Re: PGP signing (newbie)
John Buttery [EMAIL PROTECTED] wrote: (Sorry, that it took quite a while for me to reply -- I'm always slow on these things...) Well, here's my two cents for you to add to the stuff you're reading up on. Thank you very much, I appreciate it. :-) I encrypt every message I can (which isn't many yet, *sigh*), sign all private mail except to the really militant dissenters (i.e. users of a particular version of Eudora that actually locks up trying to read the message...), and sign all list mail. Well yeah, after Feztaa demonstrated the spoofing of an email address, I begun to sign *every* mail, as well. It actually was *pretty* scary to see me -- my email address and signature -- writing that shit; for a second I even thought I was hallucinating. ;-) What comes to encrypting, that I haven't done yet (except testing it). But I know, that it's definitely coming in use one day, as some of the mails I send, are pretty damn personal and if a mail like that would end up in wrong hands... ah well, I don't even want to think about it. My own reasons for signing all list mail are thus: 1) It increases awareness of cryptography as a mainstream utility. Sometimes people ask me about it, maybe others silently look it up on the web or consult their local nerd resource. :) This is kinda a minor reason though. This is actually pretty good point. And I agree, cryptography should, indeed, be brought before the eyes of every data communicator, or better; every computer user whatsoever -- as it is said, you can't be too careful. Now let me just explicitly say that what I'm about to describe is _not_ (there's that super-sized emphasis again) a substitute for actual signatures on a key. This is just a suggestion for a second-best procedure... By signing all public mail, I am creating a far-flung paper trail on the web and in people's mailboxes of all my signed email. What this means is, that if someone gets a message that's signed by a key with my name on it but has no sigs that they themselves trust, they can consult something like Google and find its archive of 2.3 to the power of spork messages that are signed by my public key. They can then say, OK, whoever signed this message also signed all those other messages. A careful examination of a cross-section of those messages may give them some clue, maybe through speech patterns etc, that the person from all those messages is the same one who sent the email they now have in their inbox. Again, it's not a substitute for actual web-of-trust sigs, but it does at least a little good in a pinch. Just the fact that there are a zillion things out there with my sig lends it credence; after all, it would take a lot of motivation for someone to bother creating a fake key and then manually composing all those messages over the course of time just to fake someone out. Yeah, you are right. Once you've sort of shown, that you sign every goddamn mail you send, at least people should be alert, if they receive a message without signing from an address which implies the one you have. Then they can more easily deduct, that the mail they got, can be or *probably* is spoofed. As you sign every mail, people will learn that and they know to expect a signed mail from *you*. I hope you get my point; I'm a bit tired and dizzy at the moment, and my thoughts are pretty slow tonight... Oh, and of course I also sign just to keep Rob from forging my email. :) LOL! It was scary, now wasn't it?:-) still haven't fixed the sig rotation script. Once you have, could you let me know -- I'd be interested too. :-) -- Jussi Ekholm [EMAIL PROTECTED] | Jesus is on opium, Jesus needs a fix, http://erppimaa.cjb.net/~ekhowl/ | Singing love, brother love, ekh @ IRCNet | Singing love, brother love... msg26428/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
David T-G [EMAIL PROTECTED] wrote: ...and then Shawn McMahon said... If you do that, make sure you local-sign, not sign for export. The latter would be a big no-no. The gpg and pgp documention goes into these subjects in depth, IIRC. We even had that whole discussion here a while back. Rob, when was that? One more question popped in my mind; when GnuPG automagicly fetches a key of some person and verifies it, it goes to the key list (I mean, that I can check it out with 'gpg --list-keys'). Does this mean, that it is signed? If it does, is it lsigned or signed for export? Because I have a *lots* of keys now, which I can view ith --list-keys option for gpg... and I'm not so experienced yet, that I could tell if they are signed or not. Sorry, if the answer is self-evident and the question's stupid, but I'd just like to know... -- Jussi Ekholm | And Jesus is on opium and Jesus needs a fix [EMAIL PROTECTED] | And Jesus is a suffering slave to ritualistic sex http://erppimaa.cjb.net/ | Singing love brother love... ekh @ IRCNet | Singing love brother love... msg26130/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
