On Jul 21, 2004, at 2:10 PM, Bob Blick wrote:

>> I have received several complaints that PGP/MIME digital signatures
>> are
>> detected as hostile attachments by MS Outlook.
>
> I thought that attachments of any kind were against piclist policy.
>
> Why not put your sig in the body of the message? Or not use one at
> all? I
> can see the use of a digital signature in a one-to-one email, but
> posted
> to a list where 99% of the recipients don't even know you? What's the
> point?

The same point a real signature provides on a piece of paper.  Better
actually.  Proof that you really wrote the message, and it's not
someone spoofing you.

I (or anyone else) could pick any known-good e-mail address on this
list and send a message from a mail server that I control that looks
just like you sent it.  Only a careful examination of the headers would
show that it came from a server you don't have access to.

But if you sign all of your messages (as many people do), it becomes
impossible for me to do this without raising a much larger red flag -
especially if your mail client automatically checks digitial
signatures, like many do.

Microsoft mail clients (especially Outlook) are really showing their
age -- they don't follow standards that have been published for years
and years for digital signature support, and due to their wide
deployment, I'd say they're actually *slowing down* innovation and
development in this area, and have been for some time now.

--
Nate Duehr, nate@natetech.com

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listserv@mitvma.mit.edu with SET PICList DIGEST in the body