North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Evil PGP sigs thread must die. was Re: Stop it with putting your e-mail body in my MUA OT
Thus spake "Andy Dills" <[email protected]> > Yes, but once again you must consider content, given that most mail > clients don't automatically verify signatures. Most of us will have to > make a judgement call as to whether or not to bother to check the > signature. > > The higher the degree of "importance" of the content, the more likely I am > to check the signature, and the more likely I am to take verification > steps if not signed. > > If the content is not "important", I won't bother checking the signature. Why not just upgrade to a modern MUA and not have to worry? OE only supports S/MIME for now, but it does automatically verify every message, including checking that the From: line matches the key. It makes a big stink if the signature doesn't match, but just displays a simple little icon if it's verified correctly. How can you prefer to check messages manually and therefore cause the problems you describe? > Lest anybody confuse my argument, I think PGP signatures are a good thing. > I just don't think people need to sign everything they send. And I'm > talking about posts to Nanog here, not private communication. In private > communication, it's reasonable to sign most everything sent with official > business purpose. Ironically, there's no need to sign intrabusiness email because it's trackable by trusted authorities and therefore implicitly trusted for non-legal matters. It's personal email that needs a trust mechanism. > If the majority of mail clients automatically verified pgp signatures, I > would be totally in favor of signing every single email. But the simple > fact is that not only do most mail clients not support that, many mail > clients can't even display the signed text inline! Surely a compromise is > needed for now. Sure. Use old-style signatures if you're going to sign every message, and we can transition to new-style signatures once most people upgrade. S
|