|
|
Posted by Jukka K. Korpela on 09/23/06 11:14
Toby Inkster wrote:
> Usenet is a medium where it's often reasonably easy to forge
> somebody's identify.
So is the Real World (TM). Sending a signed paper with someone else's name
under it is extremely simple.
> A PGP signature can be used to verify your identity.
That _is_ just ridiculous on Usenet. Nobody ever checks the PGP signature,
they are write-only nonsense on Usenet. If you wanted to check someone's PGP
signature, would you _really_ rely on the result? Why? The signature alone
does not prove anyone's identity the least.
Indirectly, using a PGP signature on Usenet tells that the poster is a PGP
enthusiast who does not know Usenet or does not care about how Usenet works.
Therefore, it may act as a useful warning signal indeed, so we should expect
the poster to be FAQ challenged, too, among other things.
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/
Navigation:
[Reply to this message]
|