At 2003-08-04T20:01:48Z, Alan Connor writes:
> Don't know and don't care. I assess you by the quality of your posts.
Fair enough. When I sign my posts, you can be assured that the *same*
person is writing each time. If you've followed my postings for a period of
time, you may decide that you trust my opinion and advice. I may answer one
of your questions one day. If that time comes, you can trust that the same
person is answering *your* question that answered the previous ones.
> The same interface? The same machine? The same geographical location?
>
> What does "entity" mean?
Almost anything. It could be a person, a role ("support@example.com", with
a shared key among all people with access to that account), or a machine
(some programs automatically sign and transmit reports to various newsgroups
and mailing lists).
> That has no meaning to me. What if I were to just copy all of that garbage
> on your posts? Wouldn't people then think I was you?
Not unless you can reverse-engineer the private key that I used to sign my
posts, and use that key to sign the forged messages. Otherwise, it's a
broken signature that's brightly flagged by all email programs that support
PGP/GPG.
> Don't trust it for one second. Don't believe that corporations and the
> government can't decode PGP.
>
> Am inclined to think that anyone using PGP signatures is in fact someone
> else.
And your friend is the paranoid one? :)
> *I* wouldn't even consider using PGP signatures.
That's well within your rights.
> My friend posts here under two different identities. So what is the point?
I have no idea. You're the one hung up on the idea of pseudonyms.
> I exchange encoded mails with a couple of people. We use complex one-time
> pads with the originals delivered by hand and kept VERY well hidden. The
> en/de-coding is done in a ramdisk on a computer that is never con- nected
> to the internet and sits in a tiny shielded room. (go Debian) ( this is
> commercial/proprietary stuff ).
What's your random source?
> I KNOW that those communications are secure.
You do? The other person has never compromised security in any way? You've
*never* let the OTP-bearing medium out of your sight for even a second? If
you're going to be paranoid, at least be zealous about it. :)
> PGP is a farce, in my opinion. I think the government and the
> corporations, (as if there was a difference....) have a lot of people
> fooled.
The reason I don't believe that is that there would be an enormous amount of
press and respect for anyone who proved a serious vulnerability in any of
PGP's core components. At least one researcher who know of a weak spot
would publish, I could guarantee that.
> And I STILL think those signatures are good for nothing but making your
> posts hard to read and wasting bandwidth.
And I think that the moon is made of green cheese, but that don't make it
so.
--
Kirk Strauser
Attachment:
pgpXEUWWTqB17.pgp
Description: PGP signature