Digital signatures
Ed Greshko
Ed.Greshko at greshko.com
Fri Jul 13 01:38:16 UTC 2007
Tim wrote:
> On Thu, 2007-07-12 at 10:01 -0700, Les wrote:
>> I am starting this thread because I see many folks signing their
>> emails with a digital signature.
>
> I don't see a problem in someone posting a signed message. I do see a
> problem in believing that they are who they claim to be. There isn't
> any verification done, it's self-signed (self created). I've yet to
> find *any* GPG/PGP key that was counter-signed by another person, let
> alone one that was counter-signed by someone I trust.
Well, you don't have believe who they claim to be....but you have to admit
that if someone like "David Boles" signs all of his emails and you get an
email from someone claiming he is "David Boles" where he calls you "wanker"
but the signature doesn't verify then you know the "original David Boles" is
not to blame. That is why key management is there where you can assign
levels of trust.
> I think that is a glaring omission when it comes to RPM packages, or
> even notices about updates. Nevemind e-mails.
Nahhh... As long as you pickup the public key from a source you trust then
there is no issue.
More information about the users
mailing list