[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: GPG signatures

From: Sean Estabrooks <seanlkml rogers com>
To: fedora-list redhat com
Subject: Re: GPG signatures
Date: Tue, 30 Dec 2003 11:31:00 -0500

On Tue, 30 Dec 2003 11:54:45 -0400
"Trevor Smith" <trevor haligonian com> wrote:

> Automatic downloading of keys makes me wonder what the use of PGP / GPG
> signing really is. All it will do, in this case, is tell you that the
> person who sent the message is the person who uploaded the key. Which,
> in reality, tells you nothing.

Most times the best it can do is assure you that the same sender is
responsible for a set of messages.   The biggest benefit to the sender
of signed messages is that it's hard to impersonate them.  However on a
public help list the risk of this ever happening is so small that it makes
the costs of the technology highly questionable.  The number of reasons to
impersonate anyone on a public help list is so small that it leads me to
believe that the people signing messages are more interested in playing
with it as a toy rather than avoiding any risk to themselves.

Sean

Follow-Ups:
- Re: GPG signatures
  - From: prata
- Re: GPG signatures
  - From: Trevor Smith
- Re: GPG signatures
  - From: Michael Schwendt

References:
- Re: GPG signatures
  - From: Lorenzo Prince
- Re: GPG signatures
  - From: Trevor Smith

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]