[WikiEN-l] Encrypted challenge-responses for PGP/GPG key users

[Chris Howie]

Steve Bennett wrote:
> On 5/9/07, Sean Barrett <sean at epoptic.com> wrote:
> Yes, you add 10 lines of spam to every message you send. What's the
> benefit? How does this help us? Sorry, but I've been meaning to ask
> the PGP'ers for a while now. Is there such a great risk that someone
> will impersonate you and we will fall for it? It seems to me that
> signing your message lets you prove that you indeed were the author of
> a message. But it doesn't help an unsuspecting person know that you
> weren't the author of a message.

If someone is using a sane OpenPGP-compatible mail client the signatures will
show up as attachments, such as mine.  (If the signature to this message is
displayed inline then I suggest you find a user-agent that Has A Clue.)

I usually sign all my mail, no matter who it gets sent to, but I always ALWAYS
sign mail I send to a mailing list.  Spoofing the sender address is just too
easy, and few people bother to check.  I'm not saying anyone would want to
spoof email from me, but you don't know until it happens, eh?  It's more of a
way for me to say, in that event, "no, I didn't send that message" than it is
of saying "yeah, I sent this message."

Spoofing aside, it's a lot easier to compromise an email account on some server
than to get a key off my Linux fortress *and* break the passphrase.

-- 
Chris Howie
http://www.chrishowie.com
http://en.wikipedia.org/wiki/User:Crazycomputers

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d-(--) s:- a-->? C++(+++)$> UL++++ P++++$ L+++>++++ E---
W++ N o++ K? w--$ O M- V- PS--(---) PE++ Y+ PGP++ t+ 5? X-
R(+)>- tv-(--) b- DI+> D++ G>+++ e>++ h(--)>--- !r>+++ y->+++
------END GEEK CODE BLOCK------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/wikien-l/attachments/20070511/df83d999/attachment.pgp