Carlos E. R. wrote:
On Tuesday, 2010-10-26 at 21:21 +0200, Per Jessen wrote:
Carlos E. R. wrote:
It is part of the signing process to convert dash-dash-space to dash-space-dash-dash-space (on a line and alone).
I know I have read an explanation of why this is done, but I don't remember where.
It sounds very dodgy for the contents to be altered by the signing program.
It is part of the standard. Certain letter combinations that are used for other things have to be defanged (is that the word?). The begin line-dash-dash means something else for pgg, so the signature can not start that way or it breaks. This change is intentional and documented, but I can't remember where.
Interesting, I didn't know. Does that mean that gpg-aware email agents should be decoding this too?
I cannot see that signing verification is of much use except with contract and/or financial dealings.
And PGP signing is not used for any of those: they want a system with a certification authority (and one they trust). PGP is a kind of renegade thing (that's not the word I want, but it will do).
Yes and no - it's all about trust, and in the end you've got to trust someone. There's nothing "renegade" about e.g. gnupg, it's development was even funded by two Federal German Ministries.
PGP requires that you exchange keys in person, face to face, with the person you are going to communicate, so that you know that the keys are really from that person.
I'm sure I've heard of a scheme in Germany whereby you were able to use Deutsche Post as an intermediary - Postident I think it is. I don't know if it still works.
If you get the key from a repository but nobody certifies to you that those keys really belong to whom they say, they are useless as certification of identity. This is why they make "key signing parties", like the one the held recently at the opensuse conference.
Sure - c't has been running their "Crypto-Kampagne" since 1997.
My email is signed, but how do you know that I'm named that way, and that I'm not possing as somebody else? The only thing I certify with that signature is that all mails signed with the same key come from the same person. Not that I'm really Carlos.
Well, it's not about your _identity_ as such, it's about authentication of the email. -- Per Jessen, Zürich (8.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org