-----BEGIN PGP SIGNED MESSAGE----- I disagree also with posting public keys to the list, but I think anyone who signs their messages should either have their key in the keyservers or should at least provide information on how to get the key along with the message. Why bother signing if your key is not available? Something I was wondering about is what should be done with signatures that don't check out. For the most part it is due to a bug in the signing/mailing procedure, rather than an actual spoof. Is there an ettiquette for contacting the person who posted the missigned message. Do people want to know if their sigs didn't check out? - -Craig Ëaig Steinberger stein-c@eng.buffalo.edu SUNY at Buffalo CFD Lab send mail with subject PGPKEY for PGP Key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLuKKpMI9bVMUIPr9AQEqugQAgiPQaW6J0PuBuaCZB8+V2nXNCjRrdB68 N67rDSRwv82Kri+QDSIggbtuuuqAJp/u750x1CSCGWd+SgwPENs0mRlW+bEh5IB2 Oqq0GnQ6E8PdLvVDneAVdrdBymyz5csAgTCOKgRc90XPycMGi/aMa2Kk8KglAR4K qZgVBN+P4XY= =A66/ -----END PGP SIGNATURE-----