2011/1/25 Nitesh Mistry mailbox@mistrynitesh.net:
Wrong. In all my emails, I mention my PGP key id below my name. So anyone can download it from a public keyserver and verify it. Anyone who knows
You see, I typed all that after checking whether the key is available on keyserver1.pgp.com. It is not (that is the keyserver I have setup my gpg to look for keys automatically).
Even if I had found your key on a server, what does it tell me? Nothing. Your key is not trusted by anyone at all; so what is the use? The concept of Web of Trust is not utilized in your key at all.
Do not discard public key authentication/encryption as useless. They might be the last available avenues to protect privacy. IMHO, signing messages is a healthy practice.
How exactly does simply *signing* messages with your private key protect "privacy"? If you were *encrypting* messages with the recipient's public key, I would have understood (though I'd imagine it is of little value, considering this list is publicly archived), but just signing?
Do not overuse public key authentication/encryption. It is of value if both encryption and signing is used in conjunction. For that, both sender and recipient needs to have both public and private keys. Either process alone has value only in very few use cases - posting to a mailing list I don't think is one of them (unless you are someone who is frequently impersonated - even then, without the WoT signing is of little value).
Binand