From: dmandl@lehman.com (David Mandl)
Date: Thu, 8 Jul 93 12:15:14 PDT
To: mdavis@pro-sol.cts.com
Subject: Re: I need a way to...
Message-ID: <9307081914.AA22838@disvnm2.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: mdavis@pro-sol.cts.com (Morgan Davis)
> 
> This is my first post here, so go easy if I'm way off base.  Why would
> you want to include a PGP signature (in addition to your net .signature)
> for a message that is NOT encoded?  I've included the pageful of useless
> text from your message as an example of how wasteful this seems to me.
> I'm all for personal privacy and message security, but this smacks of
> either paranoia, showing off, or laziness.  Genuinely curious.
> 
>  /\/\  Morgan Davis Group (619/670-0563)
> / /__\  Internet: mdavis@pro-sol.cts.com
> 

Simply to confirm that the file is from who it's supposed to be from.
If I send a file to you with my signature on it (assuming no major security
breaches), you can be absolutely certain that the file came from me.  This
is of tremendous importance if we're dealing with electronic contracts or
the like, but there are plenty of other situations where you need to be sure.
The file itself may or may not be confidential, so it may or may not need to
be encrypted.  The signature is valid either way.

Yep, it's true that most routine e-mail and Usenet postings don't NEED to be
signed, but it's good practice and good propaganda: it helps to promote the
widespread use of crypto, helps spread the word, and gets people in the habit
of doing it.  Believe me, it's not laziness, since as of today it's not too
convenient to send and receive encrypted email without going through gyrations.
Several cypherpunks have come up with good workarounds for this on various
platforms, but we still have a ways to go.

   --Dave.