On Sat, 2009-07-11 at 22:49 -0400, David wrote: > Did I understand correctly that 'g' thinks that since he 'signs' his > emails to this list with an unpublished key that no one from this > list, for example me, can email him directly? Directly to his email > address instead of to the list? That's not what I understood, more like the common belief that: The general idea is that /real person/ signs their mail, so everyone else knows that the real person was the one who sent certain messages. But /some forger/ can't send their forged mail signed with the same signature, and everyone can check whether a post came from the real person or the forger. However, it falls apart for various reasons: The signature doesn't really prove much, if anything. Other than, perhaps, that a message hasn't been altered in transit by another person. The forger can create a signature, upload that to a key server, and fool some people. The real person can send unsigned mail, and claim that it wasn't them that sent it, because it wasn't signed. (An old trick for getting away with sending nasty mail.) -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
