Ailbhe, et al --
...and then Ailbhe Leamy said...
% On (14/09/01 09:41), David T-G wrote:
%
% > ...and then Ailbhe Leamy said... %
%
% > % Query: why do people pgp-sign mail to mailing lists?
% >
% > Why not? You put your home page in your signature, for instance; you
% > have a mailing address that you list that is suitable for replies.
%
% Having a valid From: address is hardly the same as adding a
% pgp-signature to things.
%
% Having a sigfile doesn't seem like the same thing to me, either.
I accept both of those points. I also reserve the right to draw the
"same thing" line anywhere I please.
%
% > It is my not-so-humble opinion that everyone everywhere should be
% > signing and encrypting all of the time, except as required (don't sign
% > if you want to be anonymous or don't encrypt if the message is for
% > mass distribution -- you get the idea).
%
% Yes, but _why_?
Why use PGP/GPG? Because it should be mainstream and available to all,
it should be easy to use and familiar to all, and private communication
should be both avaiable and commonplace rather than challenging and
noteworthy.
%
% In what way is it useful to pgp-sign or encrypt a mail that is for
I can't think of a time I'd encrypt a mail to a mailing list, since I
don't know of any encryption-aware mailing list servers (though such
things have been discussed even here). It's useful to sign a message so
that others can confirm that the message came from me as they see it --
whether because I am concerned about forgery, concerned about a patch or
piece of code being maliciously modified, or concerned about my messages
being accidentally munged in transmission (found on this list only a
month or two ago and bought to my attention by a guy -- whose name I have
now forgotten but whose attention is still appreciated -- who wondered
why my messages kept saying "bad signature" and eventually tracked down
to an added space and newline, IIRC).
% distribution to a mailing list? You are aware of the fact that there are
% archives?
Yes. I must admit that I don't see your point here, though.
%
% > Everything I can do to encourage such behavior and raise everyone's
% > awareness is thus a good thing. Since I don't often have to post
% > anonymously (though I generally don't have a problem with those who
% > do), I can sign everything.
%
% OK. That's really useful. I see this. Er. Where's your public key? And
At the moment I'm in transition, so you'll not find a public key for
[EMAIL PROTECTED] out there; sorry about that, but you can find
it if you look for [EMAIL PROTECTED] and messages sent there will get
to me. You can, however, find my key on the public key servers as well
as at my web site; just ask.
% how do I verify that it _is_ your public key? If I can't, what possible
% use could it be?
It's a start. I haven't been to any signing parties, I admit, but there
are those who have bothered to contact me directly and exchange keys.
%
% > Here, of all places, it should be no biggie; mutt can handle GPG/PGP
% > with ease, and procmail/formail could strip out the signature
% > entirely, and this is the group that would know how to do it.
%
% I repeat: archives?
% http://groups.yahoo.com/group/mutt-users/message/21394
Looks fine to me. I still don't see your point. You can't be arguing
that I shouldn't sign my messages because the archive server can't read
'em, and I can't imagine that you'd argue that signing is useless because
the archive doesn't retain it (but if you are my answer is "So what? I
have no particular interest in the archives and can't help that the
signature is stripped.").
%
% Ailbhe
%
% --
% Homepage: http://ailbhe.ossifrage.net/
Thanks for the discussion. I'm happy to continue, since I feel that I
have a position that can be logically defended, but I don't have to and
certainly don't have to on the list to the borement of most or all. I
welcome your reply.
:-D
--
David T-G * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
PGP signature
