Kirk Strauser wrote:
At 2003-08-04T20:01:48Z, Alan Connor writes:That has no meaning to me. What if I were to just copy all of that garbage on your posts? Wouldn't people then think I was you?Not unless you can reverse-engineer the private key that I used to sign my posts, and use that key to sign the forged messages. Otherwise, it's a broken signature that's brightly flagged by all email programs that support PGP/GPG.
Just to explain a little further for the benefit of any intelligent bystanders who haven't yet learned about PGP, the top line of my email client on Kirk's message reads:
UNTRUSTED Good signature from W. Kirk Strauser <firstname.lastname@example.org>, Key Id 0x8D02A6F1
This tells me that my client has successfully verified that the signature matches the text of the message, and was made with the referenced key that I already have a copy of. UNTRUSTED means that I do not know that the key in question belongs to anybody particular, however, I can easily check that all the messages I have from "email@example.com" were signed with the same key.
Conversely, the messages that have suddenly started appearing with a From address of "alanc@localhost" (!) could have come from anyone, but moreover, they could quite easily have come from someone completely different from the firstname.lastname@example.org that was spouting last week. The fact that they evidently come from a mail system that is *even more* screwed up than that from which the previous ones originated might lead me to suspect that they were from another person, if I could think of any reason why anyone would want to. (The obvious explanation is that someone is trying to discredit Alan Connor, but that hardly seems necessary).
Description: PGP signature