|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] PGP Signatures Was: Re: BusinessWeek Article: Linux Inc
|
On Thu, 27 Jan 2005 jason@nocks.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > You said:
> >
> >>Tom Diehl wrote:
> >
> >>> <RANT>
> >>> Sorry for the lack of quoting. Quoting was lost due to the OP need
> >>> > to PGP sign a message to a public mailing list. Why I will never
> >>> understand but...
> >>> </RANT>
>
> My understanding is that people are *encouraged* to sign emails on this
> particular list if they wish to do so. Tom, your messages are the first
> I'm aware of attempting to discourage someone from doing this. I'm quite
> surprised by your persistence with trying to get Eugene to stop signing
> his messages.
I am not trying to stop Eugene or anyone else. If you read my original
rant above I said "Why I will never understand" He just happened to send
the message I tried to reply to. When I hit the reply key I cannot include
a PGP signed message without cutting and pasting the content of the original
message. I do not get the quoting automatically. As I said in my previous
message, if it was important to verify the source of the information posted
to this list, then I would have not said anything. IMO it is not. Even if
a message is signed I still, for the most part do not know anything about
where it came from, nor is it important.
> <snip>
>
> >>Authentication - Is this person who they say the are? Conversely,
> >>non-repudiation is included in this. Someone who signed a message
> >>can't say that they didn't send it since it is signed with their key.
> >
> > Same answer as above.
> >
> >>You could turn around, fabricate a story and say that someone hacked
> >>your email account add sent the above message without your knowing
> >>it. It's unsigned no one could prove otherwise. I can't; mine is
> >>signed. As are most of my messages in the archives of this list.
> >
> > So if someone else sent the link to the list instead of me, I would have
> > been harmed how? Look at 99% of the information sent to this list.
> > Does it really matter who sent it??
>
> Please lighten up a little. If there's one list that I subscribe to where
> I expect to see a lot of PGP signatures, this is it. Why single out
> Eugene? What about everyone else that signs their messages on this list?
> It may not be the majority, but it's certainly not unusual.
Sorry, I was not trying to pick on anyone. As I said above Eugene just happened
to post to a message that I tried to reply to. I did not intend to offend
anyone nor did it say it was unusual.
> Personally (from my home email account anyway), I try to sign *ALL* of my
> email. That way, if you see an email claiming to be from me, and it's not
> signed, you already know it's probably not really from me.
>
> Also, some people sign email messages on this list (and elsewhere) to
> raise awareness of issues surrounding forged email addresses, etc. Not
> because it is essential to cryptographically verify the sender of each and
> every message on this particular list.
>
> Found this quote with a quick search on google:
>
> (From "Michael Leone" <turgon@mike-leone.com> at
> http://lists.netisland.net/archives/plug/plug-2003-01/msg00156.html)
>
> "PLUG is a very cryptographically aware LUG (that means we try and do
> regular PGP/GPG keysignings among our members, and encourage it's use
> :-). If you would like participate in a PLUG keysigning, please see the
> directions at http://www.phillylinux.org/keys/participate.html.";
>
> Oh, I get it. You were just playing devils advocate, trying to get people
> interested in the next keysigning, right?
:-)
Actually, I am really trying to understand the point. If people are doing
it because they can, so be it. I do not really expect to get anyone to
change their mind.
Back when I started doing this kind of thing the rule was, use text only
for mailing lists. That way, it is easy for the people you would like to get
help from, to reply to your message. In addition, There are still large parts
of the world who actually pay for bandwidth. I doubt that there are many
subscribers to this list that are outside the U.S. but who knows. It seems
that rule has gone by the wayside on this list in favor of PGP signatures.
> <snip>
>
> >>You CAN give me grief, however, about the fact that I double signed
> >>the message (which I try not to do). The message has an
> >>S/MIME sig that I usually don't send to mailing lists due to the size
> >>of S/MIME which sends a copy of the public with every message.
> >
> > :-)
> >
> > If there was information being posted here that it was important to
> > know exactly where it came from, then I would agree it should be signed.
> > However when someone posts information to a list like this, IMO the
> > information
> > is what is important, not knowing the exact source. The link I furnished
> > earlier today is a classic point. Even if I signed the message you really
> > do not know who I am, yet you were able to verify the information I
> > furnished
> > by actually looking at the link itself.
>
> Some might want to verify the sender prior to blindly clicking on a link.
> It doesn't take a lot of thought to come up with some examples. I get
> several hundred in my email every day. Occasionally these even make it to
> the PLUG list. Thankfully not recently. But, this is really not the main
> point.
>
> Also, sorry to hear that signing emails inconvenienced you. Perhaps a more
> productive discussion would involve trying to help you work more
> productively with signed emails, or to make signed emails less problematic
> for others.
>
> If you'd like to discuss the trouble you ran into, please feel free to
> post some additional info on your configuration, etc.
I am using pine. AFAIK without patching and recompiling it, pine does not
know what to do with PGP. I have not looked at this in a long time so things
might have changed.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFB+UQq3CryLfCgqRkRAn8QAJ4mZBUzAWG01vRpp0CMrr0PHqBExQCfZAu+
> vewtSajo4y9T88rG+vvfBCQ=
> =/Jzf
> -----END PGP SIGNATURE-----
Now this is the most interesting part of this message. How is your signature
different from what Eugene and others use. This message was quoted properly in
pine, yet I changed nothing.
Regards,
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|