On Tue, Mar 26, 2002 at 01:17:10PM +0200, [EMAIL PROTECTED] wrote: One more question popped in my mind; when GnuPG automagicly fetches a key of some person and verifies it, it goes to the key list (I mean, that I can check it out with 'gpg --list-keys'). Does this mean, that it is signed? If it does, is it lsigned or signed for export? Like I said, I'm not a GnuPG expert, but... No, it won't sign a key. To sign a key, use gpg --sign-key (to sign for export, which you shouldn't do until you know what you're doing), or gpg --lsign-key (to sign a key locally). Because I have a *lots* of keys now, which I can view ith --list-keys option for gpg... and I'm not so experienced yet, that I could tell if they are signed or not. You have no proof that the key you downloaded actually belongs to the owner, so there is no justification for signing it. Signing the key says I am 100% sure that this key belongs to the true owner. For example, let's say that there is a guy that we both know, called Fred Bloggs. He hasn't uploaded a key to the keyserver. I create a key containing his email address and upload it to the server. I then spoof a mail to you, that appears to come from Fred, and is signed with his key. You download the key, and validate his his message. You also sign his key. Now your web-of-trust is broken. AIUI, signing for export says I am willing to tell anyone that if they trust my key, then they should also trust this person's key. Other people could then decide to trust your judgement on signing keys, and use your signature equivalent to their own. This is why you shouldn't sign for export unless you *really* know what you're doing. -- David SmithWork Email: [EMAIL PROTECTED] STMicroelectronics Home Email: [EMAIL PROTECTED] Bristol, England
Re: key status (was Re: PGP signing (newbie))
Jussi -- ...and then Jussi Ekholm said... % % David T-G [EMAIL PROTECTED] wrote: % % ...and then Shawn McMahon said... % If you do that, make sure you local-sign, not sign for export. The latter % would be a big no-no. The gpg and pgp documention goes into these subjects ... % % One more question popped in my mind; when GnuPG automagicly fetches % a key of some person and verifies it, it goes to the key list (I mean, Yes, it does. % that I can check it out with 'gpg --list-keys'). Does this mean, that % it is signed? If it does, is it lsigned or signed for export? Nope. Nothing of the sort; you have to sign keys for them to be signed (that may sound like a tautology, but it's really an illustration). % % Because I have a *lots* of keys now, which I can view ith --list-keys % option for gpg... and I'm not so experienced yet, that I could tell % if they are signed or not. Don't worry; it's there, but it's not in your way. % % Sorry, if the answer is self-evident and the question's stupid, but % I'd just like to know... First, check out gpg --help to see what you can do with the program. Read it in great detail -- really! Then take a look at this example: [zero] [6:47am] ~ gpg --list-keys 0xbc3ff6d4 pub 1024D/BC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sub 2048g/D965F16A 1999-05-26 pub 1024D/BC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sub 2048g/D965F16A 1999-05-26 [zero] [6:47am] ~ gpg --list-sigs 0xbc3ff6d4 pub 1024D/BC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sigBC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sigCBAE9171 1999-05-26 David Thorburn-Gundlach (default) [EMAIL PROTECTED] sig7B9F4700 2001-12-17 David T-G [EMAIL PROTECTED] sub 2048g/D965F16A 1999-05-26 sigBC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] pub 1024D/BC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sigBC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] sigCBAE9171 1999-05-26 David Thorburn-Gundlach (default) [EMAIL PROTECTED] sig7B9F4700 2001-12-17 David T-G [EMAIL PROTECTED] sub 2048g/D965F16A 1999-05-26 sigBC3FF6D4 1999-05-26 Mike Stella [EMAIL PROTECTED] The rest is left as an exercise for the student ;-) Note that you probably don't always want to use --list-sigs, though: [zero] [6:49am] ~ gpg --list-keys | wc -l 1085 [zero] [6:49am] ~ gpg --list-sigs | wc -l 2929 % % -- % Jussi Ekholm | And Jesus is on opium and Jesus needs a fix % [EMAIL PROTECTED] | And Jesus is a suffering slave to ritualistic sex % http://erppimaa.cjb.net/ | Singing love brother love... % ekh @ IRCNet | Singing love brother love... :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg26132/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
24-Mar-02 at 22:37, Rob 'Feztaa' Park ([EMAIL PROTECTED]) wrote : Your name just sounds so feminine. We seem to get a lot of that here, don't we? ;) I don't know that I can let you get away with that. Said in the correct accent - in fact, one of German, Switzerdutch, and most Scandinavian accents, Jussi sounds reasonably masculine to me. In and English accent (particularly Canadian/American) it /may/ sound feminine... but you should never assume that just because in your phonetics, a name sounds feminine, that it is. Indeed, never assume at all that you can guess, because some names which are only female in English may be unisex in other countries, or unisex with slight spelling variations. Shit I hate political correctness, but I adore linguistic debate. Sometimes the two collide and I have a little rant. Apologies to the sensitive. -- [Simon White. vim/mutt/Linux. [EMAIL PROTECTED] GIMPS: 54.35%] v-- John Lennon Sometimes we sit and read other people's interpretations of our lyrics and think, 'Hey, that's pretty good.' If we liked it, we would keep our mouths shut and just accept the credit as if it was what we meant all along.
