Thus spake David T-G ([EMAIL PROTECTED]):
> concerned about my messages being accidentally munged in transmission
> (found on this list only a month or two ago and bought to my attention
> by a guy -- whose name I have now forgotten but whose attention is
> still appreciated -- who wondered why my messages kept saying "bad
> signature" and eventually tracked down to an added space and newline,
> IIRC).
That'd be me :-D
> At the moment I'm in transition, so you'll not find a public key for
> [EMAIL PROTECTED] out there; sorry about that, but you can find
> it if you look for [EMAIL PROTECTED] and messages sent there will
> get to me. You can, however, find my key on the public key servers as
> well as at my web site; just ask.
If my GnuPG setup doesn't find the key on the automatic retrieve (either
because it hasn't mirrored across or isn't on the keyservers at all),
then I will often email the person requesting it from them. I've found
100% cooperation in about two dozen occurances of this. Sometimes,
also, a URL will be named in their signature and/or their headers.
> % how do I verify that it _is_ your public key? If I can't, what
> possible % use could it be?
>
> It's a start. I haven't been to any signing parties, I admit, but
> there are those who have bothered to contact me directly and exchange
> keys.
Ailbhe, you should read up on the web of trust. While it is the weak
point in public key crypto, it answers your question.
Please keep in mind that I don't mean these comments to be inflammatory,
and I don't think David does either. I just foresee that everyone will
at some point be using crypto, and that leaving a digital signature off
of a message will be seen with the same disdain as failing to add a
subject header.
--
| Justin R. Miller / [EMAIL PROTECTED] / 0xC9C40C31
| Of all the things I've lost, I miss my pants the most.
----------------------------------------------------------
PGP signature
