GPG signatures
Sean Estabrooks
seanlkml at rogers.com
Tue Dec 30 16:31:00 UTC 2003
On Tue, 30 Dec 2003 11:54:45 -0400
"Trevor Smith" <trevor at haligonian.com> wrote:
> Automatic downloading of keys makes me wonder what the use of PGP / GPG
> signing really is. All it will do, in this case, is tell you that the
> person who sent the message is the person who uploaded the key. Which,
> in reality, tells you nothing.
Most times the best it can do is assure you that the same sender is
responsible for a set of messages. The biggest benefit to the sender
of signed messages is that it's hard to impersonate them. However on a
public help list the risk of this ever happening is so small that it makes
the costs of the technology highly questionable. The number of reasons to
impersonate anyone on a public help list is so small that it leads me to
believe that the people signing messages are more interested in playing
with it as a toy rather than avoiding any risk to themselves.
Sean
More information about the users
mailing list