At some point hitherto, Preben Randhol hath spake thusly: > > matter). It's much harder to forge a valid, signed mail, because you > > need access to the victim's PGP _private_ key, and their passphrase. > > Yes but who knows? I just get information from gnupg that it cannot > verify the signed posts here as it doesn't have the public key.
Sure, but if you actually cared, you could get my key and try to verify it. Presumably, if you cared, you'd already have it, since my key ID is in my sig, and since you can configure gpg/mutt to get keys from a keyserver automatically. If you had my key, it wouldn't verify. Someone else made a point about if someone spoofed a TR post saying that you should apply some patch to mutt. That's an excellent point. Someone else asked who cares if someone spoofs someone else... But I've run into cases where some juvenile moron decided to spoof random people to try to create ill will between list members. So to answer the question, if someone posts a message spoofing me, especially one saying something that I don't believe or would never say, then *I* care. So, I sign my posts, as well as most of my personal mail. It's largely a matter of principal. I also encrypt nearly all mail I send to people who are crypto-capable, regardless of what's in it. Why? Cuz it's no body else's business. Period. -- Derek Martin [EMAIL PROTECTED] --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org
msg23730/pgp00000.pgp
Description: PGP signature
