On Mon, 15 Jul 2002, Brad Knowles wrote:
So, does EVERY email need to be pgp signed?
Do you need to use ssh every time you access a server remotely?
Every time the device runs ssh and I have to type a password, yes.
Surely you know when your line is being tapped or when your packets are being sniffed, and you choose only those times to use ssh, and otherwise you use telnet?
There's some degree of truth to this. For instance, most of my routers do not run ssh. However, I control the network between here and there, so I am comfortable that nobody is capable of sniffing the session, so I am comfortable using telnet and not going through an OOB connection.
Same goes for actually using passwords to login -- surely you know when it's a legitimate user that is trying to login and when it's someone trying to gain illicit access to your system, and you require them to use passwords accordingly?
Of course not. In the previous two situations, a human is making decisions, "judgement calls". This situation, you're asking a computer to do so. Bad analogy.
When was the last time somebody on this list bothered to check the validity of a pgp signed message which they received via nanog?
When was the last time anyone on this list bothered to check the validity of any message they received via any channel? I mean, if you're going to use probability to support your argument, you might as well widen the discussion to a much broader sample group.
So why is it that people are bothering to sign their posts to nanog if nobody cares if the people are who they say they are?
I mean, if John Sidgmore posted to that from now on, Worldcom's official pricing is $100/meg with a 3 meg commit, I wouldn't believe it for a second unless it was signed and I verified it.
Not everything is black and white. At what level would you choose to validate a message like this?
"Not everything is black and white." Does that mean you agree with me that not everything needs to be signed? Or does that mean you agree with me in that a judgement call must be made? Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access