PGP signatures
Steve Lamb
PMMAIL Discussion List <PMMAIL-L@VM.EGE.EDU.TR>
Thu, 22 Apr 1999 14:47:49 -0700
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 22 Apr 1999 17:17:22 -0400, Ralph Cohen wrote:
>> They, however, serve a purpose, unlike HTML mail.
>Well, the PGP signature certainly takes up a lot more bandwidth than
>the unformatted HTML email you and others were complaining about
>earlier.
Actually, it doesn't. In a message to Christian Secara just 6 days
ago...
Yours:
{morpheus@teleute:/home/morpheus}wc bahb
32 151 1087 bahb
Mine:
{morpheus@teleute:/home/morpheus}wc bahb
18 51 638 bahb
...I made a comparison of his HTML message and my signature and PGP
signing because he called both more wasteful than HTML. His waste came out
to 1087, mine 638, and that includes my signature, so PGP is less than that.
If you write a message that is ~350 bytes long and use HTML on it, that is
more wasteful than PGP signing. 350 bytes, for those counting, is ~5 lines.
>Well let's see. They could send you an email requesting verification
>which you could respond to using your PGP key. That might work!
No, because the original isn't signed. If they make changes to the
original they can still use my signed reply as verification of it.
>Are you really so paranoid about someone faking letters from you on this
>mailing list that you feel then need to include your PGP signature in
>all your responses?
Nope, not paranoid at all.
>Do you send all of your snail mail certified and registered as well,
No, but I do sign all such corrispondance that I do send out.
>or is it just something you do with your email because a) you can;
Partially.
>and/or b) you don't give a damn if other people are are forced to waste >bandwidth on a meaningless appendage to your email simply because you choose >not be be at all selective about how you apply it;
Why should I be concerned? Waste bandwidth. I don't think the ~210
bytes that represents the PGP signature is bandwidth to be concerned over.
>or c) yes, you really are concerned that "they" are watching you at all times >just waiting for you to trip-up and send and email to this mailing list >without your PGP signature so that "their" plans for world conquest can >finally be realized. <g>
Nope, gee, I've only made my reasons public on this list several times.
>thisisameaninglessblockoftextappendedtotheendofthismessagebecausepmmailm
>akesitsoeasytoaddpreformattdblocksoftexttoanymessageaspartofthesignature
>andsinceitisnothtmlformattediknowthatnoonewillcomplainaboutitbeinginclud
>edinthismessageorinfuturemessagesdespitetheobviouswasteofbandwidthitrepr
>esentsbecausetheonlybandwidththatistruelywastedisinthemessagesyoudownloa
>dnandnottheonesyouupload.
The difference is, here you're being an asshole as this block of text
serves no purpose. The PGP signature does serve a purpose.
As for why I do it, an analogy is in order.
In our society we have letters and postcards. Oddly enough, the majority
of us sign them both. Out mark made by our hand is quite difficult to
duplicate. Like it or not, it is a reassurance that the individual on the
other end is who they say they are. Ironically, though, this is not often
the case in the business world. But I digress, the point is, they are
signed.
My PGP is such a signature. It is unique to me and me alone. Only I can
envoke it, no one else can. I sign all paper correspondance, I sign all
electronic corrispondence.
Furthermore, people are in the habit of putting a majority of their
corrispodence inside an envelope. This is done for some privacy. A majority
of the letters that are sent really don't need an envelope. In fact, chances
are, they would never be read. So they don't need envelopes, they all should
use post cards, right?
But reverse it. If everyone sent a postcard and someone sent an envelope
people would wonder what is in it, what is so important that it needs to be
hidden?
In the electronic world the privacy envelope is the encryption. Right
now everyone is sending mail with postcards. Only "important" stuff is sent
via envelopes. I am of the opinion that everything should be sent via
envelopes and be signed, just as in the paper world. This is because privacy
is our right and unless exercised to its fullest it draws attention at the
times you don't want it to.
To that end, I sign everything in the electronic world as I do in the
paper world. I intend, when technology catches up to my desires, to encrypt
everything I can to people whose keys I have.
I post something on a bulletin board for people to read, I sign it,
important or not. Same as a mailing list.
I write a private message to my mom thanking her for an address she sent
me, I'm going to sign it and put it into an envelope. Be it a written
signature and a paper signature or a digital signature and a cryptographic
envelope.
I do it not because I feel each message is important, but because they
aren't.
If you don't like that, tough, filter me, I really don't care. I'm on
many people's filters on this list, one more won't kill me. And quite
frankly, nothing you say will change the matter.
Oddly enough, of the 30+ lists I'm on on this address (which, BTW, is the
only one I sign with right now) this is the only list I've ever received
complaints. Another list over half the people sign messages to it. That
list is a much more technical list than this one. You'd think they would
complain more than people on this list since, from time to time, those people
have been known to debate wasted bandwidth on the bit level.
- --
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
- -------------------------------+---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc
iQCVAwUBNx+ZBaC6xbtZwvdnAQEVNQP8DrbdVP0AsOb05YJVllAnDhKHLjMQo7dt
1lFTCSHX/4LNz1NL/ofVLk6iiksdBCswlR4A/8kAd/iAChHwieL5lKfqElhUr1go
0g+Jen1n6J5+/yEmXw/lKpLgGv0rkJRt/6EkGO+5qGH2HqdewfuG2NCLxjfa9/+0
JC1DB9gc6kA=
=qGWs
-----END PGP SIGNATURE-----