[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040321031531.QZIP439081.fep01-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: NEVER open attachments
My problem with signed messages is that verification often doesn't work
since the key servers are often not in sync with public keys. For example,
here is GNUPG applied to message by Jim Richardson a little earlier today:
C:\temp>C:\GnuPG\gpg --keyserver "hkp://subkeys.pgp.net" --verify
signature.asc fD-signed.txt
gpg: Signature made 03/20/04 18:33:30 using DSA key ID 838058F6
gpg: Can't check signature: public key not found
So the value of signing your messages doesn't really scale.
That is why S/MIME is used by most commercial MUA's. Even though you have to
pay for the certificate, you can pretty well guarantee that the public key
will be available when one needs to verify the message.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Troy
Sent: March 20, 2004 8:43 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] NEVER open attachments
On Sat, 20 Mar 2004 11:54:34 +0100, Nico Golde <nion@....net> wrote:
> if many people here have the same problem i will not sign my mails in
> the future to this mailinglist in the hope that all can read my mails.
> regards nico
FYI, with my mailer, your emails show up as plain text message with an
attached signature file, so it's no problem for me if you sign them. I
usually ignore the signature but, if I need to verify a message, I can
pull the attachment out for verification.
--
Troy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists