[49827] in North American Network Operators' Group
Re: Evil PGP sigs thread must die. was Re: Stop it with putting your e-mail body in my MUA OT
daemon@ATHENA.MIT.EDU (Chris Woodfield)
Wed Jul 10 15:37:55 2002
Date: Wed, 10 Jul 2002 15:31:39 -0400
From: Chris Woodfield <rekoil@semihuman.com>
To: Andy Dills <andy@xecu.net>
Cc: "Jordyn A. Buchanan" <jordyn@register.com>, nanog@nanog.org
In-Reply-To: <Pine.BSF.4.44.0207101509470.3792-100000@thunder.xecu.net>
Errors-To: owner-nanog-outgoing@merit.edu
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Which is why the "web of trust" exists. And why people do keysignings at NA=
NOG=20
events. And why, at least on my mail client, the signature shows the email=
=20
address of its owner. If Scott spoofs and email from me and signs it with h=
is=20
key, people will notice.
-C
> If people judge authenticity based on the simple fact that a message is
> signed, that's just as useless. Why wouldn't the spoofed email be signed
> with somebody else's key, to make it past all those people who merely
> check to see if it's signed?
>=20
> The _only_ way to verify authenticity is to check the signature. By
> signing every single email sent, you endanger yourself by allowing your
> recipients to judge the authenticity of your emails simply by the
> existence of a pgp signature.
>=20
> Therefore, you should only sign emails that contain information important
> enough that verification is necessary, otherwise nobody will check.
>=20
> Andy
>=20
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills 301-682-9972
> Xecunet, LLC www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access
>=20
>=20
--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9LIubqP/YiunDNcERAjujAJ90jZvYguGT5fcWFdZqCpX5sPE0xACghuXY
9iQOwtAV0Ql6PNwRWWUx6wY=
=eiyA
-----END PGP SIGNATURE-----
--PEIAKu/WMn1b1Hv9--
