Re: mailing list pgp signatures...

[g]

Patrick O'Callaghan wrote:

[please excuse delay in replying. i was waiting for noise level to drop]

> Needham and Schroeder famously said that anyone who thinks his problem will 
> be solved by cryptography hasn't understood his problem, and hasn't 
> understood cryptography.

i am not familiar with your reference, but i have been dealing with crypto
from back in early 60's and i do understand problems and problems that i am
faced with. there is a lot that can go wrong with crypto and in some cases,
it does break down.

> I asked before if anyone could point to a specific case on this list. I still
> don't have an answer (you said you had one but it was stopped by list 
> management, i.e. the use of signatures simply didn't arise).

if you would like, and ask, i will look for what i received from list
management and sent it to you. off list.

> IOW my view is that signatures *on mailing lists such as this one* are 
> essentially a waste of time.

not always, as i stated before, a member of this list did try to forge my
key and it was caught by list server. therefore, i contend that it is not
completely a waste.

i understand point of view and i respect it. but, as it has proved out, my
using a pgp sig was and is beneficial.

if someone does spend time to break my key and manages to forge my pgp sig,
then i will create and stronger key.

> PS BTW, an excellent layman's history of crypto is Simon Singh's "The 
> Codebook".

i am downloading cd version now. looking forward to seeing what it is about.
i did note that there was a notice 'for pc'. i do hope that it is not limited
to msbsos pc's.

-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/





signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Misha Shnurapet wrote:
> Am I signing my messages correctly?
> 
Yes. It shows as a untrusted good signature.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Misha Shnurapet]

Am I signing my messages correctly?



-- 
Misha Shnurapet

  °v°   I ♥ Linux
 /(_)\  Download the free operating system here:
  ^ ^   http://fedoraproject.org


signature.asc
Description: Эта часть	 сообщения	 подписана	 цифровой	 подписью
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Tue, Jul 14, 2009 at 18:14:57 -0400,
  "Steven W. Orr"  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> 
> The Enigmail package gets added to Thunderbird and provides the human
> interface to GnuPG. Enigmail does provide a setting on a per addressbook entry
>  for whether messages sent TO that address are signed or encrypted. But, if
> you try to automatically verify or decrypt a message as the recipient, and the
> key fetch fails, there's really no reason to think that it would ever fail
> again on a future attempt. There are features which would be nice to see added

Sure there is. If you try again immediately, I would certainly expect it to
fail again. That's what negative caching is for. The exact time to wait
should be configurable, but I would expect to a day to be a reasonable time
to wait before not trying another lookup.

> to Enigmail and marking a particular address as something that you do not want
> to see verified or decrypted has got to be way far down in the list of
> priorities.

As the proble was described it seemed that the key lookup blocked doing
anything further with your email until one keyserver lookup succeeded or they
all failed. This is broken behavior. It would seem much more reasonable to
flag the signature as unknown and start the lookups in the background.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Tue, Jul 14, 2009 at 11:17:05 -0400,
  David  wrote:
> 
> My request, it was never a demand in spite of what others have said, was
> to publish the key or not sign to the list. And I used the word 'please'
> twice. Several users have agreed with me. And several users have agree
> with him. Fair enough.

I was commenting on your requests in that message. I was suggesting you file
a bug report, because the feature for looking up keys when encountered seemed
to be implemented poorly in your mail client.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/14/09 11:17, quoth David:
> On 7/14/2009 8:24 AM, Bruno Wolff III wrote:
>> On Mon, Jul 13, 2009 at 14:04:11 -0400,
>>   "Steven W. Orr"  wrote:
>>> But what G did was much worse. He insisted on putting a little bomb in his
>>> mail that causes a number of us to just plain hang for periods that are
>>> measured in minutes, not just once, but for every message that he sends and
>>> for every time that we try to read it. Having a lack of respect for other
>>> people's time is way high up on my list of things that make me go out of my
>>> way to resort to blacklisting.
>> That sounds like a problem with the mail client you are using and should
>> probably be reported as a bug against that client. The lookups should be
>> out of band and there should probably be some negative caching support
>> as well.
> 
> 
> It is a 'setting', if you wish, to auto-retrieve signing keys from
> keyservers. Keyservers, as can all servers, be slow at times. The more
> keyservers that you check the longer it takes. The retrival ends with
> the first server that has to key.

I *really* hope I'm not tiring people out with this thread, but I would like
to comment on whether this is a software bug, a desirable feature, or whether
it's something that can be improved.

The Enigmail package gets added to Thunderbird and provides the human
interface to GnuPG. Enigmail does provide a setting on a per addressbook entry
 for whether messages sent TO that address are signed or encrypted. But, if
you try to automatically verify or decrypt a message as the recipient, and the
key fetch fails, there's really no reason to think that it would ever fail
again on a future attempt. There are features which would be nice to see added
to Enigmail and marking a particular address as something that you do not want
to see verified or decrypted has got to be way far down in the list of
priorities.

Certainly, G's rationale is no basis for people to unset the auto
verify/decrypt flag.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpdA2EACgkQRIVy4fC+NySt9QCghjtoBbhbs+L/pBt6vCO4qnlU
vJgAnAw5eo82UQVs7eKYBZKzw2AHBfVp
=V3UX
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 7/14/2009 8:24 AM, Bruno Wolff III wrote:
> On Mon, Jul 13, 2009 at 14:04:11 -0400,
>   "Steven W. Orr"  wrote:
>>
>> But what G did was much worse. He insisted on putting a little bomb in his
>> mail that causes a number of us to just plain hang for periods that are
>> measured in minutes, not just once, but for every message that he sends and
>> for every time that we try to read it. Having a lack of respect for other
>> people's time is way high up on my list of things that make me go out of my
>> way to resort to blacklisting.
> 
> That sounds like a problem with the mail client you are using and should
> probably be reported as a bug against that client. The lookups should be
> out of band and there should probably be some negative caching support
> as well.


It is a 'setting', if you wish, to auto-retrieve signing keys from
keyservers. Keyservers, as can all servers, be slow at times. The more
keyservers that you check the longer it takes. The retrival ends with
the first server that has to key.

Say the user has four keyservers selected. There are many. Each time the
user receives a signed message with an unknown key the program goes out
and tries to find the key as it not available on the users keyring and
the program then adds it to the keyring. The next time a signed message,
using that key, is received it is marked as 'known' and that way there
is no need for a search.

If a signer does not publish his/her key the search process happens for
each and every message. For each and every person using the GnuPG system
that reads the post. Or re-reads it.

My request, it was never a demand in spite of what others have said, was
to publish the key or not sign to the list. And I used the word 'please'
twice. Several users have agreed with me. And several users have agree
with him. Fair enough.

His response to my request was insults and name-calling. Did I disable
my system, which is setup the way I like it, to suit the wishes of
another? No. I did not. I disabled the other person from me. He gets to
keep his system setup the way he wants. I no longer have to deal with
his posts signed with an unpublished key.

Problem solved for both of us IMO. By me.
- -- 


  David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkpcoXEACgkQrItTyWRhT1YnpQCdFYt+aDfLc6CPFsprRHrOpQdn
38kAoJ2ilxWWzylUwbFxhYenUhAa4sol
=A763
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Mon, Jul 13, 2009 at 14:04:11 -0400,
  "Steven W. Orr"  wrote:
> 
> But what G did was much worse. He insisted on putting a little bomb in his
> mail that causes a number of us to just plain hang for periods that are
> measured in minutes, not just once, but for every message that he sends and
> for every time that we try to read it. Having a lack of respect for other
> people's time is way high up on my list of things that make me go out of my
> way to resort to blacklisting.

That sounds like a problem with the mail client you are using and should
probably be reported as a bug against that client. The lookups should be
out of band and there should probably be some negative caching support
as well.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Bruno Wolff III wrote:

> It was a multipart message. You should be able to override the sender's
> preference and display text/plain in preference to text/html (or just not
> display text/html parts inline).

i do have thunderbird set to 'view as text'.

i was just making light comment of fennix using html and meant nothing
pejorative towards him.

if he took it in anyway negative, and did not understand my using ':)',
then to fennix, i do apologize.


-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Bruno Wolff III wrote:
> 
> I wasn't commenting on the list guidelines. I was trying to help someone that
> appeared to be seeing html when he would have preferred to have seen the
> included plain text part. That might be useful for him in general, not just
> on the Fedora lists.
> 
LOL - somehow I think g can figure that out by himself.

Mikkel
-- 

   No trees were killed in the sending of this message.
However a large number of electrons were terribly inconvenienced.



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Aldo Foot]

On Mon, Jul 13, 2009 at 12:17 PM, g wrote:
> Fennix wrote:
>
>> Somehow I am disappointed to see all of this.  G does not write often but
>> does so when he does think that it is worth offering a usefull contribution
>
> i thank you for your support. even if it was 'text/html'. :)
>
> i am not aware of 'karl', from what you say about him, i appreciate that you
> do not hold me in same realm.

I don't think you belong in the same realm. You know unix and the advice
you give can be accepted or not. Everyone has a choice.



