[PLUG] Re: (forw) Re: Thanks for the PGP signature files

AthlonRob AthlonRob at data.lm.ro
Mon Dec 2 23:20:25 UTC 2002 

On Mon, 2002-12-02 at 14:37, Patrick Beart wrote:

> <facetious comment>
> ----------------
> 	With so MANY MUA's out there that are fully compliant with 
> the relevant RFC's, -- and which won't separate your silly (and 
> egotistical, IMO) GPG  signatures into text files attachments, -- 
> it's SO EASY to avoid this nasty issue. Heck, ... Eudora, MS Outlook 
> express, MS Outlook - I wonder how many E-mail programs out there 
> DON'T separate these PGP/GPG "signatures" into text file attachments. 
> Must be only Linux MUA's that don't, huh?!
> 	Perhaps you smug Linux "gurus" can enlighten the rest of us 
> poor, ignorant slobs as to how to avoid having to delete these (your) 
> unnecessary files on a daily basis? After all, I'm sure that EVERYONE 
> wants to spend at least half of their waking hours converting their 
> entire computing experience to (exclusively) Linux, so that we can be 
> just as smug as you are.   ;-)
> ----------------
> </facetious comment>

Gee, it sure is nice to see people who have such a strong grasp of the
concepts and reasoning behind PGP in general.

GPG signatures... egotistical, silly, smug?

You put your name in each of your emails to the list.  How is that
really different?  Many people append a few more bytes to their posts to
*prove* they are who they say they are.  Is this small extra token
really so silly, smug, and egotisitical?

PGP/MIME is *the right way* to do PGP signatures, which are a good thing
in general.  If you insist on using a stupid mail program, why should it
hold the rest of us back?

> 	Seriously, though, I made my requests about this PRIVATE to 
> the individuals (offenders?) involved, and off-list. Sorry to hear 
> (read) that it didn't stay that way.

I don't like it when off-list things are taken on-list, either....

> 	In the spirit of all of us - with diverse OS's and experience 
> levels - getting along, you guys COULD easily just append a KEY file 
> to the E-mail, and not a full signature.
> 	I began using PGP in 1996, so I know that this can be done, 
> and accomplish your goal of ensuring that NO ONE mistakes your E-mail 
> messages as anything but authentic and coming from you.     :-/

You aparently have no understanding of PGP.  That is sad if you've
really been using it since 1996.

Simply appending a key to the email does *nothing* to prove you are who
you say you are.  A key is a static thing - it does not change depending
on what is in the email.  A signature, on the other hand, is created
with the private key and the message.  If you change one byte in the
email, the signature would change... and since only the private key can
generate the signature, somebody else cannot just willy-nilly change the
signature to match the edited message.  Hence, PGP signing verifies the
message you received was indeed written and signed by the person who
signed it....

I think maybe what your problem is with is actually PGP/MIME, not PGP
itself.  PGP/MIME is a way of signing emails or any other MIME
messages... it uses MIME and is the 'right way' to sign an entire email,
attachments and all.  Some stupid mail clients can't properly utilize
it, though... lookOut Express being one of them.  I know from
experience, though, that you can just view an attachment without
permanently saving it somewhere on your hard disk.

Plaintext PGP is harder to do, depending on the mail client.  The
developers of Evolution, for example, decided that PGP/MIME was the
*only way* to do it, so they do not recognize nor support plain PGP
singing.

Since PGP/MIME is the right way to do it, it would make more sense for
those clients that don't properly render it to fix themselves than for
those clients which only support it to start doing things the old
fasioned way.

To sum it up, Pat:  Get a clue.  PGP helps identify that you are who you
say you are, not show your smugness.  PGP/MIME is the right way to do
things, so it makes no sense for people to revert to doing things the
old way because a few folks with stupid mail cilents cannot easily view
the messages.

-- 
Rob                                |  If not safe,
Email and Jabber:                  |    one can never be free.
athlonrob at data dot 4t3 dot com  |

More information about the PLUG mailing list