Re: why bother signing? (was Re: What email encryption is actually in use?)
There have been episodes of spoofing on this list. If client side encryption just worked, and if what is considerably more difficult, checking the signatures just worked, there would be no bother, hence it would be rational to sign Not just work but opt out is what you are looking for. If there are n posters to the list and m people signing, then their are only n-m spoof targets. As m approaches n, the number of forgeries rapidly approaches zero as there is no one left worth spoofing who can be spoofed. But as each individuals chance of being spoofed approaches zero, the benefit gained by signing also approaches zero. Consequently unless there are additional costs to non-signing above and beyond spoof protection there will always be a substantial number of unsigned messages. -- Julian Assange|If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and [EMAIL PROTECTED] |work, but rather teach them to long for the endless [EMAIL PROTECTED] |immensity of the sea. -- Antoine de Saint Exupery
Re: why bother signing? (was Re: What email encryption is actually in use?)
Ben Laurie wrote: On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote: At 04:45 PM 10/3/02 -0700, James A. Donald wrote: -- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. But Ben is not spoofed here! He is now. Cheers, Ben. I will confirm this as a (detectable) spoof :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: why bother signing?
On Saturday 05 October 2002 07:34, Ben Laurie wrote: Ben Laurie wrote: On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote: But Ben is not spoofed here! He is now. Cheers, Ben. I will confirm this as a (detectable) spoof :-) Cheers, Ben. Ah, but how do we know that that wasn't the spoofer confirming his own spoof? (That's not an entirely joking question. Not enough headers make it through the mailing list and my ISP for me to tell the difference b between the two Ben Laurie messages cited above.) -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking