-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 17 Jun 2003 7:46 pm, Ravindra Jaju wrote:
*You* sign your email so that *others* can trust you. Your trusting everyone else is not a valid excuse for not signing your email :P
To verify whether everything is in proper shape, you need to have the senders' public keys with you *before hand*. How would you do this for the first time? Or, in case of keys which are not signed by any trusted members in your key-ring?
Quite tedious, isn't it? Unless you take a lot of pains (best is to meet in person and take the other person's public key), there is always a possibility of a weak link somewhere. Even the phone line could be compromised (in case you plan to exchange that key over the phone), or the person on the other side might not be the one you are looking for. There has to be an element of trust *somewhere*!
Umm. The beauty is, you don't need all that. Nobody knows me, they know my key; there is no me, just the key. You can create artificial identities but can't fake others [Thank you Phil].
Once you start talking to the key, you don't need to trust anything else.
B-)
I started signing stuff after someone as a joke superseded my article in a local news group. One ML moderator edited my comment, it is not cool either. Archives stay forever [unless someone deletes them :P ], with no idea who all has write access on them. I just like complete control.
- -- 0x7089C8D9 :-)