Why do people send email with an attached public key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I see that there are some people who send their messages (especially to this list) with their messages signed via an attached signature. I can't imagine that this question hasn't been asked before, but is there an advantage to doing this vs having an inline signature? BTW, I run a mailinglist which strips all attachments. If I use a signature attachment, am I further limiting an already limited audience? TIA - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAko8FQUACgkQRIVy4fC+NyRPNwCfTw4RIcwpGCU3BKhLbM98sZv/ fTYAniJqtkhQXyOshzwbFU3dO4xQO8qu =NI2H -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do people send email with an attached public key?
On Jun 20, 2009, at 12:45 AM, Steven W. Orr wrote: I see that there are some people who send their messages (especially to this list) with their messages signed via an attached signature. It is called PGP/MINE. I think the advantage is, that is more clear how to recongize a signed or encrypted message without parsing the body of the email. Thomas PGP.sig Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do people send email with an attached public key?
Steven W. Orr wrote the following on 6/19/09 6:45 PM: I see that there are some people who send their messages (especially to this list) with their messages signed via an attached signature. I can't imagine that this question hasn't been asked before, but is there an advantage to doing this vs having an inline signature? BTW, I run a mailinglist which strips all attachments. If I use a signature attachment, am I further limiting an already limited audience? TIA The question about detached signatures (PGP/MIME) has been asked before in this forum, and in many others that deal with crypto. First, to answer the question in the subject of your message (BTW, it's better to avoid inserting questions in an e-mail's subject, just state the subject): Attaching the sender's public key to an e-mail is not the same as signing the e-mail with a detached signature (PGP/MIME). Attaching the sender's key can be a courtesy to spare recipients the task of searching for the sender's public key. Some MUAs will offer you the possibility of either signing both the e-mail and the attached public key in one single encapsulated message, and that will force PGP/MIME, or to sign the e-mail only, and not the attached public key. Other MUAs will automatically force PGP/MIME when the e-mail has an attachment. As to the pro and cons, I'll refer you to David Shaw's post to this list: http://lists.gnupg.org/pipermail/gnupg-users/2004-April/022208.html. There are surely many other posts on the same topic. Not all MUAs are PGP/MIME compliant. If your mailing list strips all attachments, that's an additional problem. Have a fine week end. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