[OT] Names (Was: Re: PGP signing (newbie))
On Mon, Mar 25, 2002 at 09:10:11AM +, [EMAIL PROTECTED] wrote: In and English accent (particularly Canadian/American) it /may/ sound feminine... but you should never assume that just because in your phonetics, a name sounds feminine, that it is. Indeed, never assume at all that you can guess, because some names which are only female in English may be unisex in other countries, or unisex with slight spelling variations. An example: In English/French, Michele (pronounced Mee-Shell) is a female name, whereas in Italian, Michele (pronounced Mick-Ay-Lee) is a male name. -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 617910 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 Almondsbury| Work Email: [EMAIL PROTECTED] BRISTOL, BS32 4SQ | Home Email: [EMAIL PROTECTED]
Re: PGP signing (newbie)
* Jussi Ekholm [EMAIL PROTECTED] [2002-03-24 21:09:42 +0200]: Rob 'Feztaa' Park [EMAIL PROTECTED] wrote: Alas! Jussi Ekholm spake thus: But yeah - what is so bad in PGP signed mails in mailing lists? There is nothing wrong -- the people who say it is wrong are simply heretics. Oh, you _didn't_ want to start a flamewar? Oops... ;) LOL! Well, maybe we can have just a nice and friendly /discussion/ instead of a /flamewar/? ;-) Ah well, I've decided not to use signed mails in mailing lists if there isn't any reason for me to do it. What matters, is, that PGP works with my Mutt - whole other thing is, if I use it... ;-) Well, here's my two cents for you to add to the stuff you're reading up on. I encrypt every message I can (which isn't many yet, *sigh*), sign all private mail except to the really militant dissenters (i.e. users of a particular version of Eudora that actually locks up trying to read the message...), and sign all list mail. I sign/encrypt all private mail because it just makes sense. But anyway, this thread is about (not) signing public/list mail. My own reasons for signing all list mail are thus: 1) It increases awareness of cryptography as a mainstream utility. Sometimes people ask me about it, maybe others silently look it up on the web or consult their local nerd resource. :) This is kinda a minor reason though. 2) The main reason I sign all list email is an attempt to _somewhat_ (please note the super-sized emphasis on somewhat as it becomes important later) counter the problem of signature authentication for untrusted keys. Let's pause a minute for a definition: Authentication by trust is defined as the level of trust a given key is assigned, based on the actual signatures that have been applied to the key by people who are assumed to have been acting in good faith and verified the identity of the key owner at the time of signing. Now let me just explicitly say that what I'm about to describe is _not_ (there's that super-sized emphasis again) a substitute for actual signatures on a key. This is just a suggestion for a second-best procedure... By signing all public mail, I am creating a far-flung paper trail on the web and in people's mailboxes of all my signed email. What this means is, that if someone gets a message that's signed by a key with my name on it but has no sigs that they themselves trust, they can consult something like Google and find its archive of 2.3 to the power of spork messages that are signed by my public key. They can then say, OK, whoever signed this message also signed all those other messages. A careful examination of a cross-section of those messages may give them some clue, maybe through speech patterns etc, that the person from all those messages is the same one who sent the email they now have in their inbox. Again, it's not a substitute for actual web-of-trust sigs, but it does at least a little good in a pinch. Just the fact that there are a zillion things out there with my sig lends it credence; after all, it would take a lot of motivation for someone to bother creating a fake key and then manually composing all those messages over the course of time just to fake someone out. Oh, and of course I also sign just to keep Rob from forging my email. :) -- still haven't fixed the sig rotation script. msg26045/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Rob 'Feztaa' Park [EMAIL PROTECTED] wrote: Alas! Jussi Ekholm spake thus: And to point out -- 'sed s/her/his/g'. ;-) You're a guy? Oooops! Sorry. Your name just sounds so feminine. Hehe, no problem. :-) And I could take the lower line as a compliment, I guess. But yeah, this is going way too OT and I admit; I should've taken this off the list already, but I'll let it go this once -- to point out my sex!! *grin* We seem to get a lot of that here, don't we? ;) Oh, lots of similar incidents taking place? ;-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg26050/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Shawn, et al -- ...and then Shawn McMahon said... % ... % from me in lots of fora, all signed, then you may consider my identity % established enough for your purposes, and choose to local-sign my key, and ... % If you do that, make sure you local-sign, not sign for export. The latter % would be a big no-no. The gpg and pgp documention goes into these subjects % in depth, IIRC. We even had that whole discussion here a while back. Rob, when was that? *grin* :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg26057/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
--DiL7RhKs8rK9YGuF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alas! Simon White spake thus: 24-Mar-02 at 22:37, Rob 'Feztaa' Park ([EMAIL PROTECTED]) wrote : Your name just sounds so feminine. We seem to get a lot of that here, don't we? ;) =20 I don't know that I can let you get away with that. Said in the correct a= ccent - in fact, one of German, Switzerdutch, and most Scandinavian accents, Ju= ssi sounds reasonably masculine to me. Well, it sounds an awful lot like Jessy to me, which is a decidedly female name in Canada. I've never heard of a man named Jessy ;) (that we get a lot of it here comment was a reference to the time I assumed Rene Clerc was female, too. D'oh! ;) --=20 Rob 'Feztaa' Park [EMAIL PROTECTED] -- Myxie I know. Unless htere is a cookie monster somewhere between us tat m= uches the amil. Myxie amil/mail Myxie muches/munches tat/that htere/there HippieGuy heheh HippieGuy problems? :) * Myxie needs an ircii addon that pipes teh command line through ispell :) -- Seen on #Debian --DiL7RhKs8rK9YGuF Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8n3sYPTh2iSBKeccRAqECAJ9Q2EobXLbgJu/bJBtG4wGpZc1VZQCfXry+ AaMnURJpXhWYw5njvzRhzQw= =jTjk -END PGP SIGNATURE- --DiL7RhKs8rK9YGuF--
Re: PGP signing (newbie)
