mailing list pgp signatures...
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Sun Jul 12 17:00:08 UTC 2009
Les wrote:
> Hi, Steven,
> The point about the envelope is a good one. It is a point I never
> considered. But g's attitude doesn't make me fond of signing, in fact
> it does more to discourage users of messaging services to not use PGP or
> SMIME to sign messages. His actions slow access, disturb the flow of
> work and as you pointed out is generally rude to the users of the list.
> As to someone signing messages to look like him I don't see how that
> could happen, because the messages would have to be signed using his
> private key, unless he posted the private key as well.
>
If you don't have his private key, then you have no idea if a signed
message came from him, or someone else that signed the message. You
don't even know if someone took a valid message and modified it. All
you know is that the message has a signature that you can not verify.
His answer to that is that everyone that wants to verify his
signature to send him an email asking for his public key, and maybe
he will send it to you...
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090712/6f6939d5/attachment-0001.sig>
More information about the fedora-list
mailing list