> a couple of times i have been a little 'off base' with my reply and when i
> have been corrected or further informed, i have been appreciative.

That I have seen.

<..snip...>

> as for david, this whole situation could have been avoided if his attitude
> had been different from start. granted, i did not respond he wished and i
> do believe that this is very much a part of why he has reacted as he has.

No kidding. That was nothing short of a *very* energetic reply. Most probably
anyone would have had some sort of reaction to your genuine way of
expressing yourself. I knew there was fire coming down your way the
minute I read that post.

> he needs to mature and gain a better understanding of how to deal with
> people. not be child like and act as he has because he did not get his
> way and i did not conform to his wishes.

Maybe the fact that you're a mature adult gives you a certain perspective
of other people's level of maturity. In the end we all need to learn something.

~af

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Mon, Jul 13, 2009 at 15:06:57 -0500,
  "Mikkel L. Ellertson"  wrote:
> Bruno Wolff III wrote:
> > 
> > It was a multipart message. You should be able to override the sender's
> > preference and display text/plain in preference to text/html (or just not
> > display text/html parts inline).
> > 
> > That way even though the extra bandwidth is wasted, you at least get to see 
> > the
> > part you are interested in.
> > 
> Right, it does not matter if it follows the list guidelines or not.
> That is irrelevant. We should get rid of that pesky link at the
> bottom of each message that points to the list guidelines.

I wasn't commenting on the list guidelines. I was trying to help someone that
appeared to be seeing html when he would have preferred to have seen the
included plain text part. That might be useful for him in general, not just
on the Fedora lists.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Aldo Foot]

On Mon, Jul 13, 2009 at 12:37 PM, Mikkel L.
Ellertson wrote:
> Steven W. Orr wrote:
>> On 07/13/09 14:21, quoth Mikkel L. Ellertson:
>>
>>> You know, there is a simple fix to this - someone that has G's
>>> public key could upload it to a keyserver. Now, if someone
>>> wanted to be nasty, they could upload a fake public key with his
>>> email address. Then if there is anything to SPAMmers mining the
>>> keyservers for e-mail addresses, the would get the flood of SPAM
>>> anyway.
>>
>> Two wrongs don't make a right. Another established part of the etiquette is 
>> to
>> never upload someone else's key without explicit permission. Lots of
>> keyservers don't do subkeys and you don't really have the implicit permission
>> to overwrite signatures on those machines. To do so would be at least as rude
>> as not publishing a public key that's needed to verify a signature in a 
>> public
>> mailing list.
>>
<...>
>
> As far as uploading a fake key, will interesting to contemplate, I
> wouldn't actually do it. I am just a bit more responsible that that.
>
> Though I am starting to wounder why I adhere to proper net
> etiquette. It seams like fewer people are following it, and if you
> point out proper net etiquette, you get branded a LIST NAZI or TOP
> POSTING NAZI. I guess it is a crime to ask others to be polite and
> follow community guidelines.

This is very true. The truth is that there are those who think there are
(written or not ) rules for a reason, and those who get a kick of breaking
them. It will always be that way.

> My post was half serious, half joking. Kind of a hint about where
> throwing out net etiquette can lead. After all, if all of us decided
> that net etiquette didn't apply to us, then behavior I posted would
> be just as acceptable as G's.

A hint I thought it was. But someone here or there might take the comment
seriously.

I'm actually surprise that we don't see more of this type of issues on this
list. Issues will always arise the moment a direct attack occurs.

~af

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Bruno Wolff III wrote:
> 
> It was a multipart message. You should be able to override the sender's
> preference and display text/plain in preference to text/html (or just not
> display text/html parts inline).
> 
> That way even though the extra bandwidth is wasted, you at least get to see 
> the
> part you are interested in.
> 
Right, it does not matter if it follows the list guidelines or not.
That is irrelevant. We should get rid of that pesky link at the
bottom of each message that points to the list guidelines.




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Mon, Jul 13, 2009 at 19:17:48 +,
  g  wrote:
> Fennix wrote:
> 
> > Somehow I am disappointed to see all of this.  G does not write often but
> > does so when he does think that it is worth offering a usefull contribution
> 
> i thank you for your support. even if it was 'text/html'. :)

It was a multipart message. You should be able to override the sender's
preference and display text/plain in preference to text/html (or just not
display text/html parts inline).

That way even though the extra bandwidth is wasted, you at least get to see the
part you are interested in.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Patrick O'Callaghan]

On Mon, 2009-07-13 at 18:53 +, g wrote:
> if you are still in question as to advantage of pgp sigs, i would be
> happy
> to look for it and post it so that all can see that there are times
> when
> having a pgp sig does work.

Whether it works or not is not the issue. The issue is "what does it
work for?", i.e. "what is the appropriate use?".

Needham and Schroeder famously said that anyone who thinks his problem
will be solved by cryptography hasn't understood his problem, and hasn't
understood cryptography. As with most aphorisms you can debate the
details, but there is a grain of truth in it. What one needs to ask
oneself is "what is the problem I'm trying to solve with this?". My
point is that issues of identity theft or repudiation in mailing lists
like this one have thus far had no practical relevance. I asked before
if anyone could point to a specific case on this list. I still don't
have an answer (you said you had one but it was stopped by list
management, i.e. the use of signatures simply didn't arise).

IOW my view is that signatures *on mailing lists such as this one* are
essentially a waste of time. Signatures on personal and highly sensitive
messages is a completely different issue, but in that case you'll find
you invariably want to use encryption as well as signing.

poc

PS BTW, an excellent layman's history of crypto is Simon Singh's "The
Codebook".

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Steven W. Orr wrote:
> On 07/13/09 14:21, quoth Mikkel L. Ellertson:
> 
>> You know, there is a simple fix to this - someone that has G's
>> public key could upload it to a keyserver. Now, if someone
>> wanted to be nasty, they could upload a fake public key with his
>> email address. Then if there is anything to SPAMmers mining the
>> keyservers for e-mail addresses, the would get the flood of SPAM
>> anyway.
> 
> Two wrongs don't make a right. Another established part of the etiquette is to
> never upload someone else's key without explicit permission. Lots of
> keyservers don't do subkeys and you don't really have the implicit permission
> to overwrite signatures on those machines. To do so would be at least as rude
> as not publishing a public key that's needed to verify a signature in a public
> mailing list.
> 
If your mail setup is anything like mine, there is an option to
upload public keys. While I am fairly sure I wouldn't make the
mistake of uploading his key, I can see it happening. Because I do
not have his public key, at least I can not be blamed for doing it.

As far as uploading a fake key, will interesting to contemplate, I
wouldn't actually do it. I am just a bit more responsible that that.

Though I am starting to wounder why I adhere to proper net
etiquette. It seams like fewer people are following it, and if you
point out proper net etiquette, you get branded a LIST NAZI or TOP
POSTING NAZI. I guess it is a crime to ask others to be polite and
follow community guidelines.

My post was half serious, half joking. Kind of a hint about where
throwing out net etiquette can lead. After all, if all of us decided
that net etiquette didn't apply to us, then behavior I posted would
be just as acceptable as G's.

Mikkel
-- 
Culture dies when you can't see it,
build on it, be affected by it,
share it with your friends.



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Fennix wrote:

> Somehow I am disappointed to see all of this.  G does not write often but
> does so when he does think that it is worth offering a usefull contribution

i thank you for your support. even if it was 'text/html'. :)

i am not aware of 'karl', from what you say about him, i appreciate that you
do not hold me in same realm.

i have been with unix from early s100 days and linux from early days just
after slackware on floppy and red hat from their 1st cd's.

i do not consider myself as highly knowledge of linux and i know that there
is a lot i am still to learn. when i see a post that i feel that i can help
with, i will reply.

a couple of times i have been a little 'off base' with my reply and when i
have been corrected or further informed, i have been appreciative.

i agree with you about anne wilson. i know her from when she first started
with linux and i hold her in high regard. i have kidded her a few times, but
all in all, i do like her and believe that she has accomplished very much
with her learning.

as for david, this whole situation could have been avoided if his attitude
had been different from start. granted, i did not respond he wished and i
do believe that this is very much a part of why he has reacted as he has.

he needs to mature and gain a better understanding of how to deal with
people. not be child like and act as he has because he did not get his
way and i did not conform to his wishes.

if he and others do not care for my sig and use of a pgp sig and wish to
filter me, fine. that is their right. filter all they want.

thank you for your response.

-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Patrick O'Callaghan wrote:

> The whole point of PGP-style signatures is the "web of trust". If you

true. tho, if you email someone and they send you their pgp sig, then you
can feel reasonably certain that pgp sig is from them.

> The point of key servers is not to verify anything, it's to make keys
> easily accessible.

as i stated previously, i have used a key server. i also got an increase
threefold of spam, which happened within a few days of registering key.

key servers are a very good idea. they just need to be more restrictive of
how information is passed out. which is something that would be very hard
to do.

