-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ian Mallett wrote: > On many people's posts, they seem to be attaching a small file called > "noname". It reads as follows: > > I'm not sure why this is, though I'm guessing your email browser does > it for some reason. I'm using gmail, and it appears as an attachment. > Why?
Hi, I'm probably one of the people whose messages show up like this. This is a PGP signature. Its use is to ensure through cryptography that I'm the person who sent this email with this text on the date claimed. Since all email is sent in plaintext with pretty much no security whatsoever, any email can be snooped or forged. The signature is a method (you might say "kludge") by which the authenticity of an email can be verified, much like a handwritten signature is on an ordinary letter. A PGP signature is not much use without 1) my public key, which is on my site, verified in some way, and 2) software to verify the signature. A good email client will provide this software integrated into the program in some way -- Thunderbird has a plugin called Enigmail, Sylpheed has a plugin called PGPMIME, mutt has some options like this, etc. On email clients that don't support cryptography, which is unfortunately the majority[1], you end up seeing blocks of text like the one you included in your email. You could, theoretically, download the message and run a PGP program on the text and the signature, but this is too much work for most people. [1] Note that GMail is not unique among webmail providers that do not support cryptography. In order for a webmail provider to properly support PGP signatures, it would have to authenticate to the user, for example using HTTP certificates. Otherwise the HTTP transmission could theoretically be intercepted and a fake "Signature verified" message added. Of course, for maximum security you'd also need to see the source code running on the webmail server. Explaining how it works is probably outside of the scope of this mailing list :) but you can see Wikipedia's article on public-key cryptography to get an idea: http://en.wikipedia.org/wiki/Public-key_cryptography Ethan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG/AnIhRlgoLPrRPwRAtx6AJ9YDMDsEkIJOmJcTymCIsF7gECxpQCgnTZi gcAzidIPE/j08RxsG1nhWUo= =+SI5 -----END PGP SIGNATURE-----
