On (18 Aug 96) Jonathan Guy wrote to Bill Cheek...
 BC> Far fetched here, maybe.  Especially since I know you.
 BC> Forgery is a way of life on the Internet.  Digital sigs
 BC> are looming as a way of life.  THAT is why the topic is
 BC> open for discussion here.  The answers aren't all that
 BC> black and white, as I see them.
 JG>    I hope this is still open for a question...what keeps me from
 JG> copying the PGP at the end of the message and using it to "act like"
 JG> someone else?  I really don't understand these things yet...
The "signature" at the end of the message has checksum info about
the contents of the message and who sent it. You could attach it to
the bottom of a message, but if anyone used the guys public key to
look at the signature, it would be obvious that he didn't write the
message.
If everyone used a signature at the end of their message, you would
need a copy of everyones public key in order to determine if they
wrote a message. I see no reason for them other than for someone who
is real paranoid that someone would "forge" a message from them. In
most cases, as Bill has pointed out, other info would expose the
forgery without having to use a public key, or signature.
take care,
Martin
... hanging  n.  early form of bungee jumping; see Wild West.
--- PPoint 2.00
---------------