On Fri, Jan 04, 2002 at 10:54:46PM +0100, Nick Wilson wrote: > Hi folks > I've been seeing 'pgp signitures' and suchlike since joining this group > and I'm a bit baffled. > Why the need to encrypt harmless text? > It looks interesting and I wondered if you might share some opinions and > pointers with me?
Ah, you mistake signature and encryption! :) A signature is just that -- it's a cryptographic message that proves that you 'signed' (and, presumably) sent a message. If I send you a message that I've signed with gpg, you can be sure that I wrote it. (Or at least that I approved it.) Even without GPG, though, you can read the body of the message, as it isn't encrypted. Signing messages, even if their content is harmless and relatively unimportant is a good practise. If you only sign 'important' messages, then it's easy for people to forge messages from you -- they don't need to sign it. The policy should be that if it isn't signed, it isn't from you. If you sign everything, that policy is realistic. If you sign only some messages, it is not. No one sends encrypted messages to a mailing list unless there's a shared key for decrypting messages -- and that would be an unusual situation. -- rjbs
msg22287/pgp00000.pgp
Description: PGP signature
