[PLUG] what is the point of PGP-signed emails?
Michael Luevane
mikel at quantecllc.com
Mon Dec 8 09:28:02 UTC 2003
plug-admin at lists.pdxlinux.org wrote:
> So what's the point, realio and trulio, of using PGP in
> email? I think
> it's a geek affectation. Anyone can generate a key. Anyone
> can paste a
> bunch of stuff in a message that looks like a key. If someone like
> David Mandel posted a message here that said "No more PLUG.
> I'm sick of
> it. We're pulling the PLUG hahahahaaa", it wouldn't matter if it were
> PGP-signed or not- no one would take such a message at face value. We
> would pick up and the phone and go "Yo, David, WTF?"
>
> So, aside from generating endless flame wars over how mail clients
> display a PGP sig, I just don't see the point.
Lots of other good talk, but here's a real-life example of a good reason to
sign your keys:
We had a key signing party down near U of O a few years ago, and this guy
(I'll call him "Bill") was telling us a story about the divorce he was going
through. Seem like the lawyer for his wife was trying to "help" her by
changing the text of the emails that the lawyer got from Bill.
Bill was a fastidious PGP user, signed all his emails. When the lawyer
brought up the changed emails as evidence during divorce procedings, Bill
had him verify the signatures. They didn't verify and Bill told the judge
about the sigs and what it meant.
This is one reason for signatures. For encryption, it's not too different in
concept from an envelope.
/==================================================\
| Michael Luevane | Systems Administrator |
| mikel at quantecllc.com | Quantec, LLC |
| 503-228-2992 | http://www.quantecllc.com |
\==================================================/
More information about the PLUG
mailing list