At 2:00 PM -0500 1/10/1997, Stan Ryckman wrote:
>Hey, do you guys (and others) think you could find a way to
>*not* attach PGP signatures as attachments? It's really annoying
>as hell to open up an attachment just to find it's a useless PGP
>sig. While PGP sigs on mailing lists are annoying and useless to
>most people anyway, at least they don't require extra effort
>just to see what's in an attachment.
If they're following the PGP-MIME standard, then it's your MIME
compliant MUA that's not smart enough to know about PGP-MIME.
The argument for PGP signing everything you send is so that
people will know when someone tries to spoof you by sending out bogus
email. If you only PGP sign when you think it's "important", then
it's easy for someone to spoof you by claiming that it's "important"
and then PGP signing it (claiming a new and undistributed key, of
course).
I haven't seen a problem with these attachments yet, because
Eudora has clearly marked them as being PGP. Were I so inclined, I
could easily go check the signature on the message, but I haven't
chosen to do that yet. However, Eudora does make it easy for me to
make that decision.
--
Brad Knowles, MIME/PGP: brad@his.com
comp.mail.sendmail FAQ Maintainer <http://www.his.com/~brad/>
finger brad@his.com for my PGP Public Keys and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>
References:
|
|
