Re: Digital Sigs (was IS: ATTN: List Mom: Unnecessary smime attachments)
Re: Digital Sigs (was IS: ATTN: List Mom: Unnecessary smime attachments)
- Subject: Re: Digital Sigs (was IS: ATTN: List Mom: Unnecessary smime attachments)
- From: Sander Tekelenburg <email@hidden>
- Date: Tue, 14 Sep 2004 00:59:13 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 17:25 -0500 UTC, on 2004/09/13, John C. Welch wrote:
[...]
> However, since one of the purposes of a digital sig is to verify
> who sent you the message, a personal sig on a list is worthless.
> You didn't send the message I'm responding to, the listserv did,
> and it modified the message to do so.
I've signed the body of this message. Assuming the server doesn't
screw with it, you can verify that the sig is valid - which would
mean that the signed part is from the owner of the key. I'll CC you
off-list so that in case the sig on the message the list-server
passes on is bad you can compare with the CC-ed version.
Note I don't know exactly how those MIME schemes work. Things may be
different there. But if so, that is specific to that scheme, not to
digitals sigs as such.
> So right now, even if your sig was legit, in a mailing list, it
> doesn't matter, because the message is always modifed by the time I
> get it, so the sig confirms...nothing at all.
Sure it does. It can't vouch for the headers, but it can for that
part of the body that was signed.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
iQA/AwUBQUYmK+sywKfXgqKdEQIlXACff2ABtzWxvt2gNcKxA9ye8KR8Cu8AnRvZ
PqbqqskIsL4qA9PwlA/cERxV
=G22j
-----END PGP SIGNATURE-----
--
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden