Sven Guckes guckes-digital-signature@math.fu-berlin.de ©1995-2001

Last update: Sun Jun 10 20:30:40 MEST 2001

(A Statement on the Use of) Digital Signatures

Why Sven does not sign his Usenet posts

The reason is quite simple - it is usually not necessary. But there are more reasons:

Confused Recipients
Recipients who do not know about the concept of digital signatures do not know what to do with it. I just get questions about it and I do not feel like explaining it to them.

Overhead and Traffic
Whenever a digital signature is not necessary it simply creates an overhead (which I try to avoid). This overhead also needs to be transported and adds to the traffic, lowering the signal/noise ratio.

Paranoid?
I may be paranoid - but I do not feel paranoid enough to use a digital signature on every little message. ;-)

Missing Support
Many programs that view messages do not have support for digital signatures. Therefore the signatures usually are just annoying on the screen. It just confuses the newbies. (see above)

Time
Checking digital signatures takes time. Too much so to be really useful to me. And I'd like to avoid this for others - especially when it's not important to verify that the message is really from me.

MailList Archives
I also avoid digital signatures on mailing lists as it will simply confuse readers - especially when they are browsing a maillist archive.

Signatures vs signatures
PGP strips trailing whitespace, eg the necessary space with sigdashes which signal the beginning of a "signature", thus breaking that kind of signal. Bad!
Russ Allbery rra@stanford.edu:
"PGP removes all whitespace from the ends of lines for the purposes of generating or checking attached signatures on a file. The whitespace is restored in the generated signed document, but you have to munge the whitespace back out again to check it. This means that your signature line still has its space preserved at the end of the line, but if you generate a detached signature for your post, and then later form a combined PGP message from that detached signature and your post, it won't verify. Evil."

However, I do sign *some* messages when I think that it is really really necessary. It happens quite rarely, though. ;-)

Summary: Digital signatures are nice - when you really have a need for it. 

URL:         http://www.math.fu-berlin.de/~guckes/pgp/
Created:     Thu Jun 25 20:00:00 CEST 1998
Last update: Mon Jan 18 18:36:55 CET 1999
Send feedback on this page to
Sven Guckes guckes-digital-signature@math.fu-berlin.de