mailing list pgp signatures...

[Fennix]

On Tue, Jul 14, 2009 at 1:03 AM, Rick Sewill <rsewill at gmail.com> wrote:

> On Mon, 2009-07-13 at 12:22 -0400, Steven W. Orr wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 07/12/09 19:05, quoth Rick Sewill:
> >
> > > My thought is to pgp sign my mail.
> > >
> > > Those who know me, who have spoken to me over the phone and have
> > > received mail from me, can save my signature from my mail and know the
> > > mail, and any future mail with that signature, is from me.
> >
> > HOLD ON THERE BULLWINKLE!!!
> >
> > Every message you send will have a different signature. Your signature is
> a
> > function of the content of your message and your private key. It can only
> be
> > verified using your public key. Saving a signature is of no value.
> >
> > Signing a message says three things:
> >
> > * You're reading a message from me, whoever I am.
> > * I can never say that I never said it (non-repudiation).
> > * The message is intact. It was not modified.
> >
> > > Those who do not know me will have a valid, verified, but untrusted
> > > signature.  If these people have a problem with my mail, they should be
> > > able to track me down through my signature.
> >
> > Not true. Public keys are not the same as a signature.
> >
> > > If one receives mail that purports to be from me, and doesn't
> > > have a signature or does have a signature, but not my signature,
> > > I can claim I didn't send the mail, and hopefully, the person
> > > who created the signature can be tracked down through their
> > > signature.  I assume the key servers keep a log indicating what
> Internet
> > > address was used to register what signature and those records can be
> > > accessed if one can get a court order.
> >
> > Not true and they do not.
> >
> > - --
> > Time flies like the wind. Fruit flies like a banana. Stranger things have
>  .0.
> > happened but none stranger than this. Does your driver's license say
> Organ ..0
> > Donor?Black holes are where God divided by zero. Listen to me! We are
> all- 000
> > individuals! What if this weren't a hypothetical question?
> > steveo at syslang.net
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.10 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkpbX1sACgkQRIVy4fC+NyRk8gCgir7aIHlJg5cmeQzqQcJOhoY4
> > uHIAn3v8Dzqwn4WWYExziEFnQeNVan0F
> > =vcfY
> > -----END PGP SIGNATURE-----
> >
>
> I stand corrected.  I was using signature and pgp public key
> interchangeably.  Shame on me.
>
> Steve, when I click on your signature, I can extract your public DSA
> public key, F0BE3724, see that it is verified, because you registered it
> with the pgp servers (Thank you for registering!), but untrusted by me,
> and if I wish to take further steps, I could trust what you sign.
>
> This is a good example where we could build a trust relationship if we
> took further steps.
>
> -Rick
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines:
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Somehow I am disappointed to see all of this.  G does not write often but
does so when he does think that it is worth offering a usefull contribution
to a problem at hand.  For some to try and to tar him with the
association/way of doing things such as Karl definitely is in error.  He is
far more knowledgeable about Unix and Linux than Karl and has show this in
his emails.  He does not write as Karl has done to complain of many issues
based on incomplete understanding of Linux and specifically of Fedora.
 Normally I only see G's responses when he is offering useful information to
some question at hand.  I am not sure I have ever seen him complain except
in response to an email (perhaps unreasonably) attacking him on some
question.
He does have the support of Ann Wilson (a message long ago) and she is one
that is close to the top of my list of "respected" posters to this group.
 David, I do understand the basis of your complaint regarding delays caused
by usage of GPG public keys which are not registered which leads to very
lengthy delays, and I also can see from G's response his reasoning for his
current way of sending emails to this list using a GPG signature (key
offered on request (manual)).  I would be very sorry to not have the
privelage of G's advice on this list as it always has been usefull and
concise.... Hopefully we can all be more open minded on this question.
Fennix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090714/66fe58da/attachment-0001.htm>