[svlug] ESR's .sig

Greg Olszewski noop at nwonknu.org
Fri May 26 11:30:26 PDT 2000


On Fri, May 26, 2000 at 11:45:09AM -0700, Emmanuel-Robert Mayssat wrote:
> To make things worse... what about pgp signatures ?

	What about them?

> What about singing message, where in fact nobody is going 
> to check if the author is the real one ?
	

	Nobody? 

	mutt will check signatures automatically, and if you set up
	gpg(haven't used pgp) correctly, it will automatically query
	a keyserver to get keys that you don't have on your keyring. 
	You won't have a trust path, but you can have *some* confidence
	that the key is good. (It's really up to you to decide how much
	confidence you have)

	The only person I see who regularly signs email on this list 
	is Karsten. I've got his key from pgp5.ai.mit.edu, as well
	as from his home page, and one of these days I'm going to remember
	to check his fingerprint at a SVLUG meeting. I check all his email
	and it all has registered as good signatures. So right now I'm
	fairly confident he's him, and one day I'll be sure.

	People do check.

> Worse, what about quoting pgp sgnature ?
> 

	Pointless, and often a bad Idea.  If you quote a pgp/gpg
	signature, you generally are quoting with '>'(or whatever you
	prefer), and consequently you've changed the signed material
	so the signature fails.  It would cause me about 5 seconds of
	concern, then I figure out what happened and get annoyed at the
	person who did it.

> I have seen quite a few pgp signed emails on the svlug mailing list....
> 
> Are we all compliant with the netiquette ? 
	
	"the netiquette" ? The netiquette of signatures?

	I think this is a different definition of 'signature'.

IHBT? IHL?

have a nice day,

greg

-- 
Nobody of particular importance.





More information about the svlug mailing list