Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

[Tim Haynes <debian@stirfried.vegetable.org.uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hubert Chan <hackerhue@geek.com> writes:

[snip]
> BTW, I don't know why people sign their mail to mailing lists (other than
> things like debian-security-announce). I do it because I think that all
> e-mail, and for that matter, all internet traffic, should be encrypted. 
> Of course this doesn't work on a mailing list (although there is an
> attempt to make a mailing list where it works), and signing seems to be
> the next best thing. It's also a big proclamation that "I am a PGP/GnuPG
> user," along with my sig that says, "Please encrypt *all* e-mail to me." 
> ;-)

It gives you one facet of someone's identity for later use - eg if I wanted
to know if you're the same Hubert as elseplaces, I'd compare GPG-keys. Or
if I wanted to know if someone else of the same name wasn't you, I'd
compare GPG-keys.

IOW, of itself a signed message proves nothing. OTOH when you put it with
other things, it starts to add crypto-strong value.

~Tim
- -- 
The blade cuts clean through                |piglet@stirfried.vegetable.org.uk
              the island soil,              |http://spodzone.org.uk/
The years roll back and                     |
        the world grows small               |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iEYEARECAAYFAjtLS40ACgkQh3MeQyZWueTefgCfYjUNwSu9GNXHtWwooPPnHWgS
RsQAoIa6w4QHUaO9vlzQPdmEibY0biTe
=DW8P
-----END PGP SIGNATURE-----