On Thu, Dec 14, 2000 at 11:03:13AM -0600, David Champion wrote:
>I think that
>signing all mail as a policy is a waste of resources and a potential
>source of annoyance, whether it's list mail or not.
[...]
>anyone who is
>concerned about the validity of the message can check the signature if
>they like.
>
>But, by and large, it doesn't matter. I don't really care whether it
>was really the person I know as Lars Hecking who wrote the message I'm
>replying to right now. It only matters what's said in this case, and
>not much who said it. If I want to confirm all this, I can write to
>Lars and he can sign it. If I sign my mail to Lars, he'll quite
>possibly even sign his reply.
But the signature can only be checked if it's present. If the sig
isn't present, you need additional steps. ...a small example: I get
annoyed before going on a long trip, and I write an email in which I
write things that are uncharacteristic of me (because I'm annoyed). A
day later, when you receive my mail, you'd like to verify that it was
really I who wrote that, so you send me email asking if I really wrote
that. Oh, well...you're left wondering until I get back say a month
and a half later, because when you do your further inquiry, I've
already left. Now if I'd have signed it, you have the option of
configuring anything in your mail system over which you have control
(~/.procmailrc, ~/.muttrc, ~/.gnupg/options to name a potential few)
to do anything you want, including choosing not to open my signed
message, sending it off to another box to be read later, write
something/modify Mutt to fetch possibly nonexistant keys in the
background, specify a different pager that asynchronously verifies the
signature (e.g., pop-up X window or something)...at least by signing
it, I've given you the tool with which you can do it if you choose.
And you can also choose not to do anything at all with my message.
[...]
>Having the signatures come up, and my mailer and OpenPGP client freeze
>while I wait to download a signature that might and might not be on the
>server that I use, only to discover that the signed material doesn't
>even need validation, is somewhat irritating at times - semi-political
>privacy agenda or no.
I would agree it can be irritating at times. But I would also
respectfully argue that due to your configuration, you have only
yourself to blame for your irritation. IMHO, you just need a little
creative thinking ("hmmm...could I use something in a procmail recipe
to fetch keys in the background and add them to my keyring?") in order
to reduce or eliminate your irritation. Computers are so wonderful
because so many of them are so flexible. I'm also willing to admit,
though, that often with flexibility comes complexity.
P.S. -- I'll skip the digital signature this time. Dontcha just hate
it when you ask someone not to do something (e.g., a "Jeopardy!"
format message), but then they do it anyway???
--
Oooooo-oooo-oooo-ooooo, Oooooo-oooo-oooo-ooooo, Ooooo-weem-oh-wum-ooo-ayyy
In the jungle, the silicon jungle, the process sleeps tonight.
Joe Philipps <[EMAIL PROTECTED]>, http://www.philippsfamily.org/Joe/
public PGP/GPG key 0xFA029353 available via http://www.keyserver.net
