<<< Date Index >>>     <<< Thread Index >>>

Re: about pgp-signed messages



On Tue, Nov 04, 2003 at 05:38:11PM -0500, Rouben Rostamian wrote:

> On Tue, Nov 04, 2003 at 04:39:50PM -0500, David Yitzchak Cohen wrote:
> 
> > On Tue, Nov 04, 2003 at 09:21:35PM +0100, Aron Stansvik wrote:
> > 
> > > Verification of your signature fails on my setup,
> > 
> > as indeed it should, since I've never posted my key to a keyserver,
> > and nobody else has posted my key to a major keyserver
> 
> May I ask then what is the value of including a pgp signature in your
> messages?

Okay, this question was answered less than a week ago on this same list,
but since it'll take fewer words to repeat than to try and locate the
exact post (seeing the sheer volume of mail in this list), let me simply
repeat it:

I don't care if you folks know or can prove to yourselves anything
about who I am in real life.  (Those who need to tie my key to my real
identity have all the proof they need to feel safe making that connection.
The rest of you can find out much about my real life without difficulty
if you care to, but I don't care if you care to.)  What I care about is
that when you see one of my messages, you know that the guy posting that
message is the same guy who posted a whole ton of other silly flames,
etc.  I don't expect that my signature will add any value to a post on
its own; rather, I expect that the signature will gain value by virtue
of being on a lot of useful messages (and, sadly, on lots of stupid
rants as well ... but I'm not selling you folks anything, so I don't
really care much if y'all recognize me for the silly idiot that I am).
It allows me to build my 'net image without having to waste loads of
time at keysigning parties.  I guess the bottom line basically boils
down to this: do you really care if I'm an ax murderer in real life?
Reading my posts doesn't expose your home address to me, and it may
even help in securing yourself if I happen to know something about that.
(FWIW, my real-life addy is freely available online in at least one rather
obvious place ... so if you want to be able to prove to yourself that
the guy with this key is called Dave Cohen in real life and has driver
license number whatever, etc., you can always drop by here; I'll trade
a glimpse of my driver's license, passport, and any other interesting
identity proofs for a cookie ... as long as it's kosher, of course.)

I hope that also clarified the reason why I don't bother to publish
my key on public keyservers.  Now, obviously, I can't prevent anybody
from publishing my key for me (and in fact, I appear on some keyservers
because various people have done just that), nor does it really damage me
if you publish my key.  It doesn't exactly help me much either, though,
which is why I don't bother to do it myself.

Now, if you're interested in a slightly more academic explanation, you
have two choices: search the last week or so for the much better-written
explanation; or ask me to provide an explanation without all my rants
on the side.

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpUMfU8ovNyi.pgp
Description: PGP signature