<<< Date Index >>>     <<< Thread Index >>>

Re: How to disable passphrase prompt



On Sat, Jan 03, 2004 at 03:25:30PM +0100 or thereabouts, Szilveszter Adam wrote:
> On Sat, Jan 03, 2004 at 01:44:35PM +0000, Andrew Sayers or whoever wrote:
> > It's important because I say it's important, and you should all believe
> > me because I'm the widely trusted Patrick Shanahan, not Michael Herman
> > pretending to be him.
> 
> I have heard this argument too many times. But what people usually
> forget to add is that, in the absence of a proof of linkage between an
> individual and a signing key, the signature is not much worth. In that
> case it merely functions as a rather overblown CRC checksum proving that
> the mail arrived untampered with. This may also be important
> information, but does not help in establishing trust in an identity.
> 
> In the case of normal PGP, if there is no web of trust leading from me
> to you, your signature means nothing to me. 
> 
> But since writing on a mailing list does not require a trusted identity,
> and neither does reading mail, I don't care and judge messages here by
> their content.

Well put, on mailing lists, public lists, PGP signing is next to useless. No one
cares whether you are whom you say you are, it's the content, not the
identity that's important. It's nothing more than an exercise in Geek
bragging rights, IMHO. It introduces a lot of unecessary garbadge to
one's e-mail as well, which I think we all can do without seeing, since
it's not important to sign on this list, and most public lists in the
first place.

-- 
Stephen