Re: GPG Keys..... was Re: Should I install chkrootkit?
-----BEGIN PGP SIGNED MESSAGE-----
On 06/08/2014 06:20 PM, Andrei POPESCU wrote:
> On Du, 08 iun 14, 23:37:40, Ralf Mardorf wrote:
>> On Mon, 2014-06-09 at 00:22 +0300, Andrei POPESCU wrote:
>>> Could you please elaborate on this?
>> What should I explain? That signing usually is unwanted? It's
>> usually unwanted, because there is absolutely no reason to sign
>> mails to a mailing list, especially when most messages are signed
>> with untrusted keys. I experience this on many mailing lists, not
>> at Debian user.
> Mails signed by untrusted keys is a (real) problem that needs to be
> solved, hence my suggestion to join the Web of Trust.
Receiving a message signed by an untrusted key isn't useless, however.
It means that if you later receive another message signed by the same
(still untrusted) key, you can be sure the two messages were sent by the
same source. (Barring key compromise or the like.)
Few if any of you have any clue who I am, or any reason to trust me
beyond what you see me post here - but because I sign all my posts here
with the same key, you can be sure that each new message comes from the
same person who posted the earlier ones, whoever that may actually be.
In many cases - including, I think, the one which sparked this
discussion - that "yes, this is the same person who has been earlier
seen doing X" is IMO more important, for practical purposes, than being
able to verify some other aspect of the poster's identity.
>> Signing a mail to a mailing list IMO is similar to draw up a
>> contract, when you lend a friend 10,-€. There simply shouldn't be
>> the need to sign those messages, just because there is one
>> Super-Troll. AFAIK this never happened before and there's no reason
>> to assume it will happen often in the future. This Super-Troll is
>> an exception.
> That's your opinion, but I disagree. I sign most e-mails (even in
> private conversations) also as a reminder to everyone that email is
> insecure by design. As far as I'm concerned signing and/or encrypting
> as needed should be the default, not vice-versa.
Agreed 100%. (Except for s/most/all/, barring things like "reply to this
automated mail to confirm your intent to subscribe to the mailing list"
And while forged posting and suchlike may not have happened *here* in
the past, it's certainly happened elswhere; if I'm not mistaken, there
are some newsgroups where it's been almost a common thing to see at
times, though certainly not a common thing to do.
Secrecy is the beginning of tyranny.
A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----