[WikiEN-l] -----BEGIN PGP SIGNED MESSAGE-----?

xaosflux xaosflux at gmail.com
Fri May 30 12:03:44 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly, the signed messaegs are not about privacy, they are about
non-repuditation, it is trivial to spoof sender information on an
email, but using message digesting creates a signature that not only
can other use to validate your message, but you can use to validate
archives of it at a later time.  In addition to authentication, this
also provides for message integrity checking.

As to the inline signing v.s. mime attachments, the former is much
easier to deal with, though the attachments are less likely to get
corrupted.

[[en:user:xaosflux]]

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA+AwUBSD/tDtRQDZCQNK6YEQJMxQCg4oRBp413tpPdcF89Qu9q2dZNpxYAmLny
MWlwsbtAhtU6adP/4PAP0oA=
=vl/D
-----END PGP SIGNATURE-----


----- Original Message ----- 
From: "Avi" <avi.wiki at gmail.com>
Sent: Thursday, May 29, 2008 10:02 PM


> Yes, that is true. As has been explained by others, the privacy element
> comes in to play with encryption. For example, only NonvocalScream and
> myself (outside of the NSF, and probably including them too) will be able 
> to
> decrypt the following message:
> That is the privacy element. As for identity, being that I have NVS's 
> public
> key, I can confirm that only someone with control over his private key
> signed messages with the appropriate header and signature.
>
> Also, many people use gmail through an IMAP client such as Thunderbird, 
> and
> they have the signature auto set. Personally, I use the web interface, 
> which
> is why you do not always see my messages signed. However, for people who 
> are
> involved with PGP, signing one's messages more often is a good way to
> confirm one's identity, because only the holder of the private key can
> accurately sign the message, and anyone with a PGP client can check that.
>
> Here's an example I came across just now for how PGP can help with 
> identity:
> http://www.haltabuse.org/pgp/index.shtml
>
> I understand that it can look somewhat bizarre, but is it that much more
> annoying than 47-line long threads with 14 greater-than signs or a 25 line
> signature-cum-curriculam vitae :-) ?
>
> Thanks,
>
> --Avi




More information about the WikiEN-l mailing list