-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, nsb@nsb.fv.com writes:
I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. --
You are incorrect. Keys can always be obtained, and signatures can be verified at any time. But an unsigned message can _never_ be verified as to its origin. You may not have my key, but I still sign this message (as I have signed all my net traffic for over 3 years). I do this to protect the reputation capital I've built up.
PS -- On the off chance that anyone really doubts this is me, I will shortly send cypherpunks a message that has my own voice AND a PGP signature thereupon. That way, you can check my identity if you either recognize my voice OR have verified my fingerprint. Sheesh. -- NB
Sheesh, yourself, Nathaniel (if that _is_ your True Name). You're showing a real attitude here, as though your reputation alone should be enough to convince us of your messages' validity. A malicious attacker would be likely to bluster this way to deflect discovery of hir ruse. We're all nyms on the net. And yours wears no armor. - -- Roy M. Silvernail -- roy@cybrspc.mn.org will do just fine, thanks. "Does that not fit in with your plans?" -- Mr Wiggen, of Ironside and Malone (Monty Python) PGP public key available upon request (send yours) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMQ4PVhvikii9febJAQHqSgP/YTCBuPGD3yKEGQo6oYzr0gfxIs2MJFCB xJnSS84g4n6yxSz9u8Ffkq/BHsiRA6eFBuIhLdn0nsMORiEneXGadT+Of9+qvZXA kfr47lC01uZLfldc8CH5gJG3bc4860nz4z4YhNDW1+3jRkKN2Gzp5V1YWKWvTuIl kKw4L4ZYZCk= =rkJ/ -----END PGP SIGNATURE-----