On Sat, 2003-02-15 at 15:01, Evan McNabb wrote: > About a week ago I started to automatically sign all my outgoing mail with > gpg. Most computer literate people don't have many problems with this. If > there's a pgp signed message and they don't use pgp, they just ignore it. I've > found that it has confused the heck out of several of my non-geeky associates. > Has anyone else run into this problem?
No. I don't communicate with non-geeky people. :-P In all seriousness, I do get an occasional question (my mom just asked me about that yesterday). I'm thinking about drafting up an auto-response that you can cut and paste when people ask. Heck, why don't we draft one right now? --- The segment of my e-mail messages with the name ``signature'' in it is a PGP signature. It is as trivial to forge the sender of an e-mail as it is to forge the return address on a mailed envelope. For example, some computer viruses that exploit security vulnerabilities in the Microsoft Outlook e-mail application can cause people who have my e-mail address in their address books to inadvertently send out forged e-mails with viruses in them that appear to be sent by me. By applying a PGP signature to every message I send, I can give reasonable assurity to the recipients of my e-mail messages that I am indeed the originator of that e-mail. By authenticating every e-mail message I send out with a PGP signature, I can protect myself from such attempts at identity theft. Unencrypted e-mail messages are equivalent to postcards. Anyone who has the responsibility of delivering the message can intercept and read its contents. Law enforcement officials and system administrators routinely scan and read e-mail messages. If you ever need to send information that is confidential, then you should encrypt the message with PGP before sending it. This will ensure that only your intended recipient will be able to decrypt and read your message. One popular tool that can verify and create signatures and encrypt and decrypt messages is Gnu Privacy Guard (GnuPG). If you wish to verify the signatures that I attach to my e-mail messages, then visit <http://www.gnupg.org> to download the tools for your platform and mail client. Then, obtain my public key from any PGP publick key server, such as <pgp.mit.edu>. For more information, read the GnuPG Mini HowTo at <http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto.html>. Mike -- ---------------------------------------- | ------------------------ Michael Halcrow | [EMAIL PROTECTED] Research Assistant, Network Security Lab | Dept. of Comp. Science | Brigham Young University By reading this you are agreeing not to | read this. | ---------------------------------------- | ------------------------ GnuPG Keyprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
signature.asc
Description: This is a digitally signed message part
