Steve Bennett wrote:
On 5/9/07, Sean Barrett <sean(a)epoptic.com>
wrote:
Yes, you add 10 lines of spam to every message you send. What's the
benefit? How does this help us? Sorry, but I've been meaning to ask
the PGP'ers for a while now. Is there such a great risk that someone
will impersonate you and we will fall for it? It seems to me that
signing your message lets you prove that you indeed were the author of
a message. But it doesn't help an unsuspecting person know that you
weren't the author of a message.
If someone is using a sane OpenPGP-compatible mail client the signatures will
show up as attachments, such as mine. (If the signature to this message is
displayed inline then I suggest you find a user-agent that Has A Clue.)
I usually sign all my mail, no matter who it gets sent to, but I always ALWAYS
sign mail I send to a mailing list. Spoofing the sender address is just too
easy, and few people bother to check. I'm not saying anyone would want to
spoof email from me, but you don't know until it happens, eh? It's more of a
way for me to say, in that event, "no, I didn't send that message" than it
is
of saying "yeah, I sent this message."
Spoofing aside, it's a lot easier to compromise an email account on some server
than to get a key off my Linux fortress *and* break the passphrase.
--
Chris Howie
http://www.chrishowie.com
http://en.wikipedia.org/wiki/User:Crazycomputers
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d-(--) s:- a-->? C++(+++)$> UL++++ P++++$ L+++>++++ E---
W++ N o++ K? w--$ O M- V- PS--(---) PE++ Y+ PGP++ t+ 5? X-
R(+)>- tv-(--) b- DI+> D++ G>+++ e>++ h(--)>--- !r>+++ y->+++
------END GEEK CODE BLOCK------