North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Evil PGP sigs thread must die. was Re: Stop it withputting your e-mail body in my MUA OT
At 3:01 PM -0400 2002/07/10, Andy Dills wrote: Correct. This statement will be true for just about everyone, at some point in their life.The passive assumption is that your words are important enough that somebody might want to verify them. Do you need to use ssh every time you access a server remotely? Surely you know when your line is being tapped or when your packets are being sniffed, and you choose only those times to use ssh, and otherwise you use telnet? Same goes for actually using passwords to login -- surely you know when it's a legitimate user that is trying to login and when it's someone trying to gain illicit access to your system, and you require them to use passwords accordingly?So, does EVERY email need to be pgp signed? When was the last time anyone on this list bothered to check the validity of any message they received via any channel? I mean, if you're going to use probability to support your argument, you might as well widen the discussion to a much broader sample group.When was the last time somebody on this list bothered to check the validity of a pgp signed message which they received via nanog? Not everything is black and white. At what level would you choose to validate a message like this?I mean, if John Sidgmore posted to that from now on, Worldcom's official pricing is $100/meg with a 3 meg commit, I wouldn't believe it for a second unless it was signed and I verified it. -- Brad Knowles, <[email protected]> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
|