Re: Cryptographic signatures

Tommy Gober

Unless money is changing hands, why bother with signatures?
Most of the emails sent are just yak and opinions. If I don't like it or care, I delete. If someone's going to the trouble of spoofing an email from you, emailing erroneous opinions to the email list is probably not their target.

If you're making a deal with someone to buy/sell things, then it might be worth considering.
For moderately priced items (dollar amounts I'd be really sad to completely lose), I'll want a phone call or check that your email is the same one I'm sending money to via PayPal (and that you've used that address for some time).

On Sun, Jun 30, 2019 at 10:09 AM Nate Bargmann <n0nb@...> wrote:
I just got a bounce that the other topic was locked.  I'd like to
recommend the use of cryptographic signatures as a means to be
reasonably assured of the sender's legitimacy.

The recent thread is all the more reason to use tools such as
cryptographic signatures where possible, IMO.  Unfortunately, some
amateur radio mailing lists block signed messages and I must send
messages to those lists in the clear (all of the Linux related lists I
subscribe to accept signed messages).  Now, a cryptographic signature
does not prevent someone from spoofing my email address, but if it's a
direct mail from me and it's not signed like this one is, then the
recipient can be assured that it wasn't from me.                                                                   

The spoofing of email addresses is a problem but it doesn't necessarily
mean that an account was cracked.  However, when using a cryptographic
signature, the spoof is easily identified as the spoofer should not have
access to the private key used to sign the email nor should he know the
password to unlock the private key for signing.  An email client program
will check the signed message against the public key which is often
available from a public key server and verify the signature.

72, Nate


"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web:  GPG key: D55A8819  GitHub: N0NB

Join to automatically receive all group messages.