Hacker News new | past | comments | ask | show | jobs | submit login

This is being a bit paranoid, but do your colleagues pgp sign their messages? How do you know it is really coming from them?

Fair point. I mean, I do sign with PGP when I have someone's key but this often runs into trouble with spam filters or people going "I lost my key" or "I want to read it in the train and I don't have my privkey on my mobile device". So it's a valid point.

You don't need to encrypt it, just sign it - no privkey required to read a signed message, and you don't need someone else's pubkey to do so.

Of course it won't help if your coworkers don't also sign things they send to you.

and how do you know your colleague is not a spy, or a double agent, or an advanced AI seeking to take down the human race ... /paranoia

Or just has an email client that got infected with a virus. Remember Office macro viruses? How we laughed at how stupid it was that a simple word processor apparently needed vulnerable turing-complete macros?

Now we actually compile source files into documents and get surprised that someone might trick you into running malware.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact