| Arthur S. Alexion on 28 Jan 2005 14:16:20 -0000 |
|
Tom Diehl wrote: On Thu, 27 Jan 2005 jason@nocks.com wrote: >You said: I used to feel the same way about this as you Tom -- who cares? What I didn't understand is that, to be effective, signatures are an all or nothing proposition. That is, the best way to spot a forgery is to know that the sender always signs his or her messages, ergo, an unsigned message is probably not authentic. I agree that much of what is said on lists need not be authenticated (though that is not always the case*), but if I have a reason to sign my email in other contexts, I should consistently sign *all* of my email. *Often, it is important to authenticate the sender of mail to this list, though. Much of the advice given on this list involves critical issues. Taking that sort of advice, if posted maliciously, could cause serious damage to your system. Also, you get to know who has expertise in different areas, so it is nice to know the source of the suggestion. That is the idea. The only emails I *don't* sign, are those originating from my Palm Pilot (there is a gpg for PalmOS, but it is a real pain to use) or from my gmail account (haven't figured out how to use gpg with web mail). In those instances, my mail footers indicate that the mail is not signed and warn not to trust without authentication. >Actually, I am really trying to understand the point. If people are doing >it because they can, so be it. I do not really expect to get anyone to >change their mind. Now this is the most interesting part of this message. How is your signatureproperly in pine, yet I changed nothing. My guess is that it reflects the difference between two types of signatures: inline (ascii armor) and S/MIME attached signatures. They each have advantages and disadvantages. The latter can sign HTML formated messages and attachments as well as plain text messages. In that sense they can authenticate almost all types of common email. Inline ascii signatures have the advantage of not confusing MUAs that don't know what to do with signatures. They only work for plain text, though. What I like about them the least is that they tend to make really ugly and unreadable quotes of plain text replies to HTML mail if you are replying with an HTML capable composer like Mozilla, Thunderbird, Evolution or Pegasus (windows).
_______________________________________ Art Alexion Arthur S. Alexion LLC arthur [at] alexion [dot] com aim: aalexion sms: 2679725536 [at] messaging [dot] sprintpcs [dot] com PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A The attachment -- signature.asc -- is my electronic signature; no need for alarm. Info @ http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html Key for signed PDFs available at http://mysite.verizon.net/art.alexion/encryption/ArthurSAlexion.p7c The validation string is TTJY-ZILJ-BJJG. ________________________________________ -- _______________________________________ Art Alexion Arthur S. Alexion LLC arthur [at] alexion [dot] com aim: aalexion sms: 2679725536 [at] messaging [dot] sprintpcs [dot] com PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A The attachment -- signature.asc -- is my electronic signature; no need for alarm. Info @ http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html Key for signed PDFs available at http://mysite.verizon.net/art.alexion/encryption/ArthurSAlexion.p7c The validation string is TTJY-ZILJ-BJJG. ________________________________________ Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|