mailing list pgp signatures...

Steven W. Orr steveo at syslang.net
Mon Jul 13 16:22:51 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/12/09 19:05, quoth Rick Sewill:

> My thought is to pgp sign my mail.
> 
> Those who know me, who have spoken to me over the phone and have
> received mail from me, can save my signature from my mail and know the
> mail, and any future mail with that signature, is from me.

HOLD ON THERE BULLWINKLE!!!

Every message you send will have a different signature. Your signature is a
function of the content of your message and your private key. It can only be
verified using your public key. Saving a signature is of no value.

Signing a message says three things:

* You're reading a message from me, whoever I am.
* I can never say that I never said it (non-repudiation).
* The message is intact. It was not modified.

> Those who do not know me will have a valid, verified, but untrusted
> signature.  If these people have a problem with my mail, they should be
> able to track me down through my signature.

Not true. Public keys are not the same as a signature.

> If one receives mail that purports to be from me, and doesn't
> have a signature or does have a signature, but not my signature,
> I can claim I didn't send the mail, and hopefully, the person
> who created the signature can be tracked down through their
> signature.  I assume the key servers keep a log indicating what Internet
> address was used to register what signature and those records can be
> accessed if one can get a court order.

Not true and they do not.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbX1sACgkQRIVy4fC+NyRk8gCgir7aIHlJg5cmeQzqQcJOhoY4
uHIAn3v8Dzqwn4WWYExziEFnQeNVan0F
=vcfY
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list