Since games are played clearly in email in the club, when we are
talking about serious things (such as emailchess), the problem of
security sometimes crops up.
Nowadays it's not impossible that somebody writes an email message in
the name of somebody else, or catches an email during its path and
changes its content. When there is a lot at stake, this danger can not
Digital signatures solve this problem. Using them ensures that an
incoming message could only be originated by its sender and its content
could not be altered during the transfer.
The most widely used is the PGP (Pretty Good Privacy) based public key
digital signature system. This is supported in the club by the chess server also.
All the registered players can turn on and off that the server should
digitally sign all messages it sends to them. The players get the
server's public key (listed bellow) and with it they can verify if the
message they received was really created by the server and its content
is not altered.
Players can also turn on that the server should accept only digitally
signed messages from them. This way they can be sure that nobody can
send commands in their name and nobody can alter the message content
they composed. If the signature is missing or invalid the server
refuses to execute the message and sends back an error report. This
also works with players who play from more email addresses.
Using digital signatures requires specific software to be installed on
the players' machine that supports PGP based digital signing and
verification. Freeware versions also exist out there, for example here:
But of course, no one should worry about privacy here, since sending an
email message in somebody else's name or forging one requires high
knowledge level. Those people are threatened in it who deal with really
In my opinion emailchess doesn't really belong to these very serious
things. By all means the possibility is given to use digital signatures.
Here is the public key block that belongs to the firstname.lastname@example.org email
address, or it can be downloaded from here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 7
-----END PGP PUBLIC KEY BLOCK-----