-----BEGIN PGP SIGNED MESSAGE-----
Exactly, the signed messaegs are not about privacy, they are about
non-repuditation, it is trivial to spoof sender information on an
email, but using message digesting creates a signature that not only
can other use to validate your message, but you can use to validate
archives of it at a later time. In addition to authentication, this
also provides for message integrity checking.
As to the inline signing v.s. mime attachments, the former is much
easier to deal with, though the attachments are less likely to get
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
-----END PGP SIGNATURE-----
----- Original Message -----
From: "Avi" <avi.wiki(a)gmail.com>
Sent: Thursday, May 29, 2008 10:02 PM
Yes, that is true. As has been explained by others,
the privacy element
comes in to play with encryption. For example, only NonvocalScream and
myself (outside of the NSF, and probably including them too) will be able
decrypt the following message:
That is the privacy element. As for identity, being that I have NVS's
key, I can confirm that only someone with control over his private key
signed messages with the appropriate header and signature.
Also, many people use gmail through an IMAP client such as Thunderbird,
they have the signature auto set. Personally, I use the web interface,
is why you do not always see my messages signed. However, for people who
involved with PGP, signing one's messages more often is a good way to
confirm one's identity, because only the holder of the private key can
accurately sign the message, and anyone with a PGP client can check that.
Here's an example I came across just now for how PGP can help with
I understand that it can look somewhat bizarre, but is it that much more
annoying than 47-line long threads with 14 greater-than signs or a 25 line
signature-cum-curriculam vitae :-) ?