mailing list pgp signatures...
Patrick O'Callaghan
pocallaghan at gmail.com
Mon Jul 13 19:39:51 UTC 2009
On Mon, 2009-07-13 at 18:53 +0000, g wrote:
> if you are still in question as to advantage of pgp sigs, i would be
> happy
> to look for it and post it so that all can see that there are times
> when
> having a pgp sig does work.
Whether it works or not is not the issue. The issue is "what does it
work for?", i.e. "what is the appropriate use?".
Needham and Schroeder famously said that anyone who thinks his problem
will be solved by cryptography hasn't understood his problem, and hasn't
understood cryptography. As with most aphorisms you can debate the
details, but there is a grain of truth in it. What one needs to ask
oneself is "what is the problem I'm trying to solve with this?". My
point is that issues of identity theft or repudiation in mailing lists
like this one have thus far had no practical relevance. I asked before
if anyone could point to a specific case on this list. I still don't
have an answer (you said you had one but it was stopped by list
management, i.e. the use of signatures simply didn't arise).
IOW my view is that signatures *on mailing lists such as this one* are
essentially a waste of time. Signatures on personal and highly sensitive
messages is a completely different issue, but in that case you'll find
you invariably want to use encryption as well as signing.
poc
PS BTW, an excellent layman's history of crypto is Simon Singh's "The
Codebook".
More information about the fedora-list
mailing list