> And in conclusion: the use of signatures (even registered ones) on
> large, essentially anonymous, mailing lists is at best debatable.

i agree with this also, and as i stated in other posts, an attempt was made
to forge my pgp sig and it was caught by list server. therefore, in my case
use of a pgp sig stopped what could have been a very undesirable incident.
so, it can and did happen. i still have, some where, notice that i received.

if you are still in question as to advantage of pgp sigs, i would be happy
to look for it and post it so that all can see that there are times when
having a pgp sig does work.

i even asked list moderators if it was possible to inform me of what was
sent, but i was told that such was done automatically by server and there
was no way to recover email.

i accept your points, but only with a view as you make. from my view, i do
find use of a pgp sig to be beneficial.

in closing, please understand, i do not use a sig or pgp sign my post to
cause discontent. they are for a purpose and so far, that purpose is and
has being serving the intent. if a few can not understand this, then there
is nothing that i can/will do to bring them to a better understanding.


> PS I highly recommend a Stanford paper from a few years back, entitled
> "Why Johnny Can't Encrypt". Google for it, it's very illuminating.

i found this thru google search and did pull a pdf. i have not read all of
it yet, but i do intend to.

again, as always, i thank you for your input, as i do hold you in high regard.

also, please excuse delay in my reply. noise level was high and i wanted to
let it settle down some.

later.

-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/09 14:21, quoth Mikkel L. Ellertson:

> You know, there is a simple fix to this - someone that has G's
> public key could upload it to a keyserver. Now, if someone
> wanted to be nasty, they could upload a fake public key with his
> email address. Then if there is anything to SPAMmers mining the
> keyservers for e-mail addresses, the would get the flood of SPAM
> anyway.

Two wrongs don't make a right. Another established part of the etiquette is to
never upload someone else's key without explicit permission. Lots of
keyservers don't do subkeys and you don't really have the implicit permission
to overwrite signatures on those machines. To do so would be at least as rude
as not publishing a public key that's needed to verify a signature in a public
mailing list.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbhSAACgkQRIVy4fC+NyRTxACffa3shZVbU9KkDU8CdbB45vcy
HOsAnA47Z9AIwfEm/V3eR66qsT8knN5s
=q10F
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 7/13/2009 1:43 PM, Fennix wrote:
>big snip<


> Somehow I am disappointed to see all of this.  G does not write often
> but does so when he does think that it is worth offering a usefull
> contribution to a problem at hand.  For some to try and to tar him with
> the association/way of doing things such as Karl definitely is in error.
>  He is far more knowledgeable about Unix and Linux than Karl and has
> show this in his emails.  He does not write as Karl has done to complain
> of many issues based on incomplete understanding of Linux and
> specifically of Fedora.  Normally I only see G's responses when he is
> offering useful information to some question at hand.  I am not sure I
> have ever seen him complain except in response to an email (perhaps
> unreasonably) attacking him on some question.
> He does have the support of Ann Wilson (a message long ago) and she is
> one that is close to the top of my list of "respected" posters to this
> group.  David, I do understand the basis of your complaint regarding
> delays caused by usage of GPG public keys which are not registered which
> leads to very lengthy delays, and I also can see from G's response his
> reasoning for his current way of sending emails to this list using a GPG
> signature (key offered on request (manual)).  I would be very sorry to
> not have the privelage of G's advice on this list as it always has been
> usefull and concise Hopefully we can all be more open minded on this
> question.
> Fennix


I reply only because I am mentioned by name.

I asked politely and gave a reason for my request. He replied with
name-calling and insults. I don't sign post to mailing lists. My keys, I
have several for different reasons and email address, are posted. I also
have a very private key which I have only given to certain people. I
would never use that for anyone but them.

I hope he offers you many and useful tips and pointers in the future.

I no longer care what he does.

End of Thread.

- -- 


  David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkpbfksACgkQzrAMrEP3F1rcAACaAp+V63xWRX+sdJReZu3LVl8Q
VoIAn2GI43KWgW6Kff0Z2tLsRwyEVNkR
=EFcB
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Steven W. Orr wrote:
> 
> Sometimes people do things on the net that are considered to be minor
> violations of social protocols. This is all a part of being civilized. Posting
> html, top posting, not reducing quoted text, these are all examples of how
> people can get legitimately irritated. Other examples include things like
> having Subject lines that say "Help" or "Hi" when they're trying to get
> assistance with a video card that's not talking well with F11.
> 
> But what G did was much worse. He insisted on putting a little bomb in his
> mail that causes a number of us to just plain hang for periods that are
> measured in minutes, not just once, but for every message that he sends and
> for every time that we try to read it. Having a lack of respect for other
> people's time is way high up on my list of things that make me go out of my
> way to resort to blacklisting.
> 
You know, there is a simple fix to this - someone that has G's
public key could upload it to a keyserver. Now, if someone
wanted to be nasty, they could upload a fake public key with his
email address. Then if there is anything to SPAMmers mining the
keyservers for e-mail addresses, the would get the flood of SPAM
anyway.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/09 13:43, quoth Fennix:

> Somehow I am disappointed to see all of this.  G does not write often but
> does so when he does think that it is worth offering a usefull contribution
> to a problem at hand.  For some to try and to tar him with the
> association/way of doing things such as Karl definitely is in error.  He is
> far more knowledgeable about Unix and Linux than Karl and has show this in
> his emails.  He does not write as Karl has done to complain of many issues
> based on incomplete understanding of Linux and specifically of Fedora.
>  Normally I only see G's responses when he is offering useful information to
> some question at hand.  I am not sure I have ever seen him complain except
> in response to an email (perhaps unreasonably) attacking him on some
> question.
> He does have the support of Ann Wilson (a message long ago) and she is one
> that is close to the top of my list of "respected" posters to this group.
>  David, I do understand the basis of your complaint regarding delays caused
> by usage of GPG public keys which are not registered which leads to very
> lengthy delays, and I also can see from G's response his reasoning for his
> current way of sending emails to this list using a GPG signature (key
> offered on request (manual)).  I would be very sorry to not have the
> privelage of G's advice on this list as it always has been usefull and
> concise Hopefully we can all be more open minded on this question.
> Fennix

I am mystified as to what you're trying to say. G is blacklisted by a few
people now because of his lack of respect or understanding of how email works
in general and PGP in particular. You have the option of not blacklisting his
address.

Sometimes people do things on the net that are considered to be minor
violations of social protocols. This is all a part of being civilized. Posting
html, top posting, not reducing quoted text, these are all examples of how
people can get legitimately irritated. Other examples include things like
having Subject lines that say "Help" or "Hi" when they're trying to get
assistance with a video card that's not talking well with F11.

But what G did was much worse. He insisted on putting a little bomb in his
mail that causes a number of us to just plain hang for periods that are
measured in minutes, not just once, but for every message that he sends and
for every time that we try to read it. Having a lack of respect for other
people's time is way high up on my list of things that make me go out of my
way to resort to blacklisting.

I'm pretty knowledgeable in a number of areas too, and I would expect that
when I make a social gaff like that, that people would let me know so I could
correct it. Instead, G explained why he is *not* going to publish his public
key. If his key is published and someone else informs us of that happy event
then I'd be happy to unblacklist him. Till then, it doesn't matter how smart,
rich, handsome, famous or whatever else is marvelous about him. My time is
more important.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbdxsACgkQRIVy4fC+NyTn6wCfW+qpIUWalQEYA1aPNiixMfx+
Km4An0uu90FMcLJhnZ3Br83R/mi99jk5
=WgEi
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Aaron Konstam wrote:
> I guess it is a matter of philosophy. I think signing mail to a list is
> a waste of time and space.
> 
> On the fedora list what difference does it make if the poster is really
> who he says he is, I could understand if the poster was selling me
> something but any ideas he or she sells are either valid and useful or
> they are not; no matter who they are.
> 
Well, one place it matters is when you are given advice, you have a
better idea if you can trust it if you know it came from the same
person who has given good advice in the past. You also know it isn't
someone playing a nasty joke. But that is just my take on it. (I
started signing my messages when someone pulled that on another
list.) But it is only effective if people can actually verify that
you signed the message and that the message has not been modified.

Mikkel
-- 

Registered Linux User #16148  (http://counter.li.org/)



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Fennix wrote:

> Somehow I am disappointed to see all of this.  G does not write often
> but does so when he does think that it is worth offering a usefull
> contribution to a problem at hand.  For some to try and to tar him with
> the association/way of doing things such as Karl definitely is in error.
>  He is far more knowledgeable about Unix and Linux than Karl and has
> show this in his emails.  He does not write as Karl has done to complain
> of many issues based on incomplete understanding of Linux and
> specifically of Fedora.  Normally I only see G's responses when he is
> offering useful information to some question at hand.  I am not sure I
> have ever seen him complain except in response to an email (perhaps
> unreasonably) attacking him on some question.
> He does have the support of Ann Wilson (a message long ago) and she is
> one that is close to the top of my list of "respected" posters to this
> group.  David, I do understand the basis of your complaint regarding
> delays caused by usage of GPG public keys which are not registered which
> leads to very lengthy delays, and I also can see from G's response his
> reasoning for his current way of sending emails to this list using a GPG
> signature (key offered on request (manual)).  I would be very sorry to
> not have the privelage of G's advice on this list as it always has been
> usefull and concise Hopefully we can all be more open minded on this
> question.
> Fennix

Guidelines:
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines





signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/09 13:03, quoth Rick Sewill:

> Steve, when I click on your signature, I can extract your public DSA
> public key, F0BE3724, see that it is verified, because you registered it
> with the pgp servers (Thank you for registering!), but untrusted by me,
> and if I wish to take further steps, I could trust what you sign.

