[svlug] ESR's .sig
noop at nwonknu.org
Fri May 26 11:30:26 PDT 2000
On Fri, May 26, 2000 at 11:45:09AM -0700, Emmanuel-Robert Mayssat wrote:
> To make things worse... what about pgp signatures ?
What about them?
> What about singing message, where in fact nobody is going
> to check if the author is the real one ?
mutt will check signatures automatically, and if you set up
gpg(haven't used pgp) correctly, it will automatically query
a keyserver to get keys that you don't have on your keyring.
You won't have a trust path, but you can have *some* confidence
that the key is good. (It's really up to you to decide how much
confidence you have)
The only person I see who regularly signs email on this list
is Karsten. I've got his key from pgp5.ai.mit.edu, as well
as from his home page, and one of these days I'm going to remember
to check his fingerprint at a SVLUG meeting. I check all his email
and it all has registered as good signatures. So right now I'm
fairly confident he's him, and one day I'll be sure.
People do check.
> Worse, what about quoting pgp sgnature ?
Pointless, and often a bad Idea. If you quote a pgp/gpg
signature, you generally are quoting with '>'(or whatever you
prefer), and consequently you've changed the signed material
so the signature fails. It would cause me about 5 seconds of
concern, then I figure out what happened and get annoyed at the
person who did it.
> I have seen quite a few pgp signed emails on the svlug mailing list....
> Are we all compliant with the netiquette ?
"the netiquette" ? The netiquette of signatures?
I think this is a different definition of 'signature'.
have a nice day,
Nobody of particular importance.
More information about the svlug