On Tue, 30 Dec 2003 16:33:17 -0500, Sean Estabrooks wrote: > I'll point out that some very high profile people who are more likely to > be spoofed (Linus, Andrew Morton etc etc) haven't found it necessary to > resort to including a signature in each and every message they send. Such VIPs are backed by many people who pay attention to possible abuse of sender addresses or fake content. I would assume that if someone got a suspicious message from Linus, he could not be fooled and he would examine the message closely and report the incident somewhere. I don't expect that anyone creates a fake message using my name and posts it to public MLs or to people privately. Nevertheless I like to use GPG signatures as some sort of virtual identity card for public communication where I may change my e-mail address and/or provider from one day to the other. It also creates a track of GPG key usage, so my key is much more often tied to my name's public appearance than if it were only stored on a keyserver or used in signatures of security relevant patches or packages. > People come to know you through your posting on a mailing list and aren't > likely to be fooled if your name appears on a message offering them access > to an adult website. Is this really something that happens a lot to you? Well, you can check the archives and see that I have had posted unsigned messages for a long time. You will also notice that my current GPG key predates those unsigned messages a good bit. Later (around the time of Psyche release, IIRC) one of my subscription addresses has been hit hard by bounced messages which contained virus attachments and recycled message bodies. Whether coincidence or not, switching on GPG signatures has cut off the complaints. Oh, and I have never ever received complaints about signing my messages, except one time when Base64 encoded message bodies made it into the list archives and created unreadable entries. --
Attachment:
pgpDOjzFbjaML.pgp
Description: PGP signature
