Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Why use PGP in newsgroups

19 views
Skip to first unread message

Tim Murray

unread,
Sep 13, 2003, 5:16:41 PM9/13/03
to
I think I know a wee bit about PGP, or at least the basics. But I'm wondering
why some people sign newsgroup posts with PGP keys?

Hans Maertens

unread,
Sep 13, 2003, 5:39:10 PM9/13/03
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim Murray wrote:

> I think I know a wee bit about PGP, or at least the basics. But I'm
> wondering why some people sign newsgroup posts with PGP keys?


Tim,

It's really very easy to post to a newsgroup pretending you're somebody
else. To avoid that someone "puts words in your mouth", one should
authenticate postings with PGP or GPG.

Unless you're a politician, of course. In that case it might be vital for
your political survival to be able to claim that some posting was not of
your hand.

regards,

Hans


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/Y45beAFfPoyjZ2cRApphAKCXTJQBkzpbwviEFocWJslKmtjNbQCeP4kd
J3j6wOvnV3Buqp90QdwmEbs=
=J47m
-----END PGP SIGNATURE-----

Solbu

unread,
Sep 15, 2003, 3:21:28 AM9/15/03
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On lørdag 13. september 2003, 23:16 Tim Murray tried to express an opinion:

> I think I know a wee bit about PGP, or at least the basics. But I'm wondering
> why some people sign newsgroup posts with PGP keys?

For the werry same reason people sign postcards.

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
*****************************************
PGP key ID: 0xFA687324
*****************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/ZWh8T1rWTfpocyQRAmgYAJoCv60s2LYOJheVN6jnVuuqZFoCkQCgtgHT
8YuNuShj9Pc09qdyp7Wzo74=
=CSFM
-----END PGP SIGNATURE-----

Neil Donovan

unread,
Sep 15, 2003, 11:36:27 AM9/15/03
to
Tim,

I myself have thought about this very question from time to time.

Why sign a newsgroup message? What does it gain me or the reader? If mine
is just another anonymous message on the Usenet, do I really care that I can
prove that I am the author of the message. Does the reader really care?
And ...if my newsgroup comments create some unintentional controversy,
wouldn't it be better for me to be anonymous; wouldn't it be better (for me)
to *not* have signed my posting? (I admit that this reflects a less than
forthright attitude, but I'm being a bit of a Devil's Advocate here.)

On the other hand, if it *is* important for me *not* to be anonymous, the
issue becomes quite different. If I am a spokesman for a cause,
particularly if that cause is a matter of controversy, then my signing my
postings becomes important. Why? ...Because, another person could post a
message using my name and make it appear that I said something that I did
not. In this situation, I *want* to be identifiable and I *want* my Usenet
postings to be tied to me.

Neil Donovan
Salem, Massachusetts


"Tim Murray" <no-...@thankyou.com> wrote in message
news:0001HW.BB890179...@newsgroups.bellsouth.net...

Tim Murray

unread,
Sep 16, 2003, 9:34:56 PM9/16/03
to
Thanks to all of you for your posts. Now I have one more question that I
suppose only highlights my lack of knowledge about PGP: What's to prevent,
say, me copying the string from the bottom of someone else's newsgroup post,
and then paste it into the bottom of my post? Okay, literally the answer is
"nothing", but I think you know what I mean. Could I not pose as someone
else?

Tarapia Tapioco

unread,
Sep 16, 2003, 10:20:08 PM9/16/03
to

No. A PGP signature is produced using the particular message it signs, and
is unique to that message. Copying a signature from one message to another
gives a "bad signature" error and tells the world that something is not
kosher with that message...

Mxsmanic

unread,
Sep 16, 2003, 11:21:10 PM9/16/03
to
Tim Murray writes:

Nothing prevents you from doing it, but the PGP signature will not
validate if you simply cut and paste it from another message. A PGP
signature is a cryptographic signature: it is a function of the entire
message, and if even one bit in the message is changed, the signature
will no longer validate when you run the message through PGP.

This is the advantage of a PGP signature. An ordinary signature line
offers no proof at all that the message that precedes it was really
written by the person named in the signature line. A PGP signature,
however, is actually created by analyzing the message that precedes it,
and when the message and signature are passed through a PGP program, the
program will tell you if the signature matches the message. If any part
of the message has been changed, the validation fails; so when you see a
valid PGP signature on a message, you know that the person who created
the signature also created the message signed, exactly as you see it.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

0 new messages