Why sign? (Re: [Techtalk] Fwd: OpenSSH trojan?)

Mary mary-linuxchix at puzzling.org
Sun Aug 4 10:44:47 EST 2002

On Sat, Aug 03, 2002 at 03:24:57PM +0100, hobbit at aloss.ukuu.org.uk
> I suppose I should sign this to prove it came from me, but if it's all
> wrong then I shall want to deny I ever said it. So perhaps I shouldn't
> sign it after all :) 

Issues with GPG signatures:

As soon as you send a signed mail, people's ability to prove it came
from you increases. The list of people who could have sent the mail
drops from "oh, the whole internet/any of the customers of my ISP could
have forged my headers" (althought logs might prove it was you) to "um,
I guess someone else has my secret key your honour"...

Of course, signing a letter will have the same implications :)

As with Telsa, I tend not to sign messages unless there's a good reason
I want to prove the message is from me.


More information about the Techtalk mailing list