Why sign? (Re: [Techtalk] Fwd: OpenSSH trojan?)
Mary
mary-linuxchix at puzzling.org
Sun Aug 4 10:44:47 EST 2002
On Sat, Aug 03, 2002 at 03:24:57PM +0100, hobbit at aloss.ukuu.org.uk
wrote:
> I suppose I should sign this to prove it came from me, but if it's all
> wrong then I shall want to deny I ever said it. So perhaps I shouldn't
> sign it after all :)
Issues with GPG signatures:
As soon as you send a signed mail, people's ability to prove it came
from you increases. The list of people who could have sent the mail
drops from "oh, the whole internet/any of the customers of my ISP could
have forged my headers" (althought logs might prove it was you) to "um,
I guess someone else has my secret key your honour"...
Of course, signing a letter will have the same implications :)
As with Telsa, I tend not to sign messages unless there's a good reason
I want to prove the message is from me.
-Mary
More information about the Techtalk
mailing list