TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GnuPG, PGP, and list email



A quick note.  On an email list, I don't believe signing every message is
necessary.  Yes, signing the message provides and identity and a CRC to
check the message against, but it's also a lot of bloat that is added to
each message.  If you really want to verify whether a message arrived from
it's indicated author, write back to the author to confirm and exchange
keys.

A more appropriate use of encrypted signing would be to use it as a
verification tool at the server level.  For example, to sign up for an
email list, the user could apply with an email that is signed to the
listserver, which in turn checks the signature and approves/denies the
unsubscription request.  A list of verified users can be available should
the maintainer and user choose it.

But signing every message to a list?  Individual emails, yes.  But lists?
In light of that, I want to apologize to everyone for the clutter I've
added previously...if you've noticed, I don't send my email with GnuPG
signatures any longer.

----------------------------------------------------------------
Chad Walstrom                         mailto:chewie@wookimus.net 
a.k.a ^chewie, gunnarr               http://wookimus.net/~chewie

   Gnupg = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD
----------------------------------------------------------------