[olug] Signing email to lists [was: Unix Tip: BC AND NOT BEFORE AD]

Brian Wiese bwiese at cotse.com
Wed Mar 19 06:20:21 UTC 2003 

On Sun, 16 Mar 2003 23:20:56 -0500 (EST)
bwiese <bwiese at cotse.net> wrote:

|<snip>
|> Since your email was not directly received form the sender; passing
|> through the mail list server, your client will tell you that the
|> signature is bad & can not be verified. So, sending a email to the list
|> with a digital signature is worthless, wasting bandwidth & server time.
|
|I get most of my emails from mailing lists, and Sylpheed often reports
|(IIRC) that many of the signatures are good.  I could double check on
|this, but my opinion was that it only failed to verify signatures if the
|sender did not have their key submited to the PGP Key servers.

I checked ont this, and the Sylpheed mail client still confirms if PGP/GPG
attached signatures to an email are good or not.  I don't know how (with
the additional mailing list footer), but it does (or at least says it
does, perhaps this is because Bugtraq does not add a footer).  The email
is still FROM: the actual sender, it is sent TO: the mailing list, so the
sig check works out. 

-----------------------------------------------------
e.g. MIME attachment as follows, 2 views of the data...

Signature made Mon Mar 10 16:46:22 2003
Good signature from "SCO Security <sco-security at caldera.com>"
                aka "Caldera Systems Legacy Security
<sco-security at caldera.com>"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj5tFb4ACgkQaqoBO7ipriGfGQCePMIb9MQWXpiQ8FebjKeKWgHE
lC4An2miaxVfUMQIhbqxnET3joqP4Seo
=Y76R
-----END PGP SIGNATURE----
-----------------------------------------------------


peace

  Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0xF3220030 | "FREEDOM!" - Braveheart 
------------------------------------------------------  
This is not about Napster or DVDs. It's about your Freedom.
  I'll see your DMCA and raise you a First Amendment.
              http://www.anti-dmca.org

More information about the OLUG mailing list