> This is a good example where we could build a trust relationship if we
> took further steps.

Exactly. Don't you just love the English language with all of its ambiguities?
 We smell, which can imply that we are receptors of quantum bad smelling
particles called fartons, or we can be emitters of said particles. Context
counts. In the wild and wooly world of PGP, Trust is not about whether I trust
you with my money. Trust is only about whether I trust that your key actually
belongs to you. If you're not in the vicinity of Framingham MA then it's not
likely that we will be able to show each other two pieces of government issued
picture ID, but if you know someone who is in the area and have mutually
signed each others' keys then he and I could sign keys and then you could
update your copy of my public key and see that I trust him and you trust him
so you can trust me.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbctwACgkQRIVy4fC+NySVnACeK2UtXMrh47+NL1rR8ZsXhZsM
mbwAnRCnTbt+/8VCIR1tukj+V5D0ZT6w
=deik
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Fennix]

On Tue, Jul 14, 2009 at 1:03 AM, Rick Sewill  wrote:

> On Mon, 2009-07-13 at 12:22 -0400, Steven W. Orr wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On 07/12/09 19:05, quoth Rick Sewill:
> >
> > > My thought is to pgp sign my mail.
> > >
> > > Those who know me, who have spoken to me over the phone and have
> > > received mail from me, can save my signature from my mail and know the
> > > mail, and any future mail with that signature, is from me.
> >
> > HOLD ON THERE BULLWINKLE!!!
> >
> > Every message you send will have a different signature. Your signature is
> a
> > function of the content of your message and your private key. It can only
> be
> > verified using your public key. Saving a signature is of no value.
> >
> > Signing a message says three things:
> >
> > * You're reading a message from me, whoever I am.
> > * I can never say that I never said it (non-repudiation).
> > * The message is intact. It was not modified.
> >
> > > Those who do not know me will have a valid, verified, but untrusted
> > > signature.  If these people have a problem with my mail, they should be
> > > able to track me down through my signature.
> >
> > Not true. Public keys are not the same as a signature.
> >
> > > If one receives mail that purports to be from me, and doesn't
> > > have a signature or does have a signature, but not my signature,
> > > I can claim I didn't send the mail, and hopefully, the person
> > > who created the signature can be tracked down through their
> > > signature.  I assume the key servers keep a log indicating what
> Internet
> > > address was used to register what signature and those records can be
> > > accessed if one can get a court order.
> >
> > Not true and they do not.
> >
> > - --
> > Time flies like the wind. Fruit flies like a banana. Stranger things have
>  .0.
> > happened but none stranger than this. Does your driver's license say
> Organ ..0
> > Donor?Black holes are where God divided by zero. Listen to me! We are
> all- 000
> > individuals! What if this weren't a hypothetical question?
> > steveo at syslang.net
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v2.0.10 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkpbX1sACgkQRIVy4fC+NyRk8gCgir7aIHlJg5cmeQzqQcJOhoY4
> > uHIAn3v8Dzqwn4WWYExziEFnQeNVan0F
> > =vcfY
> > -END PGP SIGNATURE-
> >
>
> I stand corrected.  I was using signature and pgp public key
> interchangeably.  Shame on me.
>
> Steve, when I click on your signature, I can extract your public DSA
> public key, F0BE3724, see that it is verified, because you registered it
> with the pgp servers (Thank you for registering!), but untrusted by me,
> and if I wish to take further steps, I could trust what you sign.
>
> This is a good example where we could build a trust relationship if we
> took further steps.
>
> -Rick
>
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines:
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Somehow I am disappointed to see all of this.  G does not write often but
does so when he does think that it is worth offering a usefull contribution
to a problem at hand.  For some to try and to tar him with the
association/way of doing things such as Karl definitely is in error.  He is
far more knowledgeable about Unix and Linux than Karl and has show this in
his emails.  He does not write as Karl has done to complain of many issues
based on incomplete understanding of Linux and specifically of Fedora.
 Normally I only see G's responses when he is offering useful information to
some question at hand.  I am not sure I have ever seen him complain except
in response to an email (perhaps unreasonably) attacking him on some
question.
He does have the support of Ann Wilson (a message long ago) and she is one
that is close to the top of my list of "respected" posters to this group.
 David, I do understand the basis of your complaint regarding delays caused
by usage of GPG public keys which are not registered which leads to very
lengthy delays, and I also can see from G's response his reasoning for his
current way of sending emails to this list using a GPG signature (key
offered on request (manual)).  I would be very sorry to not have the
privelage of G's advice on this list as it always has been usefull and
concise Hopefully we can all be more open minded on this question.
Fennix
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Rick Sewill]

On Mon, 2009-07-13 at 12:22 -0400, Steven W. Orr wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 07/12/09 19:05, quoth Rick Sewill:
> 
> > My thought is to pgp sign my mail.
> > 
> > Those who know me, who have spoken to me over the phone and have
> > received mail from me, can save my signature from my mail and know the
> > mail, and any future mail with that signature, is from me.
> 
> HOLD ON THERE BULLWINKLE!!!
> 
> Every message you send will have a different signature. Your signature is a
> function of the content of your message and your private key. It can only be
> verified using your public key. Saving a signature is of no value.
> 
> Signing a message says three things:
> 
> * You're reading a message from me, whoever I am.
> * I can never say that I never said it (non-repudiation).
> * The message is intact. It was not modified.
> 
> > Those who do not know me will have a valid, verified, but untrusted
> > signature.  If these people have a problem with my mail, they should be
> > able to track me down through my signature.
> 
> Not true. Public keys are not the same as a signature.
> 
> > If one receives mail that purports to be from me, and doesn't
> > have a signature or does have a signature, but not my signature,
> > I can claim I didn't send the mail, and hopefully, the person
> > who created the signature can be tracked down through their
> > signature.  I assume the key servers keep a log indicating what Internet
> > address was used to register what signature and those records can be
> > accessed if one can get a court order.
> 
> Not true and they do not.
> 
> - --
> Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
> happened but none stranger than this. Does your driver's license say Organ ..0
> Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
> individuals! What if this weren't a hypothetical question?
> steveo at syslang.net
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.10 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkpbX1sACgkQRIVy4fC+NyRk8gCgir7aIHlJg5cmeQzqQcJOhoY4
> uHIAn3v8Dzqwn4WWYExziEFnQeNVan0F
> =vcfY
> -END PGP SIGNATURE-
> 

I stand corrected.  I was using signature and pgp public key
interchangeably.  Shame on me.

Steve, when I click on your signature, I can extract your public DSA
public key, F0BE3724, see that it is verified, because you registered it
with the pgp servers (Thank you for registering!), but untrusted by me,
and if I wish to take further steps, I could trust what you sign.

This is a good example where we could build a trust relationship if we
took further steps.

-Rick



signature.asc
Description: This is a digitally signed message part
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/12/09 12:47, quoth Les:

> Hi, Steven,
>   The point about the envelope is a good one.  It is a point I never
> considered.  But g's attitude doesn't make me fond of signing, in fact
> it does more to discourage users of messaging services to not use PGP or
> SMIME to sign messages.  His actions slow access, disturb the flow of
> work and as you pointed out is generally rude to the users of the list.
> As to someone signing messages to look like him I don't see how that
> could happen, because the messages would have to be signed using his
> private key, unless he posted the private key as well.

I would not suggest that people be discouraged from signing because of nitwits
like G. So far, he has been the only one.

>   In any event, even your signature shows up as "Valid signature, but
> cannot verify sender" on my evolution.  I have checked before to see
> what servers are searched and it appeared correct, but since it cannot
> "verify sender", what does that really tell me?  If the email were
> business related I would be suspicious the first few times, then forget
> about it as regards your emails, but wouldn't that weaken the process?

Correct. I don't know you and you don't know me. Maybe someday we can each
participate in a keysigning and then we will trust each other and the Web Of
Trust will grow.

> 
>   In short, the problem I see with signatures right now, is the process
> is not well documented, and has more players than should be necessary.
> I don't know the solution, but the problems are somewhat self evident.
> If I cannot decipher some sigs, and cannot verify others, then what
> value is the process, and why would I add that overhead if it doesn't
> bring some real benefit.  I am not trolling here, just stating the case
> as I see it.

The process is extremely well documented. Besides all of the online docs, I
recommend PGP and GPG by Michael W. Lucas. He did a nice job of it. Please
don't forget that the history of crypto is quite bloody. Lots of people have
died for this stuff. Mary Queen of Scots lost her head because of lousy
crypto. Galous was murdered by his math professors over it. Alan Turing
committed suicide in part because his government would not help him when he
was charged with homosexuality, even though he should have gotten most of the
credit for cracking the Enigma machine. And Phil Zimmerman (2 m's and 1 n
please) gets credit for putting it all together so it's simple for the common
man to use, but he spent two years being prosecuted by the Feds until someone
posted the code to Usenet.

