Re: pgp signing in van

hi Hector, Peter, all,

On 9 Sep 2013, at 1:09, Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:


On 9/8/2013 6:21 PM, Peter Saint-Andre wrote:

On 9/8/13 3:50 PM, Ted Lemon wrote:


What's the upside to signing my email?   I know why I want
everybody I know to sign my email, but what's the upside for me if
I do it? Until there's a clear win, it's not going to happen.


There are two that I see:

1. Since it's quite easy to send faked messages (and I have seen that
done on public lists in an effort to embarrass or impugn the sender),
signing one's messages makes it clear that the message really came
from you.

2. Signing one's messages is a way of advertising that one is capable
of engaging in encrypted communication. (This might not be a welcome
analogy, but it's kind of like open carry for encryption.)

Peter


But until the MUAs across the board support it out of the box, I believe most 
people don't know about it or know what it means.  See attached small snippet 
showing the "Message Security Info" of your message according to the 
Thunderbird MUA.

I don't think we can even establish a standard practice with PGP and others, 
including with the recent standardized DKIM.  Where is the BCP for the MUAs, 
MDAs, MSAs?

There will always be victims (users with MUAs) who don't support this or 
that, but I think the IETF can finally begin considering ideal product 
development concepts for vendors to follow.


A first step -- and a way to get over the "but nobody I communicate with 
signs/encrypts" chicken-and-egg problem -- is actually using the tools 
ourselves. In a larger sense, if we're going to talk seriously about adding 
surveillance resistance to the criteria for a "better Internet", the more of us 
use these tools, the more likely we are to make useful recommendations for 
usage and management of these technologies.

This is the reason I've started using GPG again ten years after the last use of 
my old key. I must say at least that GPGMail (on the Mac) has gotten _much_ 
better in the intervening decade.

Best regards,

Brian

signature.asc
Description: Message signed with OpenPGP using GPGMail

<Prev in Thread]	Current Thread	[Next in Thread>
Re: pgp signing in van, (continued) Re: pgp signing in van, Hector Santos Re: pgp signing in van, Peter Saint-Andre Re: pgp signing in van, Cyrus Daboo Re: pgp signing in van, Peter Saint-Andre Re: pgp signing in van, Richard Barnes Re: pgp signing in van, Scott Brim Re: pgp signing in van, t.p. Re: pgp signing in van, Ted Lemon the evil of html was Re: pgp signing in van, t.p. Re: [IETF] Re: pgp signing in van, Warren Kumari Re: pgp signing in van, Brian Trammell <= Re: pgp signing in van, David Conrad Re: pgp signing in van, Måns Nilsson RE: pgp signing in van, l.wood Re: pgp signing in van, Måns Nilsson Re: pgp signing in van, Peter Saint-Andre Re: pgp signing in van, John Levine Re: pgp signing in van, Michael Richardson Re: pgp signing in van, Ted Lemon Re: pgp signing in van, Anshuman Pratap Chaudhary What real users think [was: Re: pgp signing in van], Brian E Carpenter