> No, [GPG] is not flawed, either, anymore than a wrench
> is "flawed" because it makes a lousy screwdriver.
Right. Funny - this all reminds me of the time when
my little sister and I were presented with a pair
of walkie-talkies. Our parents were initially pleased
to see how much fun we had u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
Derek,
On your key I get
Signature made Mon 30 Dec 2002 01:19:00 PM EST using DSA key ID DFBEAD02
Good signature from "Derek D. Martin <[EMAIL PROTECTED]>"
WARNING: This key is not certified with a trusted s
> On Mon, 30 Dec 2002, at 8:10am, [EMAIL PROTECTED] wrote:
> [commentary about non-repudiation not being possible on the Internet]
>> This was EXACTLY my point as to why GPG/PGP for signing email is
>> currently
>> flawed the way it works now.
>
> No, it is not flawed, either, anymore than a wren
On Mon, 30 Dec 2002, at 8:10am, [EMAIL PROTECTED] wrote:
[commentary about non-repudiation not being possible on the Internet]
> This was EXACTLY my point as to why GPG/PGP for signing email is currently
> flawed the way it works now.
No, it is not flawed, either, anymore than a wrench is "flawe
This was EXACTLY my point as to why GPG/PGP for signing email is
currently flawed the way it works now.
> Case in point: This discussion originated as a discussion
> about using digital signatures to counter spam. Since
> digital signatures, on today's Internet, are relatively
> uncommon, th
On Sat, 28 Dec 2002, at 11:06pm, [EMAIL PROTECTED] wrote:
> Like everything else pertaining to information assurance, it's a matter of
> risk management.
That is exactly my point. :-)
The more I deal with the world, the more I think that the word "security"
is inherently misleading. I agr
On Sun, 29 Dec 2002, at 10:24pm, [EMAIL PROTECTED] wrote:
>> That is rather missing the point. The reason non-repudiation is desired
>> is that it means one cannot say, "I never sent that."
>
> No, that's only one reason. The other reason is to say, "we can prove
> that you sent this."
No, th
On Sat, 28 Dec 2002, at 9:56pm, [EMAIL PROTECTED] wrote:
> They do provide one-way non-repudiation... in the case the mail was
> signed.
That is rather missing the point. The reason non-repudiation is desired
is that it means one cannot say, "I never sent that." Discretionary signing
means one
> You should probably ask what is meant by that before you rush
> to such conclusions... In two messages in this thread you
> seem in quite a hurry to bash PGP... The key servers are not
> a security risk to PGP users or "broken" in any serious sense
> (that I'm aware of). However most of th
> I'm guessing that you don't really understand how OpenPGP
> works; the keyservers are *NOT* trusted, so problems with the
> keyservers do not affect the operation of GPG or PGP, except
> that it may make it harder to obtain a copy of someone's key.
I understand that the keyservers are not tru
On Sat, Dec 28, 2002 at 09:59:46PM -0500, Travis Roy wrote:
> > My public key is available from my web site as well, if only
> > Outlook would show all the headers (or does it now?). Hence
> > the reason why I asked if I should publish it on the
> > keyservers or leave it on my web site.
>
> O
D]>; Sat, 28 Dec 2002 20:52:53 -0500
Received: from mkomarinski by shaft with local (Exim 3.35 #1 (Debian))
id 18SSd9-00019J-00; Sat, 28 Dec 2002 20:52:43 -0500
Date: Sat, 28 Dec 2002 20:52:43 -0500
From: Mark Komarinski <[EMAIL PROTECTED]>
To: Travis Roy <[EMAIL PROTECTED]>
Cc
On Sat, Dec 28, 2002 at 03:32:25PM -0500, mike ledoux
<[EMAIL PROTECTED]> wrote:
> Your key wasn't on any of the keyservers, but I've got mutt
> configured to grab keys from certain URLs in the headers so getting
> your key wasn't a problem for me.
Neat trick. How do you do that?
-- Roger
--
Ro
On Sat, Dec 28, 2002 at 04:17:49PM -0500, Travis Roy wrote:
> > and Outlook users will not be able
> > to read the message at all.
>
> I use Outlook (the one with OfficeXP) and it came up fine, just had an
> attachment that some people might be scared of
Bah. ;)
> > My recommendation is to p
> and Outlook users will not be able
> to read the message at all.
I use Outlook (the one with OfficeXP) and it came up fine, just had an
attachment that some people might be scared of
> My recommendation is to publish your key to
> 'keyserver.kjsl.com', which is currently the least broken k
> Isn't one of the points of GPG to validate that the person
> you're talking to is really who they say they are? GPG
> allows me to do that, by signing my e-mails. If it's not
> signed, then it's not from me.
I used pgp for a while and I actually found it more of a hassle
explaining to peopl
On Sat, 28 Dec 2002, at 2:08pm, [EMAIL PROTECTED] wrote:
>> It validates that the sender had access to your private key. Presumably,
>> only you have access to your key, but even that is far from a given in
>> anonymous communications.
>
> They'd also need your pass phrase. They'd need your pri
[EMAIL PROTECTED] wrote:
On Sat, 28 Dec 2002, at 1:45pm, [EMAIL PROTECTED] wrote:
Isn't one of the points of GPG to validate that the person you're talking
to is really who they say they are?
It validates that the sender had access to your private key. Presumably,
only you have access to y
On Sat, 28 Dec 2002, at 1:45pm, [EMAIL PROTECTED] wrote:
> Isn't one of the points of GPG to validate that the person you're talking
> to is really who they say they are?
It validates that the sender had access to your private key. Presumably,
only you have access to your key, but even that is
On Sat, 28 Dec 2002, at 1:37pm, [EMAIL PROTECTED] wrote:
>> So some fsckwad is using my good name to send spam. Either that,
>> or there's a new spam going around that just says 'fuck you'.
>
> Fascinating. Why would anybody do such a thing to you?
Spammers often spoof the 'From' header to b
On Sat, Dec 28, 2002 at 01:37:22PM -0500, Michael O'Donnell wrote:
>
>
> > So some fsckwad is using my good name to send spam. Either that,
> > or there's a new spam going around that just says 'fuck you'.
>
> Fascinating. Why would anybody do such a thing to you? Do you
> have enemies? Wher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
Mark Komarinski <[EMAIL PROTECTED]> writes:
> 1) Can you read this?
Yes, I can read your message, but exmh was unable to auto-fetch your key;
I had to do that by hand and then import it into my keyring.
> So some fsckwad is using my good name to send spam. Either that,
> or there's a new spam going around that just says 'fuck you'.
Fascinating. Why would anybody do such a thing to you? Do you
have enemies? Where can one see an example of the forgery?
> So, time to start signing with GPG so
So some fsckwad is using my good name to send spam. Either that, or
there's a new spam going around that just says 'fuck you'.
So, time to start signing with GPG so at least I know when I sent something,
and the rest of you do, too. I've got mutt set up on my home machine and
have GPG set up wit
24 matches
Mail list logo
