On Thu, Feb 28, 2013 at 09:30:47PM +0100, Stefan Wimmer wrote: > * Patrick Shanahan <ptilopt...@gmail.com> [2013-02-28 20:38]: > >* Will Fiveash <will.five...@oracle.com> [02-28-13 14:25]: > >[...] > >>I have a couple of comments about this: > >> > >>- Why sign most messages? Unless the information is important for > >> others to verify that it came from a particular person why add the > >> bloat of a signature. Beyond this I find it ironic that people sign > >> e-mail with a private key where its public key isn't found on a > >> standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. > >> > >>- If one is concerned enough about allowing others to verify the > >> integrity of a message shouldn't this concern also extend to > >> attachments which are a classic attack vector?
[...] > Will: you have a very valid point with your second statement ... I didn't > look at it that way but was only concerned about space. Regarding your first > point I'm afraid I don't understand. I immediately went to pgp.mit.edu and > looked my key up: I wasn't referring to you specifically as I see you did publish your pubkey properly. Instead, I was referring to others (like s.keeling) that sign everything yet I can not retrieve their pubkey. -- Will Fiveash
