I'm going to try to steer this back onto a relevant topic Robert
I love your "off the cuff feelings" about things. Its when you are at your best. Question: What value do signatures serve then however other than to provide data authentication but not sender authentication? How can you be sure in any case that if you get an unsigned transmission, that the data is secure, was altered, or that a signature was just mistakingly not appended? As a counter argument -- if the private key was stolen and a message signed using the stolen signature, it really doesn't act to prove sender authenticity either -- but I guess it does serve to prove data authenticity. So in the best case scenario if the private keys are kept truly private and secure, the signature mechanism works as designed. In unideal circumstances however, this "trust" mechanism falls apart however. Seems like somewhat of a quandary? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users