--SNIs70sCzqvszXB4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alas! John Buttery spake thus: Oh, and of course I also sign just to keep Rob from forging my email. :) Rats! Foiled again! :) --=20 Rob 'Feztaa' Park [EMAIL PROTECTED] -- First love is only a little foolishness and a lot of curiosity, no really self-respecting woman would take advantage of it. -- George Bernard Shaw, John Bull's Other Island --SNIs70sCzqvszXB4 Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8n3xjPTh2iSBKeccRAkSrAJ0VSLf35CbGh3XWcgKxqZn6L98RYgCeNooW /JdpMYa8gF/bJYH92islQv4= =vPXG -END PGP SIGNATURE- --SNIs70sCzqvszXB4--
OT: canada sucks. [was Re: PGP signing (newbie)]
* thus spaketh Rob 'Feztaa' Park (Mar 25 at 12:31PM): I don't know that I can let you get away with that. Said in the correct accent - in fact, one of German, Switzerdutch, and most Scandinavian accents, Jussi sounds reasonably masculine to me. Well, it sounds an awful lot like Jessy to me, which is a decidedly female name in Canada. I've never heard of a man named Jessy ;) but does canada _really_ count? nah. go play with an elk :P -- timothy lupfer http://sadlittleboy.com
Re: picking on Rob (was Re: PGP signing (newbie))
Rob -- ...and then Feztaa said... % % Well, it sounds an awful lot like Jessy to me, which is a decidedly % female name in Canada. I've never heard of a man named Jessy ;) You've never heard of Jesse Ventura or Jesse James, just for starters? Sure, they're both American, but one is quite colorful in US History ... and one was an Old West gunfighter ;-) % % (that we get a lot of it here comment was a reference to the time I % assumed Rene Clerc was female, too. D'oh! ;) Yeah. It must be pick-on-Rob day. Goodie! :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg26077/pgp0.pgp Description: PGP signature
Re: OT: canada sucks. [was Re: PGP signing (newbie)]
Alas! tim lupfer spake thus: Well, it sounds an awful lot like Jessy to me, which is a decidedly female name in Canada. I've never heard of a man named Jessy ;) but does canada _really_ count? nah. go play with an elk :P Oh, _that_'s mature... -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- I'm glad I'm not bisexual. I couldn't stand being rejected by men as well as women. -- Bernard Manning msg26083/pgp0.pgp Description: PGP signature
Re: picking on Rob (was Re: PGP signing (newbie))
Rob -- ...and then Feztaa said... % % Alas! David T-G spake thus: % % Well, it sounds an awful lot like Jessy to me, which is a decidedly % % female name in Canada. I've never heard of a man named Jessy ;) % % You've never heard of Jesse Ventura or Jesse James, just for starters? % % Sure, they're both American, but one is quite colorful in US History ... % and one was an Old West gunfighter ;-) % % do americans really count? :P No, we use higher-level scripting languages to count for us. % % I was referring to people that I've actually met :P Ohhh... Well, since you're way the hell out in the middle of nowhere I'd imagine that there are only about four names that you can categorically identify as masculine or feminine. That leaves a lot of ambiguity! :-) % % -- % Rob 'Feztaa' Park % [EMAIL PROTECTED] % -- % We knew from experience that the essence of communal computing, as % supplied by remote-access, time-shared machines, is not just to type % programs into a terminal instead of a keypunch, but to encourage close % communication. % -- Dennis Ritchie % :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg26087/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
begin quoting what Rob 'Feztaa' Park said on Mon, Mar 25, 2002 at 12:31:36PM -0700: Well, it sounds an awful lot like Jessy to me, which is a decidedly female name in Canada. I've never heard of a man named Jessy ;) Jesse Owens. Jesse Ventura. Insist on the same spelling? Ok. Jessy Dixon. Canadian race car driver Jessy Cohoon. msg26088/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Will Yardley [EMAIL PROTECTED] wrote: Shawn McMahon wrote: If you object to my signatures, procmail is easily capable of routing all of my emails to /dev/null. the issue wasn't a personal accusation. you're welcome to sign (or not sign) your emails as you wish. in any event, the intent was not to start a flamewar here, or suggest that you stop signing your mails, but simply to present another opinion to the original poster. I'd just like to hear, why signing PGP for mails going to mailing lists is not so wanted thing to do? And yes, I agree 100% - let's not start a flamewar or anything. The whole thing is, that I'm a newbie to the whole Pretty Good Privacy and GnuPG, so it started to interest me, especially in email use. That's why I originally posted a question in mutt-user, as I was unable to get it working in Mutt. But yeah - what is so bad in PGP signed mails in mailing lists? -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg25963/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
* Jussi Ekholm [EMAIL PROTECTED] [2002-03-24 13:01:00 +0200]: I'd just like to hear, why signing PGP for mails going to mailing lists is not so wanted thing to do? And yes, I agree 100% - let's not start a flamewar or anything. The whole thing is, that I'm a newbie to the whole Pretty Good Privacy and GnuPG, so it started to interest me, especially in email use. That's why I originally posted a question in mutt-user, as I was unable to get it working in Mutt. But yeah - what is so bad in PGP signed mails in mailing lists? If you didn't want to start a flamewar, I'm fear, you asked the wrong question ;-) Just look in the archiv, there must be some threads discussing this question. Nicolas
Re: PGP signing (newbie)
Nicolas Rachinsky [EMAIL PROTECTED] wrote: * Jussi Ekholm [EMAIL PROTECTED] [2002-03-24 13:01:00 +0200]: But yeah - what is so bad in PGP signed mails in mailing lists? If you didn't want to start a flamewar, I'm fear, you asked the wrong question ;-) Well, that wasn't my intention at all - so, I'll withdraw my question then. :-) And I already discussed about it with one person in private, so I think things are clear now, and... Just look in the archiv, there must be some threads discussing this question. ...after I've done this, I'll be wiser. Or, then not. ;-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon
Re: PGP signing (newbie)
Alas! Jussi Ekholm spake thus: But yeah - what is so bad in PGP signed mails in mailing lists? There is nothing wrong -- the people who say it is wrong are simply heretics. Oh, you _didn't_ want to start a flamewar? Oops... ;) -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- BOFH excuse #178: Short leg on process table msg25977/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Rob 'Feztaa' Park [EMAIL PROTECTED] wrote: Alas! Jussi Ekholm spake thus: But yeah - what is so bad in PGP signed mails in mailing lists? There is nothing wrong -- the people who say it is wrong are simply heretics. Oh, you _didn't_ want to start a flamewar? Oops... ;) LOL! Well, maybe we can have just a nice and friendly /discussion/ instead of a /flamewar/? ;-) Ah well, I've decided not to use signed mails in mailing lists if there isn't any reason for me to do it. What matters, is, that PGP works with my Mutt - whole other thing is, if I use it... ;-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon
