-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Exactly, the signed messaegs are not about privacy, they are about
non-repuditation, it is trivial to spoof sender information on an
email, but using message digesting creates a signature that not only
can other use to validate your message, but you can use to validate
archives of it at a later time. In addition to authentication, this
also provides for message integrity checking.
As to the inline signing v.s. mime attachments, the former is much
easier to deal with, though the attachments are less likely to get
corrupted.
[[en:user:xaosflux]]
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQA+AwUBSD/tDtRQDZCQNK6YEQJMxQCg4oRBp413tpPdcF89Qu9q2dZNpxYAmLny
MWlwsbtAhtU6adP/4PAP0oA=
=vl/D
-----END PGP SIGNATURE-----
----- Original Message -----
From: "Avi" <avi.wiki(a)gmail.com>
Sent: Thursday, May 29, 2008 10:02 PM
Yes, that is true. As has been explained by others,
the privacy element
comes in to play with encryption. For example, only NonvocalScream and
myself (outside of the NSF, and probably including them too) will be able
to
decrypt the following message:
That is the privacy element. As for identity, being that I have NVS's
public
key, I can confirm that only someone with control over his private key
signed messages with the appropriate header and signature.
Also, many people use gmail through an IMAP client such as Thunderbird,
and
they have the signature auto set. Personally, I use the web interface,
which
is why you do not always see my messages signed. However, for people who
are
involved with PGP, signing one's messages more often is a good way to
confirm one's identity, because only the holder of the private key can
accurately sign the message, and anyone with a PGP client can check that.
Here's an example I came across just now for how PGP can help with
identity:
http://www.haltabuse.org/pgp/index.shtml
I understand that it can look somewhat bizarre, but is it that much more
annoying than 47-line long threads with 14 greater-than signs or a 25 line
signature-cum-curriculam vitae :-) ?
Thanks,
--Avi