Steve Bennett wrote:
On 5/9/07, Sean Barrett sean@epoptic.com wrote: Yes, you add 10 lines of spam to every message you send. What's the benefit? How does this help us? Sorry, but I've been meaning to ask the PGP'ers for a while now. Is there such a great risk that someone will impersonate you and we will fall for it? It seems to me that signing your message lets you prove that you indeed were the author of a message. But it doesn't help an unsuspecting person know that you weren't the author of a message.
If someone is using a sane OpenPGP-compatible mail client the signatures will show up as attachments, such as mine. (If the signature to this message is displayed inline then I suggest you find a user-agent that Has A Clue.)
I usually sign all my mail, no matter who it gets sent to, but I always ALWAYS sign mail I send to a mailing list. Spoofing the sender address is just too easy, and few people bother to check. I'm not saying anyone would want to spoof email from me, but you don't know until it happens, eh? It's more of a way for me to say, in that event, "no, I didn't send that message" than it is of saying "yeah, I sent this message."
Spoofing aside, it's a lot easier to compromise an email account on some server than to get a key off my Linux fortress *and* break the passphrase.