Dan Purgert wrote:
> Aragorn wrote:
>> Dan Purgert scribbled:
>>
>>> Seems kinda pointless to add encrypted data to a post you're making
>>> on a forum though, unless you have the public key(s) of the intended
>>> recipient(s) ...
>>
>> About as pointless as adding 17 lines worth of PGP-related information
>> to what could have been a five-original-lines message body? :p
>
> Anyone (everyone) can grab my public key, and verify the signature on
> the message. Pretty obvious when something comes across from those
> trolls that like to impersonate others too. Downside of the signature,
> is of course, the extra traffic.
>
If we are going to have a meta discussion of pgp/gpg uses as it applies
to newsgroup messages, I'll give my opinions.
- in terms of how one should 'defend themselves' against newsgroup
'sporgers' (spoofs and forgers), I believe that there are better and
more efficient ways to combat that problem than clearsigning
- in terms of people using their newsreaders to *practice*
clearsigning and authenticating, historically there have been specific
newsgroups where people routinely do such clearsigning with each other
and helping those who aren't yet familiar w/ the tools for clearsigning
and verifying
- in order to verify a clearsigning, one needs to acquire the DP
public key, put it into a key manager which is integrated with a news
client which is equipped to do that. I would say that normally, few to
almost none in this group are so equipped and configured. Personally I
have acquired DP's key and I use pgpdump as a tool; but my news client
is NOT configured to routinely verify clearsigning. I only use pgp/gpg
tools to authenticate linux .iso/s or their hashes w/ a system that is
configured for that purpose
- if I were participating in groups where there was active sporgery
and wanted to (or 'had to' defend myself, I would be using a provider
which required reg and also allows the account to configure the MID.
DP's eternal-september does just that; he could configure his e-s
account for a 'personalized MID stamped by e-s instead of his slrn. No
one could forge his personalized e-s MID (without an unusual tool/agent
which I haven't seen employed in common sporgeries). My provider, which
is a lowcost pay NSP also provides that feature, and pay NSPs are
/never/ employed by sporgers.
- this group hasn't been having a problem w/ sporgery, so the basis
for clearsigning everything here is weak.
--
Mike Easter