1 |
Mick wrote: |
2 |
> On Monday 26 May 2008, Daniel Iliev wrote: |
3 |
> > On Sun, 25 May 2008 20:04:29 +0200 |
4 |
> > |
5 |
> > Wolf Canis <wolf.canis@××××××××××.com> wrote: |
6 |
> >> Mick wrote: |
7 |
> |
8 |
> >>> There are other lists however, when |
9 |
> >>> it is not that rare for malicious (or unhinged) individuals to |
10 |
> >>> impersonate someone else and hijack their email address to publish |
11 |
> >>> offensive content. After a while using a digital signature (GnuPG |
12 |
> >>> or x509) becomes a habit. |
13 |
> >> That's exactly the case. ;-) |
14 |
> > Two questions. |
15 |
> > How would signing your emails to this list help you: |
16 |
> > - in avoiding the above to happen to you? |
17 |
> > - help you in case that happens after all? |
18 |
> > |
19 |
> > |
20 |
> > Explain, please. |
21 |
> |
22 |
> The reason I have given above does not apply as much to this list (so |
23 |
far). |
24 |
> In any case, the principle is that unless I have signed this message you |
25 |
> cannot be sure that it was authored/sent by me and as a matter of |
26 |
course you |
27 |
> should assume that it was sent by someone else. You can then |
28 |
trust/distrust |
29 |
> the content of the message and the potential impact of any advice |
30 |
offered in |
31 |
> it accordingly. |
32 |
> |
33 |
> As far as this list is concerned singed messages don't cause any |
34 |
harm. Once |
35 |
> you set your client to sign messages, that's what it does . . . |
36 |
> |
37 |
Just a word of caution: |
38 |
|
39 |
You can never fully trust even a signed message unless you have |
40 |
physically met the person in question and they have given you their key |
41 |
signature on some secure media such as a floppy disk. Downloaded keys |
42 |
from keyservers are not a guarantee that the key was made my the person |
43 |
in question. Unless I know the person well and they have provided means |
44 |
of verifying the key, I would only ever award marginal trust. |
45 |
|
46 |
-- |
47 |
gentoo-user@l.g.o mailing list |