Re: GPG signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 30 Dec 2003 11:31:00 -0500, Sean Estabrooks wrote:

> > Automatic downloading of keys makes me wonder what the use of PGP / GPG
> > signing really is. All it will do, in this case, is tell you that the
> > person who sent the message is the person who uploaded the key. Which,
> > in reality, tells you nothing.
> 
> Most times the best it can do is assure you that the same sender is
> responsible for a set of messages.   The biggest benefit to the sender
> of signed messages is that it's hard to impersonate them.  However on a
> public help list the risk of this ever happening is so small that it makes
> the costs of the technology highly questionable.  The number of reasons to
> impersonate anyone on a public help list is so small that it leads me to
> believe that the people signing messages are more interested in playing
> with it as a toy rather than avoiding any risk to themselves.

Tell that those people who post complaints to my e-mail address after they
had received Windows virus/worm based junk messages or SPAM with my
address in the "From" field. I would deactivate signatures again (and
return to my old posting-style) if more users knew how to read e-mail
headers and not blamed me after they had opened an .COM attachment in a
mail which includes my name. Some worms take an old mail from a folder on
the local disk and only append text or add a malicious attachment before
piping it out to arbitrary people in an addressbook. This makes it look
like it's a normal posting from me. Even if a signed message were copied
completely, a signature includes a timestamp of when the signature was
made. This makes it impossible to recycle old signed messages.

Another reason why I auto-sign my messages on public mailing-lists is that
I like to throw away e-mail addresses as soon as they are bombed with
SPAM. My current one is suprisingly spam-free, probably due to the
"nospam" in it.

I disable signatures where recipients know when it's me and when it's
SPAM/virus/fake.

--

Attachment: pgpHXpA7EF9YQ.pgp
Description: PGP signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux