[NTLUG:Discuss] GPG and Signing

MadHat madhat at unspecific.com
Wed Jul 2 14:45:20 CDT 2003 

On Wed, 2003-07-02 at 14:18, Chris Cox wrote:
> MadHat wrote:
> > So what is it on this list that makes you think someone is going to
> > spoof a message from you to this list?  Why would anyone think this list
> > is important enough to sign every message to verify that message is
> > really from you? 
> > 
> > This seems to be overkill, pointless and not to mention breaking in
> > Evolution for several people.
> > 
> > As I have said I have submitted a bug to Ximian about this, but what I
> > want to know is why anyone feels its necessary to sign every message? 
> > (not that I'll be able to see their replies ;^) hehehehe)
> > 
> 
> Signing messages can be enabled by default in Mozilla.
> It's sort of like saying why use passwords on every system
> you own? It's easier to just do it and not wonder about
> whether it's ok or not on a case by case basis.
> 

But what is the use of signing the message?  Its isn't like using
passwords, its like putting your thump print on every piece of
snail-mail you send to all your friends, family and coworkers so they
know it is you.  Here is another issue.  I don't have his public key, so
I can't verify it is him anyway.  The only way I can get his public key
right now is via email or a server, but how do I know that the key is
valid?  So signing to anyone you haven't given your key to in a secure
manner is useless anyway.  

I just find it to be a false sense of security.  Like having SSL turned
on with your web server.  Just because things are encrypted over the
wire does not me the site itself is secure.  It should be used when
necessary and with the appropriate safeguards in place and not to be
used to give "warm fuzzies".

> Sounds to me like you're a evolution-loving-whiner :-)

No, I bitch when I don't use evolution as well.  I just use this because
it is easier at work.

> 
> Oh well.  It's called evolution for a reason.

evolution take time, that's the problem.  The Ximian guys said the
problem is S/MIME and it is "not supported at this time".  I told them
their product was "not usable at this time", we'll see what they ahve to
say.


Sorry, off topic.

-- 
MadHat at Unspecific.com
`But I don't want to go among mad people,' Alice remarked.
`Oh, you can't help that,' said the Cat: `we're all mad here...'
   -- Lewis Carroll - _Alice's_Adventures_in_Wonderland_

More information about the Discuss mailing list