Patrick, et al -- ...and then Patrick Shanahan said... % % I understand pgp/gpg/signing an _important_ document or transfer of % money, etc. I don't understand the need for security for chit-chat. ... % I believe that +95% of the secure signing of mail list traffic is % unwarranted and completely unnecessary baggage. Signing messages provides [at least] two values. One is to ensure that what was sent is what was received. [Of course, even that has come up on this list in the past.] The other is to prove who sent it. This has been a topic of great discussion before. There are a few different levels of "prove" and "who". One, obviously, is to absolutely prove the identity of the sender whose true identity one already knows. IMHO PHP/gnupg are not really sufficient for this, since a passphrase can be discovered (or coerced); it should rely more on one-time pads and biometric signatures such as retina pattern and keystroke timing. Another is the electronic version of a physical signature; yes, it could be forged by someone clever, but in general it's pretty good. That combines well with the desire to ensure that the complete stranger whom one has gotten to know online is actually the person who wrote what you see. That last facet is the reason that I sign ALL of my messages. No, you don't actually know "who" I "am" in a physical and legal sense, but because of the body of signed work I have generated you can be sure that this message comes from the same person. Furthermore, someone spoofing a message as me will NOT be able to sign it the same way, and as our friend Mr. Cohen says in has almost obscenely garrulous :-) headers, "If it ain't signed, it didn't come from me." We've all had some fun with this sort of thing in the past, too, I'm sure, but it's also helpful if one is in the sort of silly environment as AOL's ToS agreement and its violations. I -- a near anarchist, mind you -- foresee the days ahead when digital signatures will become commonplace, a digitally signed string of bits will be legally and contractually as binding and as valid as an ink-signed piece of paper, and someone will have to defend himself against a false charge by relying on the presence or absence of a digital signature. % % Note: I did not say there was not a need. Understood. % -- % Patrick Shanahan Registered Linux User #207535 % http://wahoo.no-ip.org @ http://counter.li.org HTH & HAND & Happy New Year! :-D -- David T-G * There is too much animal courage in (play) davidtg@xxxxxxxxxxxxxxx * society and not sufficient moral courage. (work) davidtgwork@xxxxxxxxxxxxxxx -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
Attachment:
pgp4y7eqqlpPy.pgp
Description: PGP signature