> > Ah, you mistake signature and encryption! :) > > A signature is just that -- it's a cryptographic message that proves that you > 'signed' (and, presumably) sent a message. If I send you a message that I've > signed with gpg, you can be sure that I wrote it. (Or at least that I approved > it.) > > Even without GPG, though, you can read the body of the message, as it isn't > encrypted. > > Signing messages, even if their content is harmless and relatively unimportant > is a good practise. If you only sign 'important' messages, then it's easy for > people to forge messages from you -- they don't need to sign it. The policy > should be that if it isn't signed, it isn't from you. > > If you sign everything, that policy is realistic. If you sign only some > messages, it is not. > > No one sends encrypted messages to a mailing list unless there's a shared key > for decrypting messages -- and that would be an unusual situation. > > -- > rjbs
Yes thanks Ricardo, that makes sense, I'll start looking into it and before long I'm sure I'll be following suit. Cheers -- Nick Wilson Tel: +45 3325 0688 Fax: +45 3325 0677 Web: www.explodingnet.com
