[Dshield] E-mail verification request from pgp.com?

Laurent Saplairoles lsaplai at megassistance.com
Mon Oct 3 17:24:46 GMT 2005



On 3 Oct 2005 at 17:18, Bo Nordgren wrote:

> > Signing the Mail is a GoodThing(TM). PGP could have signed their own
> > Mail with their PGP key. That would have been the least to do.
> 
> That would require someone to think about what they were doing and so
> far these emails shows no evidence of inteligent life at PGP corp. :)
> 
> Probably noone thought about it since that would make the emails
> larger and when you are probably sending several thousands of them it
> becomes an issue.
> 

So, does it mean that PGP is out as far as trusted computing goes and I need to find 
a new way to digitally sign my e-mails ans encrypt files? What happens when a 
company supposed to provide us with a security tool starts to behave like the bad 
guy? I do not remember authorising PGP corp to send me this kind of verification e-
mail therefore it is basically spam. There is a huge ethic issue here.

Meanwhile, how important is it to have my signature available on the public servers?

-- 
Laurent Saplairoles
IT Manager
www.megassistance.com



More information about the list mailing list