-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Michael Campbell (michael_s_campbell / yahoo.com) wrote:
> > Being able to sign messages and prove you sent them
> > is pretty important, even on public mailing lists, ...
> 
> Maybe to some, but this is hardly a universal truth.

Fair enough, but just because you don't believe in doing it doesn't mean
you should be able to stop other people doing it due to a bug in the
email client you use, right? :)

> I've been reading mailing lists avidly for 15+ years, and I can't
> think of a single time that I've had the need for a signature to
> verify the originator's identity.  <shrug>, maybe it's the types of
> lists I read.  Content is more important to me than author.

I guess you don't read linux-kernel then, the forged messages from Linus
around april time saying "I quit" are an example that easily springs to
mind :)

But actually, there's more to it than that. If content is more important
to you, don't you want to be sure that the content of the message you're
reading is the same content the author originally wrote and sent?

Here's a quotation from an article about the subject, which gives you
one perspective on it at least:
http://www.itworld.com/nl/lnx_sec/05282002/pf_index.html

    Some folks ask me why I sign everything I write, and the answer is
    simple: I need to. I'm in the computer security business, and, as
    such, I send a boatload of emails such as directives to users,
    administrators, and co-workers. Because of this, messages appearing
    to be from me have a good chance of being acted upon. By digitally
    signing everything, even stupid jokes I send my sister, I've
    established a pattern that says, "If it ain't signed, it ain't me."
    Those with whom I discuss important topics can read and verify the
    PGP signature automatically and know when the signature is valid. If
    it's not, then the message is not authentic, they'll contact me to
    let me know something is amiss, and won't act on the information
    therein.

There's more commentary here:
http://kurtas.ai.mit.edu/pgpinfo.html
http://www.philzimmermann.com/essays.shtml
http://www.google.com/search?q=pgp+signing+emails

Email is an inherently insecure means of communication. Emails can be
intercepted at many points during transmission and sending an email that
appears to come from someone else is all too easy.

Tom.
- -- 
   .^.    .-------------------------------------------------------.
   /V\    | Tom Gilbert, London, England | http://linuxbrit.co.uk |
 /(   )\  | Open Source/UNIX consultant  | tom / linuxbrit.co.uk    |
  ^^-^^   `-------------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9yoar6fJVg2PPi5URAkyOAJ0bZ7EYfm0fMancMIElMpdQorcr5QCeI9/+
W5FzXRIIY2uhuTzsfdnwZVU=
=ysUi
-----END PGP SIGNATURE-----