[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] noname
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Mallett wrote:
> On many people's posts, they seem to be attaching a small file called
> "noname". It reads as follows:
>
> I'm not sure why this is, though I'm guessing your email browser does
> it for some reason. I'm using gmail, and it appears as an attachment.
> Why?
Hi,
I'm probably one of the people whose messages show up like this.
This is a PGP signature. Its use is to ensure through cryptography
that I'm the person who sent this email with this text on the date
claimed. Since all email is sent in plaintext with pretty much no
security whatsoever, any email can be snooped or forged. The signature
is a method (you might say "kludge") by which the authenticity of an
email can be verified, much like a handwritten signature is on an
ordinary letter.
A PGP signature is not much use without 1) my public key, which is on
my site, verified in some way, and 2) software to verify the
signature. A good email client will provide this software integrated
into the program in some way -- Thunderbird has a plugin called
Enigmail, Sylpheed has a plugin called PGPMIME, mutt has some options
like this, etc. On email clients that don't support cryptography,
which is unfortunately the majority[1], you end up seeing blocks of
text like the one you included in your email. You could,
theoretically, download the message and run a PGP program on the text
and the signature, but this is too much work for most people.
[1] Note that GMail is not unique among webmail providers that do not
support cryptography. In order for a webmail provider to properly
support PGP signatures, it would have to authenticate to the user, for
example using HTTP certificates. Otherwise the HTTP transmission could
theoretically be intercepted and a fake "Signature verified" message
added. Of course, for maximum security you'd also need to see the
source code running on the webmail server.
Explaining how it works is probably outside of the scope of this
mailing list :) but you can see Wikipedia's article on public-key
cryptography to get an idea:
http://en.wikipedia.org/wiki/Public-key_cryptography
Ethan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG/AnIhRlgoLPrRPwRAtx6AJ9YDMDsEkIJOmJcTymCIsF7gECxpQCgnTZi
gcAzidIPE/j08RxsG1nhWUo=
=+SI5
-----END PGP SIGNATURE-----