Mark Wieder, [MW] wrote: MW> Maybe I'm missing something obvious, but the usefulness of MW> pgp-signing messages to a listserv somehow eludes me. The listserv MW> software doesn't care if it's really you posting, the message is MW> widely distributed, and it's publicly accessible on a web server. MW> This certainly isn't the proper place to be transmitting sensitive MW> information, so what's the point?
First, it doesn't affect the messages security if the message is widely distributed. What matters is if the signature verifies and if you trust the public key you used to verify the message signature. In my case, I've been signing all messages to the list. It's the same key that I've been using since I've been signing my messages as moderator. That says a lot for consistency and greatly increases the trust value of the key you use to successfully validate my message signatures. IOW's, it's nigh unto impossible for someone to be impersonating me as moderator all this time. Say for instance, you get a heated message from me off list (not that I'm one to send such a message unless provoked into doing so :) ), a sensitive message, or a moderatorial one and it's signed. If it's verified as being signed using the same key as I've been using to sign all other messages from me to this list, you can be assured that the message was from me and reply to me in kind. :) Otherwise you can never really be sure who sent that message. Could be a prankster impersonating me. If I chose to sign none of the messages to the list and signed only the off-list message, then you still couldn't trust the key used to sign it, would you. The key has only been used once and there's no reason to trust it. -- -= allie_M =- | List Moderator PGPKeys: http://www.ac-martin.com/pgpkeys.html _
pgp00000.pgp
Description: PGP signature
________________________________________________ Current version is 2.01 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
