identity of the sender, and for unencrypted messages that they
haven't been changed.
In my case the identity of the sender is demonstrated by the fact that they logged in to the SFTP
account. That's not non-repudiation but it's much less a concern than confidentiality. So
signatures are rarely used.
Dave
More information about the clue
mailing list