[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Digital signatures



on 7/12/2007 6:29 PM, Tim wrote:
> On Thu, 2007-07-12 at 10:01 -0700, Les wrote:
>> I am starting this thread because I see many folks signing their
>> emails with a digital signature. 
> 
> I don't see a problem in someone posting a signed message.  I do see a
> problem in beleiving that they are who they claim to be.  There isn't
> any verification done, it's self-signed (self created).  I've yet to
> find *any* GPG/PGP key that was counter-signed by another person, let
> alone one that was counter-signed by someone I trust.
> 
> I think that is a glaring omission when it comes to RPM packages, or
> even notices about updates.  Nevemind e-mails.

There is a better chance of me being 'me' than there is of you being
'you'.  ;-)

Websites are signed, they have certificates, as well as packages are
signed by distributions. I would much rather trust a package signed by
Fedora than I would one without a signature. Or one that I do not know.

If you, for example, used Gnupg as I do you and I could actually send
private emails. Ones that only you and I can read. Since every server
keeps a copy of everything that you post, not just you but everyone, just
about anyone can read what you write.

Kinda' makes you feel naked doesn't it?  ;-)
-- 

  David

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]