Re: PGP signing (newbie)
begin quoting what Jussi Ekholm said on Sun, Mar 24, 2002 at 09:09:42PM +0200: Ah well, I've decided not to use signed mails in mailing lists if there isn't any reason for me to do it. What matters, is, that PGP works with my Mutt - whole other thing is, if I use it... ;-) The same reasons for doing so in private mail apply to lists. The same reasons for not doing so in lists apply to private mail. What you do or don't do is your choice, but it's silly to bother turning on the capability at all if you aren't going to use it. msg25983/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Moin, * Shawn McMahon [EMAIL PROTECTED] [02-03-24 20:14]: The same reasons for doing so in private mail apply to lists. The same reasons for not doing so in lists apply to private mail. There are several things different between broadcasts and point-to-point connection, as you sure know. Thorsten -- The best leaders are those barely known to their followers; after them, those they love; after them, those they fear; after them, those they despise. - Lao Tzu
Re: PGP signing (newbie)
Shawn McMahon [EMAIL PROTECTED] wrote: The same reasons for doing so in private mail apply to lists. The same reasons for not doing so in lists apply to private mail. Yes, I know. At least this proves, that I managed to upset people with my child walk of PGP signatures (I agree, I should've selected more appropriate place for testing it for the first time); or would I get a lecture (saying it with no offense) from just joking, otherwise? My apologies, if I misinterpret your mood. What you do or don't do is your choice, but it's silly to bother turning on the capability at all if you aren't going to use it. Well, I didn't say I'm not going to use it. I will, that's for sure. It's just that I'm still introducing myself to the whole concept of PGP, how to apply it and so on. That's why it's under questioning for what I use it and for what I won't; I have a great deal of material to read through and form opinion(s) about them. Only then I can make decisions, that probably mean something. And to point it out once more; this mail wasn't written to offense you or upset you more, no. I just wanted to make my point (somewhat) clear, as well. As you know and as I mentioned, PGP is a new thing for me, so it would be foolish to start pretending that I already knew everything about it, as this is not the case. Man oh man, how my original question grew a thread of a larger measure - it wasn't my purpose, either. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon
Re: PGP signing (newbie)
begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 08:26:53PM +0100: There are several things different between broadcasts and point-to-point connection, as you sure know. Yes. For instance, there are far more people who would be impacted by a forgery. There are also far more people who would benefit from exposure to cryptographic signatures. Also, there's a longer distribution channel, and thus more opportunities for forgery. So, you're right; there's MORE reason to sign in lists than in private mail. Thanks for the correction. msg25986/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
begin quoting what Jussi Ekholm said on Sun, Mar 24, 2002 at 09:31:06PM +0200: Yes, I know. At least this proves, that I managed to upset people with my child walk of PGP signatures (I agree, I should've selected more appropriate place for testing it for the first time); or would I get a lecture (saying it with no offense) from just joking, otherwise? Not at all; you got it working, quickly, and other people will benefit from that experience. Here was a great place, IMNERHO. about it, as this is not the case. Man oh man, how my original question grew a thread of a larger measure - it wasn't my purpose, either. It's an important question. Especially in the US, where we've got a new law saying digital sigs are legally the same as paper sigs, and where we've got court cases going on that are defining the contents of emails as being equivalent to paper statements even WITHOUT digital sigs. I predict that within 18 months, we'll see a case of somebody needing to use the unsigned status of an email as a defense that they didn't write the email. This, of course, affects you less if you're not in the US. msg25987/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Hi, * Shawn McMahon [EMAIL PROTECTED] [02-03-24 20:34]: begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 08:26:53PM +0100: There are several things different between broadcasts and point-to-point connection, as you sure know. Yes. For instance, there are far more people who would be impacted by a forgery. There are also far more people who would benefit from exposure to cryptographic signatures. Also, there's a longer distribution channel, and thus more opportunities for forgery. So, you're right; there's MORE reason to sign in lists than in private mail. Thanks for the correction. I take it from this that you are in fact not interested in a discussion, but in a flame war. Have fun! Thorsten -- As long as people will accept crap, it will be financially profitable to dispense it. - Dick Cavett
Re: PGP signing (newbie)
begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 08:47:42PM +0100: I take it from this that you are in fact not interested in a discussion, but in a flame war. Have fun! I'm sorry, if you'll point out which of my statements was personally insulting to you, I'll be glad to clarify it or apologize for it. I went back over it and couldn't see anything except matter-of-factly-presented opinions, and one personal note of thanks. To what exactly did you object as being a flame? msg25990/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: Well, I didn't say I'm not going to use it. I will, that's for sure. Nah, on second thought I don't think I ever will. In fact, I can't stand the thought of having to sign all my messages! I'm deleting gnupg as we speak! Oh yeah, and I hate everybody on this list. You're all a bunch of assholes! I'm going to unsub as soon as I finish writing this! So long, suckers. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon == And this demonstrates exactly why you ought to sign all of your messages, ESPECIALLY if it's to a public list. Had Jussi been in the habit of signing all her messages, people would have noticed that this message wasn't signed, and immediately questioned it's validity.
