A long time ago (07-26-98 11:53) from someone far away (William H. Geiger
III):
All that needs to be done to "fix" this is give the user the ability to
clear-sign then encrypt his messages. Preferably as the default action but
at least as a user setting. There is *no* reason to force the sender or
the recipient to jump through hoops for signature retention. That is just
poor software design.
That should also be a lot better from a security point of view; shouldn't
it?
As it is today it would be easy for my employer and/or government to keep
copies of all communication that enters and leaves their network; that
information could be used to create a "map" of my network of friends.
If we were all using PGP they wouldn't be able to read what we write, and
it would be very easy to set up and use some kind of remailer; but even
if we were to do all that they still would be able to create that "map" by
searching all e-mails for our signatures.
I'd say that this is a big security mistake. To most of us this is not
something that we have to care about, but think about what a government
could do. A network of people trying to establish a democracy in their
country might feel safe because they are using PGP, but just because
they are using PGP the government might now about every single one of
them even though that they are using remailers.
I might be really wrong (I've been lurking on this list for awhile to
learn more) but I felt that I should try to say something smart. ;-)
/Tony
--
/\___/\
\_@ @_/
------------------------------oOO-(_)-OOo------------------------------
ID: Ox7F98CDAF, Fp: E6DF BEE1 FEF9 7888 7AD3 1BA1 98B0 4E9F, Type: RSA
-------------------------------ôôô---ôôô-------------------------------
No other keys are valid \O/ \O/ ©Tony Svanstrom 1998
Send an e-mail to me with the subject "Send PGPkey" to get my public key.