Differences between current version and predecessor to the previous major change of WhySignEmail.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 11 | Last edited on Sunday, August 29, 2004 7:02:12 am | by AristotlePagaltzis | |
| Older page: | version 3 | Last edited on Wednesday, September 18, 2002 11:05:46 am | by CraigBox | Revert |
@@ -1,17 +1,34 @@
-Well, why Sign Email, Encrypt Email and worry about the entire [PKI] thing in the first place.
+!!! Why Worry About The Entire PublicKeyInfrastructure Thing?
-!Verifying Remote Users
-On [
Undernet] we have ScriptKiddies
try and disrupt anything and everything they can. They have in the past forged emails from core developers with patches to be applied. If you contribute to FreeSoftware or the OpenSourceMovement
then you are likely to have to interact with developers at potentially very remote locations, are you going to phone them up after every email to make sure they sent it?
+! Verifying Remote Users
+
+On the
Undernet [IRC
] network
we have ScriptKiddie~s
try and disrupt anything and everything they can. They have in the past forged emails from core developers with patches to be applied. If you contribute to FreeSoftware or the OpenSource movement
then you are likely to have to interact with developers at potentially very remote locations, are you going to phone them up after every email to make sure they sent it? Using [GPG] and having a PublicKey in the WebOfTrust is now a prerequsite to becoming a [Debian] developer.
+
+! Automated Verification
+
+Voting in [Debian] elections is performed automatically and securely using [GPG] signed [Email] votes.
+
+! Future Proofing
-!Future Proofing
It takes time to build up a [PKI]. By getting your key signed today, and signing other peoples keys then when you need to send email to someone else in the world you will hopefully already have a trust path to them.
-!Raise Awareness
+! Raise Awareness
+
Setting up a loose [PKI] is very simple especially if your email client supports it natively. By signing outgoing messages you're raising awareness about signed and encrypted email.
-!Setting a pattern
+! Setting a pattern
+
If you have never signed an email in your life and someone forges an email from you containing important information (eg: "I am going to officially resign from my place of work"), then you can't argue that "if it was important then I would have sent it encrypted/signed! It obviously wasn't from me!"
-!!Why not
sign email
+! Spam
+
+Any email that is encrypted (that you can decrypt of course...) is unlikely to be spam -- spending time encrypting the same message for millions of recipients costs the sender far too much in CPU time. Any encrypted email is obviously important and personal.
+
+You can also use the web of trust as a way of figuring out who spammers are. If the email you recieved is signed by someone in your web of trust then they are unlikely to be a spammer. If it turns out that they are you can set their level of trust to "none" and perhaps lower the amount of trust of everyone who signed their key. A spammer will have a hard time finding people to
sign their new key every time they want to send another email.
+
+! Viruses
+
+Email [Virus]es typically send themselves to random recipients with a fake <tt>From:</tt> header, so yours will invariably be used even if you run a better OperatingSystem. If you have a history of signing your email, it is easier to convince other people that you didn't send them a particular email. (The Sobig family of viruses have been very successful at propagating using
email).
-Cos you don't really care. ;)
+----
+Part of CategorySecurity