So if you want to read Applied Crypto by Schneier then you'll see that it's
not impossible to read, but the books and docs that target Joe Q. Public are
out there.

>   One might make it more robust and not pass on unregistered emails, nor
> those that do not pass verification (whatever that may end up being).

I made a choice to verify/decryot messages when read. A GPG plugin could be
added to spamassassin. Lots of stuff we can already do. It could get better
but not by much.

>   But that would be the end of spammers as they would have to register,
> and be verified.  There are too many interests with cash in hand to make
> that realistic.  Any thoughts?

PGP is not about spam. It's about identity. Totally different issue.


- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbY0MACgkQRIVy4fC+NyQgywCeMbL4CX2ddft9sHEK8E3igFDa
WnMAn3rgpfk3LhoLTbbt4e2adCKp6a3J
=LTqo
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/12/09 19:05, quoth Rick Sewill:

> My thought is to pgp sign my mail.
> 
> Those who know me, who have spoken to me over the phone and have
> received mail from me, can save my signature from my mail and know the
> mail, and any future mail with that signature, is from me.

HOLD ON THERE BULLWINKLE!!!

Every message you send will have a different signature. Your signature is a
function of the content of your message and your private key. It can only be
verified using your public key. Saving a signature is of no value.

Signing a message says three things:

* You're reading a message from me, whoever I am.
* I can never say that I never said it (non-repudiation).
* The message is intact. It was not modified.

> Those who do not know me will have a valid, verified, but untrusted
> signature.  If these people have a problem with my mail, they should be
> able to track me down through my signature.

Not true. Public keys are not the same as a signature.

> If one receives mail that purports to be from me, and doesn't
> have a signature or does have a signature, but not my signature,
> I can claim I didn't send the mail, and hopefully, the person
> who created the signature can be tracked down through their
> signature.  I assume the key servers keep a log indicating what Internet
> address was used to register what signature and those records can be
> accessed if one can get a court order.

Not true and they do not.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbX1sACgkQRIVy4fC+NyRk8gCgir7aIHlJg5cmeQzqQcJOhoY4
uHIAn3v8Dzqwn4WWYExziEFnQeNVan0F
=vcfY
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/12/09 09:49, quoth Aaron Konstam:
> I guess it is a matter of philosophy. I think signing mail to a list is
> a waste of time and space.
> 
> On the fedora list what difference does it make if the poster is really
> who he says he is, I could understand if the poster was selling me
> something but any ideas he or she sells are either valid and useful or
> they are not; no matter who they are.

An excellent question! I run a local mailing list here in the sleepy town of
Framingham MA. Long ago (before I was sued in Federal Court for conspiracy to
create an atmosphere of discrimination against the handicapped) I decided that
people should sign their names to their posts.  You don't have to use pgp but
you have to sign your name. People who have anonymity tend to speak
differently than if their real name is involved. In engineering circles it's
less of a problem, because people tend to be more civil than in discussions
involving personal and emotional content.

But there's overlap. What I say here may be seen by people in other circles.
If everyone I know sees that I pgp sign and then they see that there's a
message that's not signed then they'll be righteously suspicious as to whether
this really is Steven W. Orr, even if they don't have the software to vcrify.

So now you know why I sign. A better question is not why you don't sign here,
but why you don't sign at all.

[Just so I can claim to be staying on topic WRT Fedora, there are a lot of
MUAs out there, and most if not all are capable of interfacing with GnuPG.]

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpbWZ4ACgkQRIVy4fC+NySHNACeLXYmMLaAe91yA5PnROs2l3Eg
o00An038rVm9DU2zfXh8wYOJOw0yLJIV
=QTM/
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Tim]

On Sun, 2009-07-12 at 09:47 -0700, Les wrote:
> One might make it more robust and not pass on unregistered
> emails, nor those that do not pass verification (whatever that may end
> up being).
> 
> But that would be the end of spammers as they would have to
> register, and be verified.  There are too many interests with cash in
> hand to make that realistic.  Any thoughts?

Something tells me that spammers would still be around even if they did
have to sign messages.  There'd probably still be enough profit in it
for the bastards.  And they'd use the excuse that people who didn't want
their spam had yet another technical means to filter out their mail.

-- 
[...@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Rick Sewill]

On Sun, 2009-07-12 at 09:47 -0700, Les wrote:
> On Sat, 2009-07-11 at 18:38 -0400, Steven W. Orr wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > On 07/11/09 18:05, quoth David:
> \
> > If I may, I'd like to amplify on "G"'s lack of Netiquette. I am also using
> > Thunderbird with the Enigmail plugin. I too have my system set up for
> > "Automatically Decrypt/Verify" and was previously forced to have long delays
> > every time I saw a message from him. AND I too have taken pains to have him
> > filtered out of my sight.
> > 
> > I am new to the use of PGP but I have studied it from the math, to the
> > computer interface, to the historical and to the sociological aspects. We 
> > send
> > mail via post office all the time and we sign them and seal our messages in 
> > an
> > envelope. PGP is the same thing.  I can send mail and set the From line to
> > Barack Obama and it's trivial to do so. Or, I can send mail out as you and
> > most people wouldn't be able to tell. We all know about how big a problem
> > identity theft is and yet so few of us sign our mail. That absolutely
> > fascinates me. So while "G" is acting like a nitwit by not even 
> > understanding
> > how his behavior is fundamentally rude, I'd like to take this opportunity to
> > encourage more of you to start signing your mail. There are basically two 
> > ways
> > to do it. You can either use the PGP(or GnuPG) scheme, or you can use 
> > S/MIME.
> > S/MIME is better for scalability in corporations. PGP is better in public. 
> > PGP
> > is free and for SMIME to properly work, you have to get a cert from some
> > trusted Cert Authority (CA). For most people, that would mean Verisign, and
> > for others it would mean certs that shouldn't be trusted in the first place.
> > 
> > Anyways, I said what I wanted to say and you can all do what you want, but
> > maybe at least a few more will be better informed, and that's really why 
> > we're
> > all here.
> > 
> > This message is signed, but if you read it, you'll at least be able to fetch
> > my public key.
> > 
> Hi, Steven,
>   The point about the envelope is a good one.  It is a point I never
> considered.  But g's attitude doesn't make me fond of signing, in fact
> it does more to discourage users of messaging services to not use PGP or
> SMIME to sign messages.  His actions slow access, disturb the flow of
> work and as you pointed out is generally rude to the users of the list.
> As to someone signing messages to look like him I don't see how that
> could happen, because the messages would have to be signed using his
> private key, unless he posted the private key as well.
> 
>   In any event, even your signature shows up as "Valid signature, but
> cannot verify sender" on my evolution.  I have checked before to see
> what servers are searched and it appeared correct, but since it cannot
> "verify sender", what does that really tell me?  If the email were
> business related I would be suspicious the first few times, then forget
> about it as regards your emails, but wouldn't that weaken the process?
> 
>   In short, the problem I see with signatures right now, is the process
> is not well documented, and has more players than should be necessary.
> I don't know the solution, but the problems are somewhat self evident.
> If I cannot decipher some sigs, and cannot verify others, then what
> value is the process, and why would I add that overhead if it doesn't
> bring some real benefit.  I am not trolling here, just stating the case
> as I see it.  
> 
>   One might make it more robust and not pass on unregistered emails, nor
> those that do not pass verification (whatever that may end up being).
> 
>   But that would be the end of spammers as they would have to register,
> and be verified.  There are too many interests with cash in hand to make
> that realistic.  Any thoughts?
> 
> Regards,
> Les H
> 
> 

My thought is to pgp sign my mail.

Those who know me, who have spoken to me over the phone and have
received mail from me, can save my signature from my mail and know the
mail, and any future mail with that signature, is from me.

Those who do not know me will have a valid, verified, but untrusted
signature.  If these people have a problem with my mail, they should be
able to track me down through my signature.

If one receives mail that purports to be from me, and doesn't
have a signature or does have a signature, but not my signature,
I can claim I didn't send the mail, and hopefully, the person
who created the signature can be tracked down through their
signature.  I assume the key servers keep a log indicating what Internet
address was used to register what signature and those records can be
accessed if one can get a court order.

I try to register my pgp signature with either keyserver.pgp.com
or pgp.mit.edu:11371 or subkeys.pgp.net, whichever key server seems
to be accessible at the time.  I believe, the key servers synchronize
amongst themselve

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Les wrote:
> Hi, Steven,
>   The point about the envelope is a good one.  It is a point I never
> considered.  But g's attitude doesn't make me fond of signing, in fact
> it does more to discourage users of messaging services to not use PGP or
> SMIME to sign messages.  His actions slow access, disturb the flow of
> work and as you pointed out is generally rude to the users of the list.
> As to someone signing messages to look like him I don't see how that
> could happen, because the messages would have to be signed using his
> private key, unless he posted the private key as well.
> 
If you don't have his private key, then you have no idea if a signed
message came from him, or someone else that signed the message. You
don't even know if someone took a valid message and modified it. All
you know is that the message has a signature that you can not verify.

