On Tue, 30 Dec 2003 11:54:45 -0400 "Trevor Smith" <trevor@xxxxxxxxxxxxxx> wrote: > Automatic downloading of keys makes me wonder what the use of PGP / GPG > signing really is. All it will do, in this case, is tell you that the > person who sent the message is the person who uploaded the key. Which, > in reality, tells you nothing. Most times the best it can do is assure you that the same sender is responsible for a set of messages. The biggest benefit to the sender of signed messages is that it's hard to impersonate them. However on a public help list the risk of this ever happening is so small that it makes the costs of the technology highly questionable. The number of reasons to impersonate anyone on a public help list is so small that it leads me to believe that the people signing messages are more interested in playing with it as a toy rather than avoiding any risk to themselves. Sean
