-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 20 March 2003 13:19, Tom Emerson wrote:
note: some may consider this a shade "off-topic", so if it degenerates further I'll mark it as such. For now, however, this should be some "good info" for those that are curious [and besides, it centers around a feature that is implemented more completely in Linux than in windows ;) ]
Tom, Thank you for an excellent explanation. At the time I wrote my (rather curt) response, I was in a rush. Basically, as you noted, and others, signing messages is a personal decision. One of the arguments for signing everything that I have heard is that it is a "promotion" thing. I'm not paranoid, but as you explained, it is simple to forge headers and "be someone else" to all except those who know how to verify headers. I have been signing messages, first when I used Evolution, and now with KMail, for about a year now. Everytime I come across a signed email for which I do not have the senders key, I query key servers and if it is available, I put it in my public key ring. That does not guarantee that the person who a) generated the key and b) signed the email are really who they say they are, but it's a bit better than nothing. Now, the best thing is to be face-to-face with someone and get their public key, after verifying their identity (as in a key-signing party). Public keys are ASCII exportable, and can even be written out and typed back in and imported. Anyway, when all is said and done, I believe it is a Good Thing (TM), and I have no intention on stopping. - -- Mitch Thompson, San Antonio TX // WB5UZG Red Hat Certified Engineer (RHCE) http://home.satx.rr.com/mlthompson Independent Amsoil Dealer http://amsdealer.webhop.biz GPG: BBDA 3A2A 4483 BD0D 7CED B8A9 D183 C8F6 B0AF 66AE wget -O - http://home.satx.rr.com/mlthompson/pubkey.gpg | gpg --import - -- "There are 10 kinds of people in the world: those who understand binary, and those who don't." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQIXAwUBPnqLXtGDyPawr2auFAI/dwf/dkcHfbryHjzyp1OueshXdXqznEFXmc5H +ixOwkd2eELxfSrUVKyyRmsi4uD/NnqMatsHaxD3VpyuAS5iofnpEsIPGQmQ5QCl DYHBbhtzitX4+s0/NkYNpjd5iVp1qJ7fBY5HrUWMEKVebfvxR1UllUyzj5+mGqFD fEVIyCHtg9UnNegrTVUF4hVP+WJm9d/t6o19slgJpxEhP3qM3d7DRC+nLrPT+Z+L fuUgJYrNSkHQRlYpKfvQwRCuihgeHM+L6k28civ5DAigWqzT4mWdWA65H0Cfd4zy C4Um3Sm0kB1xAAZa9W4fUwpQE2RaVTMLlC+2Dmh+Axji0CpdBzkvCgf9FlVCHvDa Ufphx8RSuEU0HxKbl6+c+FFx5Jdl188EtgYqPIdWosu1t4DuCUWcTCkxwP/q1PVl 2qyC2ErBB3kdFIN+0IYLceBvvqQrqOy+yM5Co+4Be6zy4OMXRpIsYQZvoheDHkFk XYX94GugsYs+eCIaJsZg5m9HFwfrSihiiO7c/zzkpNTsdPYqeeunOlL27ZdywtVN ygbz9/+tGxclWF848qvXchToxSFQLdl9W2fTk4X6HYgGoADrwkCDqjc0deDRabBd 9/ePx1UCJCY1nBMSY9yzQsBVofR35O0quU/cUheqgpuQ3gpCHdBJcSlkVjgJ4oRD DRXbr83P62tH5g== =ZDZo -----END PGP SIGNATURE-----