Re: GPG Keys..... was Re: Should I install chkrootkit?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 06/08/2014 06:20 PM, Andrei POPESCU wrote:
> On Du, 08 iun 14, 23:37:40, Ralf Mardorf wrote:
>
>> On Mon, 2014-06-09 at 00:22 +0300, Andrei POPESCU wrote:
>>>
>>> Could you please elaborate on this?
>>
>> What should I explain? That signing usually is unwanted? It's
>> usually unwanted, because there is absolutely no reason to sign
>> mails to a mailing list, especially when most messages are signed
>> with untrusted keys. I experience this on many mailing lists, not
>> at Debian user.
>
> Mails signed by untrusted keys is a (real) problem that needs to be
> solved, hence my suggestion to join the Web of Trust.
Receiving a message signed by an untrusted key isn't useless, however.
It means that if you later receive another message signed by the same
(still untrusted) key, you can be sure the two messages were sent by the
same source. (Barring key compromise or the like.)
Few if any of you have any clue who I am, or any reason to trust me
beyond what you see me post here - but because I sign all my posts here
with the same key, you can be sure that each new message comes from the
same person who posted the earlier ones, whoever that may actually be.
In many cases - including, I think, the one which sparked this
discussion - that "yes, this is the same person who has been earlier
seen doing X" is IMO more important, for practical purposes, than being
able to verify some other aspect of the poster's identity.
>> Signing a mail to a mailing list IMO is similar to draw up a
>> contract, when you lend a friend 10,-€. There simply shouldn't be
>> the need to sign those messages, just because there is one
>> Super-Troll. AFAIK this never happened before and there's no reason
>> to assume it will happen often in the future. This Super-Troll is
>> an exception.
>
> That's your opinion, but I disagree. I sign most e-mails (even in
> private conversations) also as a reminder to everyone that email is
> insecure by design. As far as I'm concerned signing and/or encrypting
> as needed should be the default, not vice-versa.
Agreed 100%. (Except for s/most/all/, barring things like "reply to this
automated mail to confirm your intent to subscribe to the mailing list"
messages.)
And while forged posting and suchlike may not have happened *here* in
the past, it's certainly happened elswhere; if I'm not mistaken, there
are some newsgroups where it's been almost a common thing to see at
times, though certainly not a common thing to do.
- --
The Wanderer
Secrecy is the beginning of tyranny.
A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJTlOf1AAoJEASpNY00KDJrl2AQAJEW6TnRbBDNl54KJqol0pqx
atO2UIy6BJ+yRFSw5DAxwAfYejbZYYkf1MUwyw5NA1ADVUo1+CvAcqhwGrOUHZKe
SpZkEMoNqVrwspH7oh4PpOlZPCw0AVP5FL9f8cLiqm6W+GuDBhmzMh+8jq7lWc3O
6bIrat8ayoKd6ZqHnfIaTa9UeEVyqvalb1xOa9c2dfY6P4rU7kGMYR9fL8c16c7f
/XjB09UW+1w2Jm+Lz3lbYrvQEy7EWqrrWU6kwtAuXNcR6CKnnpNo5YUHBLMsAdqW
fT6fnrK5AvmPyUd4mxXGnmOMbzlnGnhBIrsk+GmGnXi5sYGf4Zi5osfuSU+VE290
GQNszlXZcKjAheUhs98q4pKa0li5GZJEOluAZ2L1UhReRBsOhRki8xxiUwPZdS7W
hQJ7SnHESFUKu4oX4Csle/p9qvh/4xbnqEDmCYLiF/RfTQz6bKINVuYUHJO8uLQt
ix1ipfBkQm7efQEW7z9PTPZT0ewbCQDRMZlvtPHojTMF6sxIujcamN0v2OJjR5Zw
YCuu4D1DMhV10Gwi8MBWjYE3+kcoGxxk9722BNcEVZyFOU1amafFq7tEBkfdK6Fh
wFcXYpZuEe9PVY5QeF7gpVZC+9XBo2fNXOp13bRoDOxRf4ZQKUNbkyMAQPpzYslH
BOev9mrCP8S3T1ixK7xC
=jzZu
-----END PGP SIGNATURE-----
Reply to: