On Tue, 2008-10-28 at 20:03 +0200, Gilboa Davara wrote:
On Tue, 2008-10-28 at 12:05 -0400, Chris Snook wrote:
Joachim Backes wrote:
...
My question: are there rules for the fedora email traffic saying: do not use signatures?
No. Proper use of PKI (such as GPG signatures) is worth a few bytes. Anyone who desperately cares about this can choose to receive mail in daily digest format, which saves far more in headers than would be consumed even if everyone on the list used GPG.
-- Chris
... All nice and dandy, but it would have been nice if anyone would have been able to give me -one- solid reason why he/she needs to sign his/her messages - when they are being posted in a high-volume public ML. (Geek factor not included)
Real simple. Always sign messages when ever and where ever possible. The exception should only be those cases where it is precluded for some reason.
As I stated in an earlier message, this has to do with traffic analysis as well as "preponderance of evidence" issues. That's two good reasons which have been well discussed in various cryptography forums and amongst security professionals for years. I remember having this debate in the PGP forums on USENET some 15 years ago. If you don't agree with it (and many still don't) that fine. I'm still signing and if someone can't handle that, it's their problem.
I would also point out one other important reason. Regressions. I've personally helped trouble shoot several significant problems in MTA's and filtering systems (MailScanner) when problems have cropped up where my signature didn't verify. Problems resolved down into corruptions in transports which then had to then be fixed.
- Gilboa
Mike