Concerning _RULEMAKING: PGP SIGS_, Jonathan Guy said to Bill Cheek in 
SCANRADIO:
 JG> I hope this is still open for a question...what keeps me from copying
 JG> the PGP at the end of the message and using it to "act like" someone
 JG> else?  I really don't understand these things yet...
This is information I've gleaned from an old PGP users guide.  I make
no particular claims to accuracy.
Pretty Good Privacy (PGP) uses two keys (a 'private' key and a
'public' key) to assure file validity.
Private keys are, of course, kept private.  Public keys can be
distributed to few or many, at the discretion of the individual.
Ideally, public keys should be obtained directly from the individual,
or through secure channels.  I question the practice of using "drop"
techniques, but that's not important here.
PGP has the ability to encrypt a message with the private key so that
only the public key can decrypt it.  The message would then be
readable only to those who have the public key.  But if the message
decoded using the public key, the reader could be certain that the
message originated from the holder of the private key.
PGP also has the ability to scan a message and leave it in plain text,
but creates a PGP signature "checksum" for that message.  The message
would be readable to all, but the signature could be checked with the
public key.  If it passes the test, again the reader could be certain
that the message originated from the holder of the private key.
If someone fakes a PGP sig, it will not pass muster.  If someone
alters a message in transit, it will not pass muster.  If someone
takes the PGP sig of a message and applies it to a different message
from the same author, it will not pass muster.
Of course, none of this is readily apparent to any of us who aren't
using PGP and/or haven't obtained a public key for that individual.
... 2000 years ago, Egyptians worshipped cats.  The cats never forgot it.
--- JetMail 0.99beta22
---------------