Archived from groups: alt.games.microsoft.flight-sim (
More info?)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi Quilljar,
On Mon, 25 Apr 2005 08:16:46 +0000 (UTC), you wrote:
> I have often wondered, what is all that code which appears at the
> bottom of your messages?
I'll try to give you the short version...
It's an encrypted "digest" of the particular message; a "digital
signature". Anyone with an "OpenPGP" application ("PGP" or "GnuPG")
can verify the signatures (both programs are available as freeware).
These programs are also used for strong encryption of text and other
types of files (I use them for encrypting personal email; anything
more "personal" than what I would write on a postcard).
Verifying such a signature does one thing absolutely, and *can* do
another as well...
1) Verifying a digital signature will tell the verifier if
*anything* has been altered in a message between the moment it
was signed and the moment it was verified. It won't tell the
verifier exactly what has been altered (if that's the case), but
generally, a "Bad" verification could be an indication that the
content of the message cannot be trusted to be the exact message
that was originally signed.
2) Verifying a digital signature *can* also tell the verifier that
a certain person (or "persona") has actually written the signed
message. This is a bit more involved, and has to do with what is
called the "web of trust".
If you wish to dig more deeply into this stuff, I'll be happy to
continue this via email.
> I don't see it from anyone else. I am sure (being you) it must have
> a good purpose. Do tell us...
I won't bore you with all the sordid details, but a few years ago, I
was the victim of some very malicious identity spoofing, which was
perpetrated by a lurker in a news group. The spoofing wasn't
restricted to just news groups (many of them; most that I didn't
read), but was also spread far and wide via email. It finally got so
bad that I was actually threatened (physically) in my "real life" by
a couple of people who received those spoofed messages (and yes, they
found out where I lived). After I finally got all that sorted out,
my choice was to either go completely anonymous, or to positively
claim the words I spew over the Internet. I chose the latter. In
order for this system to have any meaning, I have to be consistent in
my signing; so I even sign all the meaningless drivel I post to news
groups and mail lists. Basically, if it's not signed by my key, and
if the verification is not "Good", it cannot be trusted to have been
written by me.
There are other reasons I sign as well, and these have to do with
copyrighted material that I sometimes send over the Internet. Again,
my consistency in signing everything I write and send over the
Internet is necessary in this realm as well.
Some people will complain about the "extra bandwidth" used up by such
signatures applied to Usenet posts, and while I can try to appreciate
their concerns, it's not too difficult to look around Usenet and find
many far more egregious examples of "wasted bandwidth"...signed or
not.
Finally, a digital signature, if used properly, is far more secure
than a handwritten signature, as it's quite impossible to actually
forge. The explanation above is really just the tip of the iceberg,
but I hope it's enough for now. As I said, if you want to know more,
feel free to continue this via email.
- --
Melissa
PGP Public Keys: http://www.freewebs.com/kuviahunnihautik/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBQmy1HDEYqNTZBqoEAQNrBAP/YPE7HbDR4o11Rph2RHQSWda22R6TVeZQ
ESuC3adi6JJ/r9iQvBzwAOStt2KWVB5GjWQIJNNB9Vvsjo+sJATd73J+t0TACBAb
WNIyLufm4aRYnpbam9BkZE8QP87joawrpOao4tkYsqSwDu9Oh2qliIz/b8x4SCvX
Xh94uC889lY=
=LJ0R
-----END PGP SIGNATURE-----