Michael Leone on Sun, 14 Apr 2002 19:20:18 +0200 |
On Sun, 2002-04-14 at 12:23, Doug Crompton wrote: > On 14 Apr 2002, Michael Leone wrote: > > > On Sun, 2002-04-14 at 10:35, Doug Crompton wrote: > > > May I ask a perhaps dumb question? Why do you use signed email on this > > > list why would I have a need to validate it? I assume it is just playing > > > here. I can understand why you would in a secure environment. My email > > > does not fit in that category. > > > > Because many people feel that ALL email fits into that category, and > > therefore all email should be signed. Especially since email forgery is > > so easy to do it (spammers do it millions of times a day), it's seen as > > a necessary mechanism, to prove that person claiming to be me .. *is* > > me, and therefore you can confidently assume that the email actually did > > come from Mike Leone, the PLUG member, instead of Mike Leone, my cousin > > from New Jersey (or whoever). > > > > -- > And why should I care if it is REALLY you or not? Would your cousin in NJ > have the knowledge or care to send something to this list? No, but he might be able to fake it. And if you, following whatever directions he might post (as an example), screwed up your system, don't come crying to me about it - *I* had nothing to do with it. Or suppose I was to send seriously deragatory email to your clients, or your boss, or whoever, posing as you. You'd for sure want some way to be able to point to that and say "No, Judge, I can *prove* it wasn't me who said that my boss has an unnatural attraction to small farm animals". Without a valid signature, you don't (well, may not) have that. Or sent it to a mailing list. Recall that there *have* been companies who had sued employees (or tried to) over things said on mailing lists. With valid signatures, you might be able to prove that it wasn't you who said whatever. And, as Oliver North and Bill Gates both pointed out to us, email records can have been used in court cases. :-) > I guess my point is that in a business or critical situation I certainly understand > it. In a fun or personal operation it is not clear to me. If it eliminates > spam that is a good thing and I am all for it. I suppose if you did not > except any mail from non-signed senders it would, but for the forseeable > future it would also eliminate most of the good mail I receive also. Immaterial, however. The point is to protect yourself, and provide for identity verification, regardless of circumstance. You don't lock your doors only on some days, and not on others, do you? No, you make it a practice for all occasions, like looking both ways before crossing a street. > And don't get me wrong. This is an experimenters and learning list. Doing It actually is not an experimenters list, but anyway ... > these things helps us all learn. I just wondered if I had to play the game > if I did not want to and what the consequences were if I did not. 1. It's no game. 2. Don't sign or not sign; that's your choice. 3. It's really only an aggravation on email clients that don't do signings properly (read: MS Outlook Express). And even then, it's only an inconvenience, because you have to open a 2nd window to read signed mail. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF PGP public key: <http://www.mike-leone.com/~turgon/turgon-public-key.gpg> Conform or be cast out. Attachment:
signature.asc
|
|