-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2010-10-26 at 21:21 +0200, Per Jessen wrote:
Carlos E. R. wrote:
It is part of the signing process to convert dash-dash-space to dash-space-dash-dash-space (on a line and alone).
I know I have read an explanation of why this is done, but I don't remember where.
It sounds very dodgy for the contents to be altered by the signing program.
It is part of the standard. Certain letter combinations that are used for other things have to be defanged (is that the word?). The begin line-dash-dash means something else for pgg, so the signature can not start that way or it breaks. This change is intentional and documented, but I can't remember where.
I cannot see that signing verification is of much use except with contract and/or financial dealings.
And PGP signing is not used for any of those: they want a system with a certification authority (and one they trust). PGP is a kind of renegade thing (that's not the word I want, but it will do).
Yes and no - it's all about trust, and in the end you've got to trust someone. There's nothing "renegade" about e.g. gnupg, it's development was even funded by two Federal German Ministries.
PGP requires that you exchange keys in person, face to face, with the person you are going to communicate, so that you know that the keys are really from that person. If you get the key from a repository but nobody certifies to you that those keys really belong to whom they say, they are useless as certification of identity. This is why they make "key signing parties", like the one the held recently at the opensuse conference. My email is signed, but how do you know that I'm named that way, and that I'm not possing as somebody else? The only thing I certify with that signature is that all mails signed with the same key come from the same person. Not that I'm really Carlos. The keys that are used for identification rely on a central organization that verifies who you are (in person) and then they give you a key, or you make one and they sign it. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzHW0sACgkQtTMYHG2NR9UfyQCcDLhZJgh0Cr+eOYqaWoMmDJ9h oa0AmwZN8IZgQ7OMxwufpV5KjrPm4Urg =3/AG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org