GPG signatures
Michael Schwendt
ms-nospam-0306 at arcor.de
Tue Dec 30 19:13:25 UTC 2003
On Tue, 30 Dec 2003 11:31:00 -0500, Sean Estabrooks wrote:
> > Automatic downloading of keys makes me wonder what the use of PGP / GPG
> > signing really is. All it will do, in this case, is tell you that the
> > person who sent the message is the person who uploaded the key. Which,
> > in reality, tells you nothing.
>
> Most times the best it can do is assure you that the same sender is
> responsible for a set of messages. The biggest benefit to the sender
> of signed messages is that it's hard to impersonate them. However on a
> public help list the risk of this ever happening is so small that it makes
> the costs of the technology highly questionable. The number of reasons to
> impersonate anyone on a public help list is so small that it leads me to
> believe that the people signing messages are more interested in playing
> with it as a toy rather than avoiding any risk to themselves.
Tell that those people who post complaints to my e-mail address after they
had received Windows virus/worm based junk messages or SPAM with my
address in the "From" field. I would deactivate signatures again (and
return to my old posting-style) if more users knew how to read e-mail
headers and not blamed me after they had opened an .COM attachment in a
mail which includes my name. Some worms take an old mail from a folder on
the local disk and only append text or add a malicious attachment before
piping it out to arbitrary people in an addressbook. This makes it look
like it's a normal posting from me. Even if a signed message were copied
completely, a signature includes a timestamp of when the signature was
made. This makes it impossible to recycle old signed messages.
Another reason why I auto-sign my messages on public mailing-lists is that
I like to throw away e-mail addresses as soon as they are bombed with
SPAM. My current one is suprisingly spam-free, probably due to the
"nospam" in it.
I disable signatures where recipients know when it's me and when it's
SPAM/virus/fake.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20031230/95273cc3/attachment-0002.bin
More information about the users
mailing list