Re: PGP signing (newbie)
* Jussi Ekholm [EMAIL PROTECTED] [2002-03-24 13:53:18 -0700]: Jussi Ekholm [EMAIL PROTECTED] wrote: Well, I didn't say I'm not going to use it. I will, that's for sure. Nah, on second thought I don't think I ever will. In fact, I can't stand the thought of having to sign all my messages! I'm deleting gnupg as we speak! Oh yeah, and I hate everybody on this list. You're all a bunch of assholes! I'm going to unsub as soon as I finish writing this! So long, suckers. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED] | o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon == And this demonstrates exactly why you ought to sign all of your messages, ESPECIALLY if it's to a public list. Had Jussi been in the habit of signing all her messages, people would have noticed that this message wasn't signed, and immediately questioned it's validity. Rob 'Feztaa' Park [EMAIL PROTECTED], I guess?
Re: PGP signing (newbie)
begin quoting what Jussi Ekholm said on Sun, Mar 24, 2002 at 01:53:18PM -0700: So long, suckers. You're an evil bastard, Fezta. :-) msg26007/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Rob 'Feztaa' Park [EMAIL PROTECTED], I guess? Yeah. I didn't cover anything like my message id's up, I didn't want to get too elaborate. I was just making a point that mail can be spoofed and signing your messages prevents this :) -- Rob 'Feztaa' Park [EMAIL PROTECTED] -- Sometimes I wonder if I'm in my right mind. Then it passes off and I'm as intelligent as ever. -- Samuel Beckett, Endgame msg26008/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
--9ADF8FXzFeE7X4jE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alas! Shawn McMahon spake thus: So long, suckers. =20 You're an evil bastard, Fezta. :-) ;D --=20 Rob 'Feztaa' Park [EMAIL PROTECTED] -- What is a magician but a practising theorist? -- Obi-Wan Kenobi --9ADF8FXzFeE7X4jE Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8nkQ8PTh2iSBKeccRAoiiAJ9ykI/cH0PJAcQOUQkYOcCcwgDW+wCgiEmU iiNtsHnOrt/aVh6JtctThTM= =bsvi -END PGP SIGNATURE- --9ADF8FXzFeE7X4jE--
Re: PGP signing (newbie)
Shawn McMahon [EMAIL PROTECTED] wrote: Jussi Ekholm said on Sun, Mar 24, 2002 at 09:31:06PM +0200: Yes, I know. At least this proves, that I managed to upset people with my child walk of PGP signatures (I agree, I should've selected more appropriate place for testing it for the first time); or would I get a lecture (saying it with no offense) from just joking, otherwise? Not at all; you got it working, quickly, and other people will benefit from that experience. Here was a great place, IMNERHO. Well, you make me blush here... ;-) I think, that what comes to my mail about the PGP with Mutt doesn't particularily benefit other people, as the thread itself wasn't that informative. Or did you mean it some other way? But still I think, that testing -- whatever it is -- shouldn't be necessarily done in a pretty high trafficed mailing list, or it could grow in big proportions. Though, this is just my opinion. And yeah, I got it working -- thanks to all the people who helped me with this issue. Especially one site, that was posted to my personal address was *very* helpful. And when one reads, reads and reads -- and then continues reading about some subject, learning is inevitable. :-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg26023/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: Nah, on second thought I don't think I ever will. In fact, I can't stand the thought of having to sign all my messages! I'm deleting gnupg as we speak! Oh yeah, and I hate everybody on this list. You're all a bunch of assholes! I'm going to unsub as soon as I finish writing this! So long, suckers. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED] | o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon == And this demonstrates exactly why you ought to sign all of your messages, ESPECIALLY if it's to a public list. Had Jussi been in the habit of signing all her messages, people would have noticed that this message wasn't signed, and immediately questioned it's validity. LOL Rob (I presume?)! Well yeah, I really am on the verge of should I or should I not. Well, I'll leave that to the higher powers. At least so far I've signed the mails I've replied which were signed in the beginning. I dunno, this is sort of a hard matter, as other people are talking strongly against (not the right word, but I hope you get my point) it and other recommend using it no matter what -- thus, one can't please everyone. But hey, that isn't possible anyway, so who knows what happens. Oh, and thank you for your kind demonstration... ;-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg26024/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: And this demonstrates exactly why you ought to sign all of your messages, ESPECIALLY if it's to a public list. Had Jussi been in the habit of signing all her messages, people would have noticed that this message wasn't signed, and immediately questioned it's validity. And to point out -- 'sed s/her/his/g'. ;-) -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel [EMAIL PROTECTED]| o menel aglar elenath! Na-chaered palan-díriel ekh @ IRCNet | o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg26026/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
--FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alas! Jussi Ekholm spake thus: LOL Rob (I presume?)!=20 Yeah that was me ;) Well yeah, I really am on the verge of should I or should I not. Next time, the spoof might not be so obvious :) Well, I'll leave that to the higher powers. At least so far I've signed the mails I've replied which were signed in the beginning.=20 That's good, for starters. Typically, I will sign every message, so long as it is being sent to a person/people who have the facilities to read the signature -- no point signing something if the person on the other end has no way of validating it and just sees it as garbage data. Oh, and thank you for your kind demonstration... ;-) You're welcome :) --=20 Rob 'Feztaa' Park [EMAIL PROTECTED] -- Consider the following axioms carefully: Everything's better when it sits on a Ritz. and Everything's better with Blue Bonnet on it. What happens if one spreads Blue Bonnet margarine on a Ritz cracker? The thought is frightening. Is this how God came into being? Try not to consider the fact that Things go better with Coke. --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8nmqVPTh2iSBKeccRAov6AJ9VGXyzxUJjnpuHUQI6ec7TFxzA5ACffgj6 St5MDLQm44nOF3VbrHqzDzE= =7/kW -END PGP SIGNATURE- --FCuugMFkClbJLl1L--