His answer to that is that everyone that wants to verify his
signature to send him an email asking for his public key, and maybe
he will send it to you...

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Les]

On Sat, 2009-07-11 at 18:38 -0400, Steven W. Orr wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 07/11/09 18:05, quoth David:
\
> If I may, I'd like to amplify on "G"'s lack of Netiquette. I am also using
> Thunderbird with the Enigmail plugin. I too have my system set up for
> "Automatically Decrypt/Verify" and was previously forced to have long delays
> every time I saw a message from him. AND I too have taken pains to have him
> filtered out of my sight.
> 
> I am new to the use of PGP but I have studied it from the math, to the
> computer interface, to the historical and to the sociological aspects. We send
> mail via post office all the time and we sign them and seal our messages in an
> envelope. PGP is the same thing.  I can send mail and set the From line to
> Barack Obama and it's trivial to do so. Or, I can send mail out as you and
> most people wouldn't be able to tell. We all know about how big a problem
> identity theft is and yet so few of us sign our mail. That absolutely
> fascinates me. So while "G" is acting like a nitwit by not even understanding
> how his behavior is fundamentally rude, I'd like to take this opportunity to
> encourage more of you to start signing your mail. There are basically two ways
> to do it. You can either use the PGP(or GnuPG) scheme, or you can use S/MIME.
> S/MIME is better for scalability in corporations. PGP is better in public. PGP
> is free and for SMIME to properly work, you have to get a cert from some
> trusted Cert Authority (CA). For most people, that would mean Verisign, and
> for others it would mean certs that shouldn't be trusted in the first place.
> 
> Anyways, I said what I wanted to say and you can all do what you want, but
> maybe at least a few more will be better informed, and that's really why we're
> all here.
> 
> This message is signed, but if you read it, you'll at least be able to fetch
> my public key.
> 
Hi, Steven,
The point about the envelope is a good one.  It is a point I never
considered.  But g's attitude doesn't make me fond of signing, in fact
it does more to discourage users of messaging services to not use PGP or
SMIME to sign messages.  His actions slow access, disturb the flow of
work and as you pointed out is generally rude to the users of the list.
As to someone signing messages to look like him I don't see how that
could happen, because the messages would have to be signed using his
private key, unless he posted the private key as well.

In any event, even your signature shows up as "Valid signature, but
cannot verify sender" on my evolution.  I have checked before to see
what servers are searched and it appeared correct, but since it cannot
"verify sender", what does that really tell me?  If the email were
business related I would be suspicious the first few times, then forget
about it as regards your emails, but wouldn't that weaken the process?

In short, the problem I see with signatures right now, is the process
is not well documented, and has more players than should be necessary.
I don't know the solution, but the problems are somewhat self evident.
If I cannot decipher some sigs, and cannot verify others, then what
value is the process, and why would I add that overhead if it doesn't
bring some real benefit.  I am not trolling here, just stating the case
as I see it.  

One might make it more robust and not pass on unregistered emails, nor
those that do not pass verification (whatever that may end up being).

But that would be the end of spammers as they would have to register,
and be verified.  There are too many interests with cash in hand to make
that realistic.  Any thoughts?

Regards,
Les H


-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Dennis Gilmore]

On Friday 10 July 2009 05:47:52 pm Mikkel L. Ellertson wrote:
> g wrote:
> > one of reasons that i use a pgp sig is that it maintains my idenity and
> > prevents someone from trying to send an email as me, which has happened
> > on this very list.
>
> How does it maintain your identity when we can not verify that you
> signed the message. Without having your public key, all we know is
> that someone signed the message. So, your signing your messages sent
> to the mailing list does nothing except cause problems for others.
>
> David, one way to solve the problem is to write a filter rule that
> sends g's messages directly to trash.
>
> Mikkel

Last time this came up i set up a filter for the user that was posting with 
signed  emails  with an unposted key after i polietly asked the user to post 
the key and it was rudely refused to do so to send the users email to 
/dev/null   Not posting your gpg key and irritating people who can help you is 
a quick way to make sure that you wont get any help.

Please be nice to everyone and post to a public keyserver your gpg key if you 
intend to sign email.  its a common courtesy. Yes it does not allow us to 
verify that the email was from you since we dont trust your key.  all it does 
is allows us to verify that they key matches what is posted.

Dennis


signature.asc
Description: This is a digitally signed message part.
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Aaron Konstam]

I guess it is a matter of philosophy. I think signing mail to a list is
a waste of time and space.

On the fedora list what difference does it make if the poster is really
who he says he is, I could understand if the poster was selling me
something but any ideas he or she sells are either valid and useful or
they are not; no matter who they are.
> 
--
===
The default Magic Word, "Abracadabra", actually is a corruption of the
Hebrew phrase "ha-Bracha dab'ra" which means "pronounce the blessing".
===
Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/11/2009 10:10 PM, Gene Heskett wrote:
> On Saturday 11 July 2009, David wrote:
>> On 7/11/2009 6:15 PM, Mikkel L. Ellertson wrote:
>>> David wrote:
 My email client, Thunderbird, goes out and searches for his 'not made
 public as it should be' public Key each and every post. Which takes,
 depends on the various Keyservers, 20 +- seconds *each* Kerserver for
 *each* post. Two in one thread? Does it twice. Three? Does it three
 times. Etc...

 I would think that the other email clients using GnuPG do the same. I
 can set it *not* to do that here but that is not what I wish. And why
 should I set my system so that one person can do things incorrectly?

 But no longer. I asked him politely. But his attitude bought him the bit
 bucket here.
>>> You know, g reminds me a lot of Karl that used to be on here.
>>>
>>> Mike
>> Now? Now? That was nasty.  :-)
>>
>> I have a Ubuntu friend. That is where Karl went. Ubuntu. Same guy -
>> different Linux distro. Dave W.tells me he is driving them nuts over
>> there as well.  :-)
>>
> I made a procmail rule.  Haven't seen a Karl or Karl related post on the 
> kubuntu list since. :)


Hi Gene.  :-)  I am sure that 'Karl' (bless his heart) has no idea just
what you have done.  :-)


-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/11/2009 9:31 PM, Steven W. Orr wrote:
> On 07/11/09 21:14, quoth David:
> 
>> I already have your public key sir!  :-)
> 
> 
> And if we ever meet then we could sign each others keys.


You and I, properly identified, sure. It would be my pleasure.


>> I do not, as a practice, sign emails to mail lists. Nor do I add long
>> 'signatures' to anything.
> 
> Consistency has its own value.
> 
>> Some of us, there are many, are not in a position to deal with these
>> things. Dial-up. Limited bandwidth. And other situations.
> 
> 
> I respect your lower bandwidth. Text is good. Html is bad. But the total
> signature comes to 260 bytes. There's header cruft that far surpasses that 
> factor.


I hear so many comments from those of us that are not blessed with 'the
good stuff' that I try to go with those that don't have 'the good
stuff'. It's called here in my space 'give a damn for others'.  :-)


>> Polite goes a long way.
> 
>> Have a nice day.
> 
> And to you too Sir. :-)>
> 
> 

-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Gene Heskett]

On Saturday 11 July 2009, David wrote:
>On 7/11/2009 6:15 PM, Mikkel L. Ellertson wrote:
>> David wrote:
>>> My email client, Thunderbird, goes out and searches for his 'not made
>>> public as it should be' public Key each and every post. Which takes,
>>> depends on the various Keyservers, 20 +- seconds *each* Kerserver for
>>> *each* post. Two in one thread? Does it twice. Three? Does it three
>>> times. Etc...
>>>
>>> I would think that the other email clients using GnuPG do the same. I
>>> can set it *not* to do that here but that is not what I wish. And why
>>> should I set my system so that one person can do things incorrectly?
>>>
>>> But no longer. I asked him politely. But his attitude bought him the bit
>>> bucket here.
>>
>> You know, g reminds me a lot of Karl that used to be on here.
>>
>> Mike
>
>Now? Now? That was nasty.  :-)
>
>I have a Ubuntu friend. That is where Karl went. Ubuntu. Same guy -
>different Linux distro. Dave W.tells me he is driving them nuts over
>there as well.  :-)
>
I made a procmail rule.  Haven't seen a Karl or Karl related post on the 
kubuntu list since. :)
>--
>
>
>  David


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Mal: "If it's Alliance trouble you got, you might want to consider another
ship. Some onboard here fought for the Independents."
--Episode #8, "Out of Gas"

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/11/09 21:14, quoth David:

> I already have your public key sir!  :-)
> 

And if we ever meet then we could sign each others keys.

> I do not, as a practice, sign emails to mail lists. Nor do I add long
> 'signatures' to anything.

Consistency has its own value.

> 
> Some of us, there are many, are not in a position to deal with these
> things. Dial-up. Limited bandwidth. And other situations.
> 

I respect your lower bandwidth. Text is good. Html is bad. But the total
signature comes to 260 bytes. There's header cruft that far surpasses that 
factor.

> Polite goes a long way.
> 
> Have a nice day.

