On Wed, Feb 01, 2012 at 09:26:18PM +, gn...@lists.grepular.com wrote:
On 01/02/12 21:12, Doug Barton wrote:
I've posted using the same key on probably a dozen mailing lists,
I use it for all of my personal and work email. I use it to sign
all of the comments on my blog. I use it to sign
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I thought I would start a new thread because of the thread confusion. I first
want to say that I use Enigmail with Thunderbird, and check the To: and CC:
lines of any replies before I send my reply to any list, to avoid people
receiving unwanted
On 2/1/12 3:34 PM, Christopher J. Walters wrote:
On the issue of signing: I do sign my messages, and have uploaded my
public keys to key servers, so they are available to check that no
one has changed my message.
Except that it doesn't. What's to prevent me from creating a
certificate with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/02/12 20:45, Robert J. Hansen wrote:
On the issue of signing: I do sign my messages, and have
uploaded my public keys to key servers, so they are available to
check that no one has changed my message.
Except that it doesn't. What's to
On 02/01/2012 13:05, gn...@lists.grepular.com wrote:
On 01/02/12 20:45, Robert J. Hansen wrote:
On the issue of signing: I do sign my messages, and have
uploaded my public keys to key servers, so they are available to
check that no one has changed my message.
Except that it doesn't.
On Wed, 01 Feb 2012 15:45:05 -0500
Robert J. Hansen articulated:
Except that it doesn't. What's to prevent me from creating a
certificate with your name and email address and making posts in your
name, with a signature from a certificate that claims to be yours?
Nothing -- and that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/02/12 21:12, Doug Barton wrote:
Nothing -- and that signature is every bit as credible as the
one that's from your own certificate. You might say, but
that certificate's a fraud, my certificate's real!, but the
Christopher Walters
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/1/2012 03:45 PM, Robert J. Hansen wrote:
Except that it doesn't. What's to prevent me from creating a
certificate with your name and email address and making posts in your
name, with a signature from a certificate that claims to be yours?
On 2/1/12 4:29 PM, Christopher J. Walters wrote:
However, I disagree with your statement that there is no way to
check: one can check the headers of each message to see from where
they originated.
Easily forged, and machines are too easy to compromise. This idea that
an IP address is clear
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/1/2012 04:53 PM, Robert J. Hansen wrote:
Easily forged, and machines are too easy to compromise. This idea that
an IP address is clear and convincing evidence of origin is absolute
bonkers. An IP address is evidence of *routing*.
Must you
On Wed, 01 Feb 2012 16:53:48 -0500
Robert J. Hansen articulated:
Maybe I have a darker view of human nature than you do, that's
certainly possible, but I think it's a critical mistake to apply
rational-actor theory to criminals. (It's just as critical of a
mistake to apply rational-actor
11 matches
Mail list logo