GPG testing...

[Travis Roy]

This was EXACTLY my point as to why GPG/PGP for signing email is
currently flawed the way it works now.

>   Case in point: This discussion originated as a discussion 
> about using digital signatures to counter spam.  Since 
> digital signatures, on today's Internet, are relatively 
> uncommon, they do not provide non-repudiation.  
> Thus, digital signatures cannot be used to prove one did not 
> send a given spam.
> 
>   Now, I am sure someone will say, "If you sign all your 
> messages, then the unsigned spam will be suspect, because it 
> lacks your digital signature."
> 
>   That again misses the most fundamental aspect of security: 
> Security is entirely about trust.  Someone sending 
> illegitimate mail is, almost by definition, not to be 
> trusted.  Thus, if you are suspected of sending an 
> illegitimate message, the fact that you nominally sign all 
> your messages does not impart trust.  Indeed, one who 
> regularly traffics in illegitimate messages would be rather 
> more likely to sign all their legitimate mail.  
> Meanwhile, if you can, by other means, prove you are 
> trustworthy, the digital signature becomes superfluous.  We 
> already know you are trustworthy;  
> thus, we don't need a digital signature to know you did not 
> send the illegitimate message.