And to you too Sir. :-)>


- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpZPPIACgkQRIVy4fC+NyRnpACfeAlhlyVK4YL2Zka7K9XPYqgo
62gAn3wX+yR70csP9Egy+xnCepk4eVhv
=4OOk
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/11/09 21:14, quoth David:

> I already have your public key sir!  :-)
> 

And if we ever meet then we could sign each others keys.

> I do not, as a practice, sign emails to mail lists. Nor do I add long
> 'signatures' to anything.

Consistency has its own value.

> 
> Some of us, there are many, are not in a position to deal with these
> things. Dial-up. Limited bandwidth. And other situations.
> 

I respect your lower bandwidth. Text is good. Html is bad. But the total
signature comes to 260 bytes. There's header cruft that far surpasses that 
factor.

> Polite goes a long way.
> 
> Have a nice day.

And to you too Sir. :-)>


- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpZPPIACgkQRIVy4fC+NyRnpACfeAlhlyVK4YL2Zka7K9XPYqgo
62gAn3wX+yR70csP9Egy+xnCepk4eVhv
=4OOk
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/11/2009 6:15 PM, Mikkel L. Ellertson wrote:
> David wrote:
>> My email client, Thunderbird, goes out and searches for his 'not made
>> public as it should be' public Key each and every post. Which takes,
>> depends on the various Keyservers, 20 +- seconds *each* Kerserver for
>> *each* post. Two in one thread? Does it twice. Three? Does it three
>> times. Etc...
>>
>> I would think that the other email clients using GnuPG do the same. I
>> can set it *not* to do that here but that is not what I wish. And why
>> should I set my system so that one person can do things incorrectly?
>>
>> But no longer. I asked him politely. But his attitude bought him the bit
>> bucket here.
>>
> You know, g reminds me a lot of Karl that used to be on here.
> 
> Mike
> 

Now? Now? That was nasty.  :-)

I have a Ubuntu friend. That is where Karl went. Ubuntu. Same guy -
different Linux distro. Dave W.tells me he is driving them nuts over
there as well.  :-)

-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/11/2009 6:38 PM, Steven W. Orr wrote:
> On 07/11/09 18:05, quoth David:
>> My email client, Thunderbird, goes out and searches for his 'not made
>> public as it should be' public Key each and every post. Which takes,
>> depends on the various Keyservers, 20 +- seconds *each* Kerserver for
>> *each* post. Two in one thread? Does it twice. Three? Does it three
>> times. Etc...
> 
>> I would think that the other email clients using GnuPG do the same. I
>> can set it *not* to do that here but that is not what I wish. And why
>> should I set my system so that one person can do things incorrectly?
> 
>> But no longer. I asked him politely. But his attitude bought him the bit
>> bucket here.
> 
>> Understand now?
> 
> If I may, I'd like to amplify on "G"'s lack of Netiquette. I am also using
> Thunderbird with the Enigmail plugin. I too have my system set up for
> "Automatically Decrypt/Verify" and was previously forced to have long delays
> every time I saw a message from him. AND I too have taken pains to have him
> filtered out of my sight.
> 
> I am new to the use of PGP but I have studied it from the math, to the
> computer interface, to the historical and to the sociological aspects. We send
> mail via post office all the time and we sign them and seal our messages in an
> envelope. PGP is the same thing.  I can send mail and set the From line to
> Barack Obama and it's trivial to do so. Or, I can send mail out as you and
> most people wouldn't be able to tell. We all know about how big a problem
> identity theft is and yet so few of us sign our mail. That absolutely
> fascinates me. So while "G" is acting like a nitwit by not even understanding
> how his behavior is fundamentally rude, I'd like to take this opportunity to
> encourage more of you to start signing your mail. There are basically two ways
> to do it. You can either use the PGP(or GnuPG) scheme, or you can use S/MIME.
> S/MIME is better for scalability in corporations. PGP is better in public. PGP
> is free and for SMIME to properly work, you have to get a cert from some
> trusted Cert Authority (CA). For most people, that would mean Verisign, and
> for others it would mean certs that shouldn't be trusted in the first place.
> 
> Anyways, I said what I wanted to say and you can all do what you want, but
> maybe at least a few more will be better informed, and that's really why we're
> all here.
> 
> This message is signed, but if you read it, you'll at least be able to fetch
> my public key.


I already have your public key sir!  :-)

I do not, as a practice, sign emails to mail lists. Nor do I add long
'signatures' to anything.

Some of us, there are many, are not in a position to deal with these
things. Dial-up. Limited bandwidth. And other situations.

Polite goes a long way.

Have a nice day.
-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/11/09 18:05, quoth David:
> My email client, Thunderbird, goes out and searches for his 'not made
> public as it should be' public Key each and every post. Which takes,
> depends on the various Keyservers, 20 +- seconds *each* Kerserver for
> *each* post. Two in one thread? Does it twice. Three? Does it three
> times. Etc...
> 
> I would think that the other email clients using GnuPG do the same. I
> can set it *not* to do that here but that is not what I wish. And why
> should I set my system so that one person can do things incorrectly?
> 
> But no longer. I asked him politely. But his attitude bought him the bit
> bucket here.
> 
> Understand now?

If I may, I'd like to amplify on "G"'s lack of Netiquette. I am also using
Thunderbird with the Enigmail plugin. I too have my system set up for
"Automatically Decrypt/Verify" and was previously forced to have long delays
every time I saw a message from him. AND I too have taken pains to have him
filtered out of my sight.

I am new to the use of PGP but I have studied it from the math, to the
computer interface, to the historical and to the sociological aspects. We send
mail via post office all the time and we sign them and seal our messages in an
envelope. PGP is the same thing.  I can send mail and set the From line to
Barack Obama and it's trivial to do so. Or, I can send mail out as you and
most people wouldn't be able to tell. We all know about how big a problem
identity theft is and yet so few of us sign our mail. That absolutely
fascinates me. So while "G" is acting like a nitwit by not even understanding
how his behavior is fundamentally rude, I'd like to take this opportunity to
encourage more of you to start signing your mail. There are basically two ways
to do it. You can either use the PGP(or GnuPG) scheme, or you can use S/MIME.
S/MIME is better for scalability in corporations. PGP is better in public. PGP
is free and for SMIME to properly work, you have to get a cert from some
trusted Cert Authority (CA). For most people, that would mean Verisign, and
for others it would mean certs that shouldn't be trusted in the first place.

Anyways, I said what I wanted to say and you can all do what you want, but
maybe at least a few more will be better informed, and that's really why we're
all here.

This message is signed, but if you read it, you'll at least be able to fetch
my public key.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpZFFQACgkQRIVy4fC+NyR2xgCfXCjwNzaqzqorKE0BS19X1vFt
YyAAnAqhs1Ws5aPeNwDUDPAfm5E+y+3x
=B1jj
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

David wrote:
> 
> My email client, Thunderbird, goes out and searches for his 'not made
> public as it should be' public Key each and every post. Which takes,
> depends on the various Keyservers, 20 +- seconds *each* Kerserver for
> *each* post. Two in one thread? Does it twice. Three? Does it three
> times. Etc...
> 
> I would think that the other email clients using GnuPG do the same. I
> can set it *not* to do that here but that is not what I wish. And why
> should I set my system so that one person can do things incorrectly?
> 
> But no longer. I asked him politely. But his attitude bought him the bit
> bucket here.
> 
You know, g reminds me a lot of Karl that used to be on here.

Mike
-- 

Unfortunately for us, common sense is not very common.



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/11/2009 4:45 PM, Aaron Konstam wrote:
> On Sat, 2009-07-11 at 12:05 -0400, David wrote:
>> On 7/10/2009 11:34 PM, Steven W. Orr wrote:
>>> On 07/10/09 18:47, quoth Mikkel L. Ellertson:
 David, one way to solve the problem is to write a filter rule that
 sends g's messages directly to trash.
>>> New entry in my access file
>>> From:gel...@bellsouth.net   REJECT 553 PGP signing with no public key.
>>
>> For some reason this has not made it to the list. I apologize if this
>> shows up twice.
>>
>>
>> I was trying to advise him that he should do the correct thing. I failed
>> at that. His GunPG signature is a waste of time, his time and my time,
>> since it can not be verified that it is even his signature.
>>
>> I did not want to /null/void his posts. With his 'nasty' reply he has
>> given me no other choice. His posts will now be deleted directly from
>> the email server before downloading.
>>
>> Sad thing about that is that if, in the future, he should decide to use
>> GnuPG properly I'll never know.
>>
>> BTW. You did notice that I made no comment on his excessively long and
>> rambling 'signature'.  :-)
>>
> I am confused about the brouhaha over the signature that g sent. When I
> get his message in evolution there is just as single line saying he has
> signed his message. This bothers me not at all.
> 
> I assume something more annoying happens with other mail programs.. What
> is it that happens that annoys people so much


My email client, Thunderbird, goes out and searches for his 'not made
public as it should be' public Key each and every post. Which takes,
depends on the various Keyservers, 20 +- seconds *each* Kerserver for
*each* post. Two in one thread? Does it twice. Three? Does it three
times. Etc...