Re: PGP signing (newbie)
--KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alas! Jussi Ekholm spake thus: And to point out -- 'sed s/her/his/g'. ;-) You're a guy? Oooops! Sorry. Your name just sounds so feminine. We seem to get a lot of that here, don't we? ;) --=20 Rob 'Feztaa' Park [EMAIL PROTECTED] -- Q: How do you stop an elephant from charging? A: Take away his credit cards. --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8nrezPTh2iSBKeccRAtypAJ9D4oamIk/9qgcZBTCHipNKfFX8jACbBhbJ yrJ3YQJEl9l3NBAaSuimdrA= =5SJp -END PGP SIGNATURE- --KsGdsel6WgEHnImy--
PGP signing (newbie)
Hi! I'm using CVS Mutt 1.5.0i, and I was just recently introduced to PGP and now I'd like to assign Mutt to sign all of my outgoing mails with my personal key... I've read the manual, I've read PGP man pages and instructions, but I just can't figure what to put in: set pgp_sign_command= Any insight on this, very stupid, question (I guess :P)? -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg25940/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: Hi! I'm using CVS Mutt 1.5.0i, and I was just recently introduced to PGP and now I'd like to assign Mutt to sign all of my outgoing mails with my personal key... I've read the manual, I've read PGP man pages and instructions, but I just can't figure what to put in: Umm... as I saw my mail posted here, Mutt told me that the following data is signed and all the other PGP stuff. So - am I doing it correctly after all? :-) This whole PGP thing is a bit confusing; even as I've read instructions, advices and Mutt's manual when it comes to PGP related settings and acts... ah well, I guess I'll get the hang of it some day. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg25942/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
begin quoting what Jussi Ekholm said on Sat, Mar 23, 2002 at 11:48:28PM +0200: Umm... as I saw my mail posted here, Mutt told me that the following data is signed and all the other PGP stuff. So - am I doing it correctly after all? :-) No, you're not. Look at the contents of your mail in your sent-mail folder using cat, less, more, or something like them. You'll see that you're creating messages that have some signature headers, but no signature, just a bunch of error messages from PGP. I suggest you make use of one of the many sample files to be found on the web. The links at mutt.org will take you to several, or a simple Google search will turn up dozens more. I'd also recommend you stop trying to sign the messages until that's set up. msg25943/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Shawn McMahon [EMAIL PROTECTED] wrote: Jussi Ekholm said on Sat, Mar 23, 2002 at 11:48:28PM +0200: Umm... as I saw my mail posted here, Mutt told me that the following data is signed and all the other PGP stuff. So - am I doing it correctly after all? :-) No, you're not. Look at the contents of your mail in your sent-mail folder using cat, less, more, or something like them. You'll see that you're creating messages that have some signature headers, but no signature, just a bunch of error messages from PGP. Yeah, seemed like a bunch of hebrew to me... sigh, well - it's not easy to learn something, at least in one day. :-) I suggest you make use of one of the many sample files to be found on the web. The links at mutt.org will take you to several, or a simple Google search will turn up dozens more. I will, thank you. And I already tried, but I guess my eyes passed the parts that I should've looked. I'd also recommend you stop trying to sign the messages until that's set up. Yes, I will of course do that. I apologize greatly for the inconvenience this must/might have caused you. Just trying to learn and stuff like that. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon
Re: PGP signing (newbie)
Shawn McMahon wrote: I suggest you make use of one of the many sample files to be found on the web. The links at mutt.org will take you to several, or a simple Google search will turn up dozens more. there are also sample files that come with the mutt distribution; what's wrong with those? they've always worked for me. if you're not sure where your system put them, try doing: locate gpg.rc (or locate pgp.rc or whatever) I'd also recommend you stop trying to sign the messages until that's set up. and hopefully this won't set off a long discussion (yet again), but many believe that it's generally silly (and unnecessary) to sign posts to a public mailing list most of the time. -- Will Yardley input: william hq . newdream . net .
Re: PGP signing (newbie)
begin quoting what Will Yardley said on Sat, Mar 23, 2002 at 02:32:41PM -0800: and hopefully this won't set off a long discussion (yet again), but many believe that it's generally silly (and unnecessary) to sign posts to a public mailing list most of the time. Many believe the Earth is flat, that aliens abduct farmers and dissect cows, and that when the rich get richer the poor get poorer. I assume no responsibility for correcting their lack of understanding, nor for saving their delicate sensibilities. If you object to my signatures, procmail is easily capable of routing all of my emails to /dev/null. msg25946/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Shawn McMahon wrote: begin quoting what Will Yardley said on Sat, Mar 23, 2002 at 02:32:41PM -0800: and hopefully this won't set off a long discussion (yet again), but many believe that it's generally silly (and unnecessary) to sign posts to a public mailing list most of the time. Many believe the Earth is flat, that aliens abduct farmers and dissect cows, and that when the rich get richer the poor get poorer. I assume no responsibility for correcting their lack of understanding, nor for saving their delicate sensibilities. well i was stating an *opinion* (and i didn't even say that it was _my_ opinion). i think most (reasonable) people would agree that saying the earth is flat would be a factual distortion and not an opinion. If you object to my signatures, procmail is easily capable of routing all of my emails to /dev/null. the issue wasn't a personal accusation. you're welcome to sign (or not sign) your emails as you wish. in any event, the intent was not to start a flamewar here, or suggest that you stop signing your mails, but simply to present another opinion to the original poster. i think you're taking my message a little too personally. -- Will Yardley input: william hq . newdream . net .
