On Tue, 2008-10-28 at 14:39 -0400, Michael H. Warfield wrote:
I would also point out one other important reason. Regressions. I've personally helped trouble shoot several significant problems in MTA's and filtering systems (MailScanner) when problems have cropped up where my signature didn't verify. Problems resolved down into corruptions in transports which then had to then be fixed.
I'm not claiming that PGP has no place in email messages. I'm questioning the value of PGP signed messages in ML messages...
As I stated in an earlier message, this has to do with traffic analysis as well as "preponderance of evidence" issues. That's two good reasons which have been well discussed in various cryptography forums and amongst security professionals for years. I remember having this debate in the PGP forums on USENET some 15 years ago. If you don't agree with it (and many still don't) that fine. I'm still signing and if someone can't handle that, it's their problem.
Preponderance of evidence? We are still talking about ML messages, right? I doubt that BigG will be sending his next Halloween message to Fedora-users ML... As for the -rude- "can't handle that, it's their problem" part, I assume that you'll silently accept the same behavior the next time someone drops a 15K HTML message with containing a picture of his pet in his signature. (Given that fact that your 8K message contains 1826 bytes of actual text...)
There's an old Jewish saying that - roughly translated (to English) - goes something like this: "Do not do the things that you hate the most to your friends."
I'd suggest you keep it mind.
- Gilboa