Viruses - yes, a clever one could steal private-key passphrases, But if you're virus-protected and firewalled, it would find it hard to tell anyone about it. In any case, this is not a fatal objection because (if it was that easy) it would already be being done on a huge scale with credit-card details. And, sure, it does happen, but it's not common - and with far greater incentive than stealing keys would have.
Mailing lists - not a problem, because the posters sign their emails, not the list. The list isn't the originator of the post and so doesn't sign it.
However, public and private keys will suddenly become tokens of value to spammers. Suddenly people will start creating worms, and scripted attacks to pull peoples keys.
In addition to the point already made about private and public keys (i.e. you sign emails using your private key to prove to the world that you wrote it), this misses another point about signing schemes such as PGP/GPG. The private key cannot simply be stolen - to use it, you also need a matching passphrase that you create at the same time as the key. And this passphrase is not stored on the HD (unless you're very silly), certainly not in any standard place.
As has been said, there is no way to force everyone to start signing messages. However, if we could add a rule to a spam filter that messages signed from trusted email addresses are always accepted, that greatly reduces the false-positive problem.
Slashdot Mirror
Viruses - yes, a clever one could steal private-key passphrases, But if you're virus-protected and firewalled, it would find it hard to tell anyone about it. In any case, this is not a fatal objection because (if it was that easy) it would already be being done on a huge scale with credit-card details. And, sure, it does happen, but it's not common - and with far greater incentive than stealing keys would have.
Mailing lists - not a problem, because the posters sign their emails, not the list. The list isn't the originator of the post and so doesn't sign it.
John
In addition to the point already made about private and public keys (i.e. you sign emails using your private key to prove to the world that you wrote it), this misses another point about signing schemes such as PGP/GPG. The private key cannot simply be stolen - to use it, you also need a matching passphrase that you create at the same time as the key. And this passphrase is not stored on the HD (unless you're very silly), certainly not in any standard place.
As has been said, there is no way to force everyone to start signing messages. However, if we could add a rule to a spam filter that messages signed from trusted email addresses are always accepted, that greatly reduces the false-positive problem.
John