Re: [PLUG] Re: BusinessWeek Article: Linux Inc

[jason@nocks.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> You said:
>
>>Tom Diehl wrote:
>
>>> <RANT>
>>> Sorry for the lack of quoting. Quoting was lost due to the OP need
>>> > to pgp sign a message to a public mailing list. Why I will never
>>> understand but...
>>> </RANT>

My understanding is that people are *encouraged* to sign emails on this
particular list if they wish to do so. Tom, your messages are the first
I'm aware of attempting to discourage someone from doing this. I'm quite
surprised by your persistence with trying to get Eugene to stop signing
his messages.

<snip>

>>Authentication - Is this person who they say the are? Conversely,
>>non-repudiation is included in this. Someone who signed a message
>>can't say that they didn't send it since it is signed with their key.
>
> Same answer as above.
>
>>You could turn around, fabricate a story and say that someone hacked
>>your email account add sent the above message without your knowing
>>it. It's unsigned no one could prove otherwise. I can't; mine is
>>signed. As are most of my messages in the archives of this list.
>
> So if someone else sent the link to the list instead of me, I would have
> been harmed how? Look at 99% of the information sent to this list.
> Does it really matter who sent it??

Please lighten up a little. If there's one list that I subscribe to where
I expect to see a lot of PGP signatures, this is it. Why single out
Eugene? What about everyone else that signs their messages on this list?
It may not be the majority, but it's certainly not unusual.

Personally (from my home email account anyway), I try to sign *ALL* of my
email. That way, if you see an email claiming to be from me, and it's not
signed, you already know it's probably not really from me.

Also, some people sign email messages on this list (and elsewhere) to
raise awareness of issues surrounding forged email addresses, etc. Not
because it is essential to cryptographically verify the sender of each and
every message on this particular list.

Found this quote with a quick search on google:

(From "Michael Leone" <turgon@mike-leone.com> at
http://lists.netisland.net/archives/plug/plug-2003-01/msg00156.html)

"PLUG is a very cryptographically aware LUG (that means we try and do
regular PGP/GPG keysignings among our members, and encourage it's use
:-). If you would like participate in a PLUG keysigning, please see the
directions at  http://www.phillylinux.org/keys/participate.html.";

Oh, I get it. You were just playing devils advocate, trying to get people
interested in the next keysigning, right?

<snip>

>>You CAN give me grief, however, about the fact that I double signed
>>the message (which I try not to do). The message has an
>>S/MIME sig that I usually don't send to mailing lists due to the size
>>of S/MIME which sends a copy of the public with every message.
>
> :-)
>
> If there was information being posted here that it was important to
> know exactly where it came from, then I would agree it should be signed.
> However when someone posts information to a list like this, IMO the
> information
> is what is important, not knowing the exact source. The link I furnished
> earlier today is a classic point. Even if I signed the message you really
> do not know who I am, yet you were able to verify the information I
> furnished
> by actually looking at the link itself.

Some might want to verify the sender prior to blindly clicking on a link.
It doesn't take a lot of thought to come up with some examples. I get
several hundred in my email every day. Occasionally these even make it to
the PLUG list. Thankfully not recently. But, this is really not the main
point.

> Just my $.02

> Regards,
>
> Tom Diehl  tdiehl@rogueind.com  Spamtrap address mtd123@rogueind.com

Also, sorry to hear that signing emails inconvenienced you. Perhaps a more
productive discussion would involve trying to help you work more
productively with signed emails, or to make signed emails less problematic
for others.

If you'd like to discuss the trouble you ran into, please feel free to
post some additional info on your configuration, etc.

Regards,
Jason Nocks


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB+UQq3CryLfCgqRkRAn8QAJ4mZBUzAWG01vRpp0CMrr0PHqBExQCfZAu+
vewtSajo4y9T88rG+vvfBCQ=
=/Jzf
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug