-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Exactly, the signed messaegs are not about privacy, they are about non-repuditation, it is trivial to spoof sender information on an email, but using message digesting creates a signature that not only can other use to validate your message, but you can use to validate archives of it at a later time. In addition to authentication, this also provides for message integrity checking.
As to the inline signing v.s. mime attachments, the former is much easier to deal with, though the attachments are less likely to get corrupted.
[[en:user:xaosflux]]
----- Original Message ----- From: "Avi" avi.wiki@gmail.com Sent: Thursday, May 29, 2008 10:02 PM
Yes, that is true. As has been explained by others, the privacy element comes in to play with encryption. For example, only NonvocalScream and myself (outside of the NSF, and probably including them too) will be able to decrypt the following message: That is the privacy element. As for identity, being that I have NVS's public key, I can confirm that only someone with control over his private key signed messages with the appropriate header and signature.
Also, many people use gmail through an IMAP client such as Thunderbird, and they have the signature auto set. Personally, I use the web interface, which is why you do not always see my messages signed. However, for people who are involved with PGP, signing one's messages more often is a good way to confirm one's identity, because only the holder of the private key can accurately sign the message, and anyone with a PGP client can check that.
Here's an example I came across just now for how PGP can help with identity: http://www.haltabuse.org/pgp/index.shtml
I understand that it can look somewhat bizarre, but is it that much more annoying than 47-line long threads with 14 greater-than signs or a 25 line signature-cum-curriculam vitae :-) ?
Thanks,
--Avi