I would think that the other email clients using GnuPG do the same. I
can set it *not* to do that here but that is not what I wish. And why
should I set my system so that one person can do things incorrectly?

But no longer. I asked him politely. But his attitude bought him the bit
bucket here.

Understand now?
-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Aaron Konstam]

On Sat, 2009-07-11 at 12:05 -0400, David wrote:
> On 7/10/2009 11:34 PM, Steven W. Orr wrote:
> > On 07/10/09 18:47, quoth Mikkel L. Ellertson:
> >> David, one way to solve the problem is to write a filter rule that
> >> sends g's messages directly to trash.
> > 
> > New entry in my access file
> > From:gel...@bellsouth.net   REJECT 553 PGP signing with no public key.
> 
> 
> For some reason this has not made it to the list. I apologize if this
> shows up twice.
> 
> 
> I was trying to advise him that he should do the correct thing. I failed
> at that. His GunPG signature is a waste of time, his time and my time,
> since it can not be verified that it is even his signature.
> 
> I did not want to /null/void his posts. With his 'nasty' reply he has
> given me no other choice. His posts will now be deleted directly from
> the email server before downloading.
> 
> Sad thing about that is that if, in the future, he should decide to use
> GnuPG properly I'll never know.
> 
> BTW. You did notice that I made no comment on his excessively long and
> rambling 'signature'.  :-)
> 
I am confused about the brouhaha over the signature that g sent. When I
get his message in evolution there is just as single line saying he has
signed his message. This bothers me not at all.

I assume something more annoying happens with other mail programs.. What
is it that happens that annoys people so much
> 
--
===
Old age is too high a price to pay for maturity.
===
Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[David]

On 7/10/2009 11:34 PM, Steven W. Orr wrote:
> On 07/10/09 18:47, quoth Mikkel L. Ellertson:
>> David, one way to solve the problem is to write a filter rule that
>> sends g's messages directly to trash.
> 
> New entry in my access file
> From:gel...@bellsouth.net   REJECT 553 PGP signing with no public key.


For some reason this has not made it to the list. I apologize if this
shows up twice.


I was trying to advise him that he should do the correct thing. I failed
at that. His GunPG signature is a waste of time, his time and my time,
since it can not be verified that it is even his signature.

I did not want to /null/void his posts. With his 'nasty' reply he has
given me no other choice. His posts will now be deleted directly from
the email server before downloading.

Sad thing about that is that if, in the future, he should decide to use
GnuPG properly I'll never know.

BTW. You did notice that I made no comment on his excessively long and
rambling 'signature'.  :-)

-- 


  David

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/10/09 23:34, quoth Steven W. Orr:
> On 07/10/09 18:47, quoth Mikkel L. Ellertson:
>> David, one way to solve the problem is to write a filter rule that
>> sends g's messages directly to trash.
> 
> New entry in my access file
> From:gel...@bellsouth.net   REJECT 553 PGP signing with no public key.

Interesting. The little bastard got through at 4:45AM so the access trick
doesn't work. The reason it failed was because the From address wasn't geleem.
It was really fedora-list-bounces. So I added a blacklist_from to my
spamassassin local.cf. Assuming this works and he gets the message then the
only way I'll get notified is if someone else tells me.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpYsckACgkQRIVy4fC+NyQ9/QCdFmM9x0y4M6QU2KfuYQIsQqW9
vusAnAnainh4ewzQrcMdhnaM9hFFp1gf
=fA5t
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Patrick O'Callaghan]

On Sat, 2009-07-11 at 00:49 +, g wrote:
> another reason, at least as i was told, key servers do not verify who
> submits a key is actual owner of address.

The whole point of PGP-style signatures is the "web of trust". If you
don't get someone's public key directly from them (e.g. at a key-signing
party) or from an intermediary that you both trust sufficiently, you
basically know nothing about the sender.

The point of key servers is not to verify anything, it's to make keys
easily accessible. Using a public key and not putting it on a key server
means a random reader can't even verify that a succession of messages
were signed with the same key (the only info in the signature itself is
the Key ID, which is fakable with enough effort). Putting it on a key
server without an independant verification channel does at least allow a
motivated reader to check with high confidence that a bunch of messages
use the same key, but doesn't allow them to check if they were signed by
the correct person.

And in conclusion: the use of signatures (even registered ones) on
large, essentially anonymous, mailing lists is at best debatable. What
exactly do people expect to gain from this? Signatures were invented in
large part to allow integrity and non-repudiation of messages. If I see
a message purportedly from myself on this list and I didn't send it,
I'll be very quick to repudiate it. Has this ever happened in anyone's
memory?

poc

PS I highly recommend a Stanford paper from a few years back, entitled
"Why Johnny Can't Encrypt". Google for it, it's very illuminating.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/10/09 18:47, quoth Mikkel L. Ellertson:
> David, one way to solve the problem is to write a filter rule that
> sends g's messages directly to trash.

New entry in my access file
From:gel...@bellsouth.net   REJECT 553 PGP signing with no public key.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpYCFcACgkQRIVy4fC+NySP/gCdGpwn3xa8wMA/I/TTGQvCDklz
mL8AniKUZbRwsRsxBDBSTFl9MYlb8kHy
=mW0a
-END PGP SIGNATURE-

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Todd Zullinger wrote:

> This sub-thread needs to stop now.  If all there is to say in a reply
> is name-calling, it does not belong on fedora-list.  Please respect
> the many thousands of other list members.

i agree about name-calling, but to say that one is 'bitching' is not same
as saying one is a 'bitch'.

i guess 'gripping' would have been a better choice of words.

to those who took offense, other than david, i apologize.

*end of story*.


-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Todd Zullinger]

g wrote:
[big snip]

This sub-thread needs to stop now.  If all there is to say in a reply
is name-calling, it does not belong on fedora-list.  Please respect
the many thousands of other list members.

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Nothing is so simple that it cannot be misunderstood.
-- Teague's Paradox



pgpVHgaDmqdZ6.pgp
Description: PGP signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Bruno Wolff III wrote:

> Because the messages are signed with the same key. So whoever is creating
> the signed messages has access to the private key. Key servers don't add a lot
> of assurance on top of this. And they add a risk that it tells other parties
> who you are communicating with.

thank you.

another reason, at least as i was told, key servers do not verify who
submits a key is actual owner of address.

i have not verified this by trying to submit a key for a different email
address, but being that person who told me was deeper into pgp and sigs,
i accept his word, as it does sound reasonable.

if someone did forge an email address and pgp sig, email origin can still
be determined by other information in header. or at least as i understand
how it all works.

-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/




signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

Bruno Wolff III wrote:
> On Fri, Jul 10, 2009 at 17:47:52 -0500,
>   "Mikkel L. Ellertson"  wrote:
>> How does it maintain your identity when we can not verify that you
>> signed the message. Without having your public key, all we know is
>> that someone signed the message. So, your signing your messages sent
>> to the mailing list does nothing except cause problems for others.
> 
> Because the messages are signed with the same key. So whoever is creating
> the signed messages has access to the private key. Key servers don't add a lot
> of assurance on top of this. And they add a risk that it tells other parties
> who you are communicating with.
> 
How do you know they are signed by the same key, if you do not have
the public key to check it with?

As far as accessing key servers telling people who I am
communicating with, they can get the same information by looking at
the members of the mailing lists I am on. As far as people I
exchange encrypted messages with, I didn't get their keys off a key
server.

But getting keys from a key server does not tell anyone who you are
communicating with unless someone puts a lot of effort into it. It
is much easier to watch the mail traffic going through your mail server.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[g]

Mikkel L. Ellertson wrote:

> How does it maintain your identity when we can not verify that you
> signed the message.

as i told david, ask.

> David, one way to solve the problem is to write a filter rule that
> sends g's messages directly to trash.

i wish he would.

seems david is having menstrual pains. 30 days ago he was bitching about
how my sig made him feel like a dumb ass, or words to that effect.

now he is bitching about my pgp sig.

david needs to get some 'midol' or get his doctor to subscribe something
stronger for him.

if he does not filter me out, there is no telling what he will find to
bitch about next month.


-- 

peace out.

tc,hago.

g
.


in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/






signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Bruno Wolff III]

On Fri, Jul 10, 2009 at 17:47:52 -0500,
  "Mikkel L. Ellertson"  wrote:
> How does it maintain your identity when we can not verify that you
> signed the message. Without having your public key, all we know is
> that someone signed the message. So, your signing your messages sent
> to the mailing list does nothing except cause problems for others.

Because the messages are signed with the same key. So whoever is creating
the signed messages has access to the private key. Key servers don't add a lot
of assurance on top of this. And they add a risk that it tells other parties
who you are communicating with.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: mailing list pgp signatures...

[Mikkel L. Ellertson]

g wrote:
> 
> one of reasons that i use a pgp sig is that it maintains my idenity and
> prevents someone from trying to send an email as me, which has happened
> on this very list.
> 
How does it maintain your identity when we can not verify that you
signed the message. Without having your public key, all we know is
that someone signed the message. So, your signing your messages sent
to the mailing list does nothing except cause problems for others.

David, one way to solve the problem is to write a filter rule that
sends g's messages directly to trash.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines