On Wed, 01 Feb 2012 15:45:05 -0500 Robert J. Hansen articulated: > Except that it doesn't. What's to prevent me from creating a > certificate with your name and email address and making posts in your > name, with a signature from a certificate that claims to be yours? > > Nothing -- and that signature is every bit as credible as the one > that's from your own certificate. You might say, "but that > certificate's a fraud, my certificate's real!", but the Christopher > Walters impersonator will say the same thing about you. There's no > way to check. > > I understand the desire to give people a way to verify the integrity > of your message, but the way you're going about it has some glaring > and obvious flaws.
I have to agree with Robert on this one. The whole idea of signing a message in a forum such as this is more of a pseudo security concept AKA "feel good" belief. It doesn't hurt to do it, but its usefulness is limited to pacifying yourself into a false sense of security. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users