-----BEGIN PGP SIGNED MESSAGE----- Mark Terka writes:
If thats the case.....isn't it an equal pain in the ass to go to the trouble of forging a sig? :> You would likely have to go through more key strokes and other routines to forge one. Why not just play by the rules and sign a message?
I imagine it would be a breeze to attach a forged PGP sig to every message using most mailers etc. The signature block is easy -- simply append it to the contents of the .sig autoappended by many mailers/newsreaders. All that remains is a macro or a bit of cutting & pasting to toss in the --- BEGIN PGP line at the top. Now that Eric has made it abundantly clear he envisions syntactic but not semantic checks of sigs, I am opposed to the proposition. I foresee a situation in which a large portion of the list traffic uses forged or meaningless signing-server-appended dig sigs. When I establish automatic signature validation for incoming mail here Real Soon Now, there will be plenty of noise generated by all the `false' negatives in the data to make a mockery of the authentication process. Encouraging cryptographically valid signatures was the first suggestion I'd seen in this entire debate which seemed to promise tangible benefits; encouraging cryptographically invalid signatures is the first notion which appears to offer tangible detriment. Disclaimer acronym of the day: ECDWHW. Eric Can Do Whatever He Wants. BTW, Tim, why do you seem so surprised by JD's style of discourse ? Just mention Chomsky and be done with the damn thing, it's not going to be productive anyway. - -L. Futplex McCarthy; PGP key by finger or server "Don't say my head was empty, when I had things to hide...." --Men at Work -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLt1CSGf7YYibNzjpAQEquAP5Aa0aVKiWW39kxxZEkvYHRFJBEOkZSVE5 ZCjUABEx7hki2+uaGvIDJyGlb73mxMeiT1iM8N1BBzbztSWbRN4wUbLsaRD27gQz NY/g/eOvylZcphFzxLWRNWBnmGSgGgN+miMv0sVxSJkdq41fjSTW9ziH8mOrGRif ZfYlP21LOSc= =W8Wf -----END PGP SIGNATURE-----