My problem with signed messages is that verification often doesn't work since the key servers are often not in sync with public keys. For example, here is GNUPG applied to message by Jim Richardson a little earlier today:
C:\temp>C:\GnuPG\gpg --keyserver "hkp://subkeys.pgp.net" --verify signature.asc fD-signed.txt gpg: Signature made 03/20/04 18:33:30 using DSA key ID 838058F6 gpg: Can't check signature: public key not found So the value of signing your messages doesn't really scale. That is why S/MIME is used by most commercial MUA's. Even though you have to pay for the certificate, you can pretty well guarantee that the public key will be available when one needs to verify the message. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy Sent: March 20, 2004 8:43 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] NEVER open attachments On Sat, 20 Mar 2004 11:54:34 +0100, Nico Golde <[EMAIL PROTECTED]> wrote: > if many people here have the same problem i will not sign my mails in > the future to this mailinglist in the hope that all can read my mails. > regards nico FYI, with my mailer, your emails show up as plain text message with an attached signature file, so it's no problem for me if you sign them. I usually ignore the signature but, if I need to verify a message, I can pull the attachment out for verification. -- Troy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
