On Friday, October 18, 2002, at 12:15 AM, Ben Reser wrote:
Fair enough. For myself, the only time I don't sign messages is when I know the recipient a) doesn't use gpg or b) doesn't use and uses lookout. The rest of the time, I always sign... I've been doing this for years and, as I said before, I think people would be suspicious if I didn't all of a sudden. Of course, I'm the security para^H^H^H^Hprofessional so I make it a habit. =)Nope, I like it when people use them. I can see, at a glance, that who
I think wrote the message did in fact write the message. I'm not keen
on forgers, nor reading their fake mails, so this is a nice thing to
have. And, I hope, it gives people confidence when reading mail from
me that I did in fact write it.
This discussion happens periodically on the mutt list where about probably half the posters sign and the other half don't. The ones that do say they sign all their mail so that people can always verify their posts. The argument they use is if you only sign on "important" stuff then the receiver has to second guess if you didn't think the message important enough to sign or if it's forged.
Yup, but I don't really care. =) It's part of my email presence now, so I leave it. Those few people who have complained, I dismiss out of hand.I kinda sit in the middle. I sign based upon the usefulness of the signature to the receivers. People I know have and use pgp/gpg get signatures. Lists where the majority are (or should be) using gpg I sign. Otherwise I don't sign.On this lists for most people signatures are pointless.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx - source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
