On Thursday 20 January 2005 11:16 pm, Chris Gianelloni wrote: > On Thu, 2005-01-20 at 21:51 +0000, Luke-Jr wrote: > > Identification does, maybe, but identification of abilities, not > > identification of name. > > Except we've mostly been talking about GPG keys... which we use for > pretty much two things... to determine that the person sending the email > is in fact the person we think they are, and to sign releases/packages > (eventually) to determine that the package was indeed added to the tree > by the person it says it was.
None of that needs names or email addresses to do. You just need to know that key X represents the person you expect the email/package to be from. Keys are used to determine that the person who signed one email/package/etc is the same person that signed another email/package/etc. Using names to determine this is actually a very bad idea. Are you going to sign Daniel Robbins (of Microsoft)'s key just because you've used and trust ebuilds from somebody named Daniel Robbins? If you've never met D.Robbins (of Gentoo) before, there is nothing in your keysigning scheme to prevent you from signing a key D.Robbins (of Microsoft) has for the purpose of imitating him. > > I would argue that this is more of a rationale for different signature > > types. "I know this key is used for honest representation." (what I > > consider key sigs to be right now), "I trust the person this key > > represents with some things of mine", and "I trust the person this key > > repesents with any access that I have." > > Just because I sign Mr. Green's key doesn't mean I am guaranteeing he > > won't kill Mrs. White with the candlestick. All I'm saying is that the > > particular Mr. Green I know uses this key for legitimate purposes and is > > not attempting to represent somebody else. > > Exactly. The point of the ID is that you are signing a key of someone > that you might not know, and you want to be sure that someone else isn't > trying to represent them. Many people have the same name. An ID isn't going to help you differentiate between them. > > I'm unaware of any mail program that has the ability to have a different > > default for mailing lists. > > Actually, that is pretty easy. All you need to do is setup something > like [EMAIL PROTECTED] and set the preference for that address > to not send them. You could even use the exact same email address. KMail doesn't support per-sender MDN preferences. Does Evolution? Either way, stripping the header at the list works fine. -- Luke-Jr Developer, Utopios http://utopios.org/ -- [email protected] mailing list
