Re: Cryptographic signatures

 

* On 2019 09 Jul 12:36 -0500, Tommy Gober wrote:
Unless money is changing hands, why bother with signatures?
Most of the emails sent are just yak and opinions. If I don't like it or
care, I delete. If someone's going to the trouble of spoofing an email from
you, emailing erroneous opinions to the email list is probably not their
target.
Hi Tommy.

Those of us who remember MS-DOS and other early systems can recall not
needing a username or password to simply use our computer. It was a bit
perturbing to have to do that when I first started learning Linux almost
23 years ago. Eventually Microsoft made user accounts a part of their
systems and now it is second nature. Likewise, the use of SSL on the
WWW via the HTTPS protocol started out as a means to protect financial
transactions and now browsers may complain if a site doesn't use SSL.
The world is gravitating toward a greater use of cryptography even for
trivial things.

Here I'm not even advocating for the use of encryption, just signatures.
I agree that most of our communication is of little interest outside of
the QRP segment of the amateur radio hobby, but those who wish to play
on and against our good will couldn't care less.

If you're making a deal with someone to buy/sell things, then it might be
worth considering.
For moderately priced items (dollar amounts I'd be really sad to completely
lose), I'll want a phone call or check that your email is the same one I'm
sending money to via PayPal (and that you've used that address for some
time).
I understand your point. I want to be sure that others know and can be
reasonably certain via a signature check that it's really me offering
some item for sale or offering to purchase some item. Beyond that, I
want the same for all my electronic communications, trivial or not,
because it is no fun when people believe something was sent when it was
really due to a spoof. After that happened to me once, I chose to nip
in the bud rather than hope it wouldn't happen again on a larger scale.
I am active on quite a number of mailing lists and would like to avoid
any loss of good will that may exist. My mail program made it
reasonably easy to set up automatically signing my mail, so I do so.

I am disappointed that the powers that be of groups.io have chosen to
break this very basic way a lot of us that use email extensively to
protect ourselves from spoofing. As I may have noted earlier, there are
at least two lists I subscribe to that reject signed mail. This is
unfortunate and so I mostly just read them and do not participate as
much. Regardless, so long as the various lists on groups.io don't
reject my signed mail outright, I will continue to send signed mail.

72/73, Nate

--

"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."

Web: https://www.n0nb.us
Projects: https://github.com/N0NB
GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819

Join main@4SQRP.groups.io to automatically receive all group messages.