Tim Murray wrote:
> I think I know a wee bit about PGP, or at least the basics. But I'm
> wondering why some people sign newsgroup posts with PGP keys?
Tim,
It's really very easy to post to a newsgroup pretending you're somebody
else. To avoid that someone "puts words in your mouth", one should
authenticate postings with PGP or GPG.
Unless you're a politician, of course. In that case it might be vital for
your political survival to be able to claim that some posting was not of
your hand.
regards,
Hans
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/Y45beAFfPoyjZ2cRApphAKCXTJQBkzpbwviEFocWJslKmtjNbQCeP4kd
J3j6wOvnV3Buqp90QdwmEbs=
=J47m
-----END PGP SIGNATURE-----
On lørdag 13. september 2003, 23:16 Tim Murray tried to express an opinion:
> I think I know a wee bit about PGP, or at least the basics. But I'm wondering
> why some people sign newsgroup posts with PGP keys?
For the werry same reason people sign postcards.
- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
*****************************************
PGP key ID: 0xFA687324
*****************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/ZWh8T1rWTfpocyQRAmgYAJoCv60s2LYOJheVN6jnVuuqZFoCkQCgtgHT
8YuNuShj9Pc09qdyp7Wzo74=
=CSFM
-----END PGP SIGNATURE-----
I myself have thought about this very question from time to time.
Why sign a newsgroup message? What does it gain me or the reader? If mine
is just another anonymous message on the Usenet, do I really care that I can
prove that I am the author of the message. Does the reader really care?
And ...if my newsgroup comments create some unintentional controversy,
wouldn't it be better for me to be anonymous; wouldn't it be better (for me)
to *not* have signed my posting? (I admit that this reflects a less than
forthright attitude, but I'm being a bit of a Devil's Advocate here.)
On the other hand, if it *is* important for me *not* to be anonymous, the
issue becomes quite different. If I am a spokesman for a cause,
particularly if that cause is a matter of controversy, then my signing my
postings becomes important. Why? ...Because, another person could post a
message using my name and make it appear that I said something that I did
not. In this situation, I *want* to be identifiable and I *want* my Usenet
postings to be tied to me.
Neil Donovan
Salem, Massachusetts
"Tim Murray" <no-...@thankyou.com> wrote in message
news:0001HW.BB890179...@newsgroups.bellsouth.net...
No. A PGP signature is produced using the particular message it signs, and
is unique to that message. Copying a signature from one message to another
gives a "bad signature" error and tells the world that something is not
kosher with that message...
Nothing prevents you from doing it, but the PGP signature will not
validate if you simply cut and paste it from another message. A PGP
signature is a cryptographic signature: it is a function of the entire
message, and if even one bit in the message is changed, the signature
will no longer validate when you run the message through PGP.
This is the advantage of a PGP signature. An ordinary signature line
offers no proof at all that the message that precedes it was really
written by the person named in the signature line. A PGP signature,
however, is actually created by analyzing the message that precedes it,
and when the message and signature are passed through a PGP program, the
program will tell you if the signature matches the message. If any part
of the message has been changed, the validation fails; so when you see a
valid PGP signature on a message, you know that the person who created
the signature also created the message signed, exactly as you see it.
--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.