[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Things we should know about PGP

On Thu, 2012-05-10 at 17:11 +0100, Jon Dowland wrote:
> On Wed, May 09, 2012 at 09:17:17PM +0200, Ralf Mardorf wrote:
> > Regarding to security. Assumed somebody always sign the mails to a
> > mailing list. Isn't it possible that somebody hacks the view of a
> > mailing list archive? Make it look like if a nice guy said odd things
> > for signed mails. He never did, the mails were not hacked, just the view
> > of the web page is hacked.
> 
> They could, if you were relying on the mailing list archives to verify
> the signatures, but they don't. You can fetch the signature and the
> original message (awkward from a web mailing list archive, but Camaleón
> has shown a way of doing it with gmane in the past) and perform the 
> verification yourself.

And why do we need this? We could notarized emails + use or computer
readable ID cards, anyway, this in addition won't make mailing list
mails more true or less true. There's more untruth for notarized papers
than for non-notarized papers. Why should things become better with
openPGP signing?

Again, I don't care, even if I would see cryptic lines at the bottom of
my mails, but IMO we should avoid photos as thumbnails, PGP, HTML.

- Ralf
Reply to: