----- Original Message ----- From: "Michael Rigby-Jones" Subject: RE: [PIC]: Newbie needs help > Does digital signing really add much when posting to public mailing > list? I'm happy to be educated on the point, but I can only see it's > usefullness for confidential/important emails (not saying the list isn't > important, but you know what I mean). Digitally signed messages, at least MIME signatures, are a bit of a pain for the reader, but you can see the need, and if it was an old PGP signature which doesn't have the annoyance of MIME, I would agree that it should be encouraged. Basically, the problem is that it is trivially simple to spoof email addresses. If someone came on the list doing something annoying, he could easily claim to be Justin or any of us. By signing his messages, Justin is proving that the message is from him. The signature doesn't add ANYTHING to the confidentiality - the message is still there in plain text. What the signature does is add a hash made up from Justin's private key and the message. In theory, you can check this to validate that the message was from Justin and that it wasn't changed from the message Justin signed. With a PGP signature or a GPG signature, this would simply be a block of random characters after the message. With MIME it is, too, except that it is specially marked so that the mail client can recognize it as a signature. That, in turn, allows the mail client (e.g. OE) to provide a "user friendly" feature of making you jump through a few more hoops to read the message. You can still open the attached message in OE, or view the message source in OE, and voila! the message is there in plain text. If you look at the message source, it is followed by a block of apparently random characters that constitute the signature. I have to admit, although in principle, I support the idea of signing messages, even though I know how to read signed messages, I tend not to, since it is an annoyance. Just like I always click don't reply when a message requests a receipt. --McD _______________________________________________ http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist