GPG signatures
Michael Schwendt
ms-nospam-0306 at arcor.de
Wed Dec 31 02:31:57 UTC 2003
On Tue, 30 Dec 2003 16:33:17 -0500, Sean Estabrooks wrote:
> I'll point out that some very high profile people who are more likely to
> be spoofed (Linus, Andrew Morton etc etc) haven't found it necessary to
> resort to including a signature in each and every message they send.
Such VIPs are backed by many people who pay attention to possible abuse of
sender addresses or fake content. I would assume that if someone got a
suspicious message from Linus, he could not be fooled and he would examine
the message closely and report the incident somewhere. I don't expect that
anyone creates a fake message using my name and posts it to public MLs or
to people privately. Nevertheless I like to use GPG signatures as some
sort of virtual identity card for public communication where I may change
my e-mail address and/or provider from one day to the other. It also
creates a track of GPG key usage, so my key is much more often tied to my
name's public appearance than if it were only stored on a keyserver or
used in signatures of security relevant patches or packages.
> People come to know you through your posting on a mailing list and aren't
> likely to be fooled if your name appears on a message offering them access
> to an adult website. Is this really something that happens a lot to you?
Well, you can check the archives and see that I have had posted unsigned
messages for a long time. You will also notice that my current GPG key
predates those unsigned messages a good bit. Later (around the time of
Psyche release, IIRC) one of my subscription addresses has been hit hard
by bounced messages which contained virus attachments and recycled message
bodies. Whether coincidence or not, switching on GPG signatures has cut
off the complaints.
Oh, and I have never ever received complaints about signing my messages,
except one time when Base64 encoded message bodies made it into the list
archives and created unreadable entries.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20031231/ffe87f3e/attachment-0002.bin
More information about the users
mailing list