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: Shawn McMahon [EMAIL PROTECTED] wrote: I suggest you make use of one of the many sample files to be found on the web. The links at mutt.org will take you to several, or a simple Google search will turn up dozens more. I will, thank you. And I already tried, but I guess my eyes passed the parts that I should've looked. I was just wondering if it looks ok now? At least the test message I sent to myself gave a positive result... I am *very* sorry to post these test messages on a public, and high traffic mailing list; my excuse is, that I'll do it just this once... sorry, really. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon
Re: PGP signing (newbie)
Moin, * Shawn McMahon [EMAIL PROTECTED] [02-03-24 00:03]: begin quoting what Will Yardley said on Sat, Mar 23, 2002 at 02:32:41PM -0800: and hopefully this won't set off a long discussion (yet again), but many believe that it's generally silly (and unnecessary) to sign posts to a public mailing list most of the time. Many believe the Earth is flat, that aliens abduct farmers and dissect cows, and that when the rich get richer the poor get poorer. I assume no responsibility for correcting their lack of understanding, nor for saving their delicate sensibilities. That was a really sensible response. I'm glad you did your best to prevent the aforementioned long discussion. If you object to my signatures, procmail is easily capable of routing all of my emails to /dev/null. I don't use Procmail. What now? Thorsten -- Das Briefgeheimnis sowie das Post- und Fernmeldegeheimnis sind unverletzlich. - Grundgesetz, Artikel 10, Abs. 1
Re: PGP signing (newbie)
begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 12:47:14AM +0100: If you object to my signatures, procmail is easily capable of routing all of my emails to /dev/null. I don't use Procmail. What now? The Lord helps those who help themselves. msg25951/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Jussi Ekholm [EMAIL PROTECTED] wrote: I was just wondering if it looks ok now? At least the test message I sent to myself gave a positive result... I am *very* sorry to post these test messages on a public, and high traffic mailing list; my excuse is, that I'll do it just this once... sorry, really. ARGH! Of course I forgot to sign it. :-/ As I said, I am very, very sorry for all the inconvenience and waste of bandwith from my behalf. I hope I doesn't end up in everyone's killfile... trying to learn something new, which is totally unknown to you is hard - well, I guess I'll get there sometime. -- Jussi Ekholm | A Elbereth Gilthoniel, silivren penna míriel i Adanedhel| o menel aglar elenath! Na-chaered palan-díriel [EMAIL PROTECTED]| o galadhremmin ennorath, Fanuilos le linnathon http://ekhowl.goa-head.org | nef aear, sí nef aearon msg25952/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
begin quoting what Jussi Ekholm said on Sun, Mar 24, 2002 at 01:52:56AM +0200: ARGH! Of course I forgot to sign it. :-/ As I said, I am very, very sorry for all the inconvenience and waste of bandwith from my behalf. I hope I doesn't end up in everyone's killfile... trying to learn something new, which is totally unknown to you is hard - well, I guess I'll get there sometime. The signature appears properly formed. However, your key isn't on the public keyservers, so we can't really check the signature. Try submitting it at http://wwwkeys.us.pgp.net, it will propogate out from there. msg25953/pgp0.pgp Description: PGP signature
Re: PGP signing (newbie)
Hi, * Shawn McMahon [EMAIL PROTECTED] [02-03-24 00:59]: begin quoting what Jussi Ekholm said on Sun, Mar 24, 2002 at 01:52:56AM +0200: ARGH! Of course I forgot to sign it. :-/ As I said, I am very, very sorry for all the inconvenience and waste of bandwith from my behalf. I hope I doesn't end up in everyone's killfile... trying to learn something new, which is totally unknown to you is hard - well, I guess I'll get there sometime. The signature appears properly formed. However, your key isn't on the public keyservers, so we can't really check the signature. Let's not forget that your key is worthless unless signed by somebody we know already. Thorsten -- Fear leads to anger. Anger leads to hate. Hate leads to using Windows NT for mission-critical applications.
Re: PGP signing (newbie)
begin quoting what Thorsten Haude said on Sun, Mar 24, 2002 at 01:23:57AM +0100: Let's not forget that your key is worthless unless signed by somebody we know already. Not entirely worthless. For instance, if you receive lots of emails from me in lots of fora, all signed, then you may consider my identity established enough for your purposes, and choose to local-sign my key, and thus detect any later forgery. It wouldn't do to rely upon that for too many things, but it certainly serves for establishing that, say, the [EMAIL PROTECTED] who responds to you in debian-user is the same one who responds in this list. That's one reason I sign everything. If you do that, make sure you local-sign, not sign for export. The latter would be a big no-no. The gpg and pgp documention goes into these subjects in depth, IIRC. msg25955/pgp0.pgp Description: PGP signature
