* Patrick Shanahan <ptilopt...@gmail.com> [2013-02-28 20:38]:
* Will Fiveash <will.five...@oracle.com> [02-28-13 14:25]:
[...]
I have a couple of comments about this:
- Why sign most messages? Unless the information is important for
others to verify that it came from a particular person why add the
bloat of a signature. Beyond this I find it ironic that people sign
e-mail with a private key where its public key isn't found on a
standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl.
- If one is concerned enough about allowing others to verify the
integrity of a message shouldn't this concern also extend to
attachments which are a classic attack vector?
I believe it is *mostly* for show. I can so I will, see me.
Your questions/statement are spot on.
And some may not know how to sign one message and not another....
OK OK - I got it ...
Thank you very much for being *that* helpful.
Will: you have a very valid point with your second statement ... I didn't look at
it that way but was only concerned about space. Regarding your first point I'm
afraid I don't understand. I immediately went to pgp.mit.edu and looked my key up:
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2F1C8EE8DC35B4E3
But hey I'm sure I simply miss the technical understanding & knowledge about
encryption and am just not clever enough to *really* understand what it's all
about and just want to show off as Patrick assumed ;-)
Let's leave it with that and forget the small technical question I asked ...
Kindly yours
Stefan
