On 07/04/12 18:16, Mika Suomalainen wrote:
On 07.04.2012 01:02, Walter Hurry wrote:
On Fri, 06 Apr 2012 22:23:07 +0300, Mika Suomalainen wrote:
<snipped>
SIGNATURE-----
How utterly ridiculous and pointless to sign messages posted to
mailing lists. I agree with Chris Bannister.
Likewise :-(
In case you haven't noticed, there are other people who are signing
messages, which are sent to mailing lists.
Some of those people do so to authenticate that they have the authority
they claim, others are w*nkers and/or just ill-informed.
Do you think that it would be better if people spoofed my email
Is that something you expect? That's a rhetorical question :-)
For the purposes of intelligent discussion let's pretend that a spoofed
email *could* be published:-
PGP won't stop that - *even if you knew how to sign post properly*[*1].
It's maths not magic. All it guarantees is that the message has not been
altered.
How do we know who you are? Without a chain of trust your key is
worthless in establishing your identification. The real Mika Suomalainen
may be someone whose reputation you wish to tarnish. No more unlikely
than the scenario that you propose your *invalid* digital signatures
would protect against.
What's to stop you, or someone claiming to be you, from posting unsigned
messages - then claiming it's not you because it wasn't signed with the
same key?
How do we know you control your computer and your private key?
[*1] if you believe people should copy, paste and edit your post, and
download you key - in the misguided belief it'll validate something...
you're mistaken.
Note that Thunderbird and Enigmail are available for Android - and they
will correctly sign posts so that they will validate.
Kind regards (and Happy Religious Festival)