Re: gpg/pgp noise
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
08.05.2012 15:47, Indulekha kirjoitti:
> On Tue, May 08, 2012 at 03:41:40PM +0300, Mika Suomalainen wrote:
> 08.05.2012 15:38, Indulekha kirjoitti:
>>>> On Tue, May 08, 2012 at 03:05:30PM +0300, Mika Suomalainen
>>>> wrote: 08.05.2012 15:03, Indulekha kirjoitti:
>>>>>>> On Tue, May 08, 2012 at 03:00:16PM +0300, Mika
>>>>>>> Suomalainen wrote: 08.05.2012 14:57, Indulekha
>>>>>>> kirjoitti:
>>>>>>>>>> On Tue, May 08, 2012 at 02:53:30PM +0300, Mika
>>>>>>>>>> Suomalainen wrote: 08.05.2012 14:45, Jochen
>>>>>>>>>> Spieker kirjoitti:
>>>>>>>>>>>>> Indulekha:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> No, I think you may have an incorrect or
>>>>>>>>>>>>>> incomplete configuration....
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is inline vs. MIME:
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://www.phildev.net/pgp/pgp_clear_vs_mime.html
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>
>>>>>>>>>>>>>
J.
>>>>>>>>>>
>>>>>>>>>> And that page forgets the problems in MIME.
>>>>>>>>>>
>>>>>>>>>> PGP/MIME requires headers, message and the
>>>>>>>>>> signature.asc to be verified. Some mailing list
>>>>>>>>>> programs mess up with the headers and this way
>>>>>>>>>> make PGP/MIME signatures unverifiable.
>>>>>>>>>>
>>>>>>>>>> In INLINE, the signature is in message and it
>>>>>>>>>> doesn't require headers to be verified so it's
>>>>>>>>>> harder to be messed up by mailing list software.
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Well, all I know is that Jochen Spieker is able
>>>>>>>>>> to use it without being intrusive.... Maybe you
>>>>>>>>>> should try to follow his example? :)
>>>>>>>
>>>>>>> If I used PGP/MIME, my signatures couldn't be verified
>>>>>>> on Ubuntu mailing lists (I am on 5 of them if I recall
>>>>>>> correctly), nor Enigmail mailing list nor gnupg-user
>>>>>>> mailing lists nor many others. This is small list of
>>>>>>> those MLs, which I mean with
>>>>>>> http://mkaysi.github.com/PGP/Clearsigning.html .
>>>>>>>
>>>>>>>
>>>>>>> I see... so the people on the *proper* msiling lists
>>>>>>> will just have to suffer then, eh? :\
>>>>>>>
>>>>
>>>> I don't understand how those other mailing lists are
>>>> inproper.
>>>>
>>>>>
>>>>>
>>>>
>>>> They don't support the considerate version of gpg/pgp. Now
>>>> that I know that people using this actually have a choice and
>>>> choose to be rude, it does make it rather tempting to set up
>>>> an autoresponder and filter to nag them...
>
> Note that gnupg mailing lists are also affected and they aren't
> lists themselves, the problem is in mailing list software. I think
> that they all use GNU Mailman, which is very popular among mailing
> lists.
>
> People don't have a choice if they are on mailing lists, which
> force this by having this bug, but do as you want.
>
>>
>>
>> -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org Archive:
>> [🔎] 4FA91484.6050505@hotmail.com">http://lists.debian.org/[🔎] 4FA91484.6050505@hotmail.com
>>
>
> There is always a choice --for instance you have the choice to only
> sign the maill to those lists.
>
And if someone spoofs email from my address to this list and it's
unsigned and my messages to this list are always unsigned, I cannot
say that I always sign my emails and that isn't sent by me.
- --
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPqRpsAAoJEE21PP6CpGcokcEQAKSyKa7RyDevQA4a7Na+wX4y
Gju/qk+6JZ4G2+Yi8v6fvz7QPbQdNz+Ef38we6pDAiPoNqziDsSPPR3wjj6gIwG/
G1pBhNDwpI1B9UnFNV4HAck7A3swdJA6JP1UtNEybSrA90OZx0nyn8FGlayFq5Lz
V2QG6KlBcGNLP0aGQLcGhHJGKpowRn0M+Jbxxhp5d9sTdz57pqlsAKml64NR50Pt
VQNtIsYBCoyNyRX0rvCjd6WAc0+THIgNTPQ2Bz4VPaGzfgP1XdESSvL81q+03+N8
oQPq9E1S/4ECaPuYC6ORZ2TsEv20NzNDi8YXMeGMZhIf8cIk9rCFiGdOgCCTnQ1v
hFgLXCHASgIrT0lRnznbWe1hVIjF6nFno44FNIGH6rmAgroyjYtJO1OJ3gM8lQdv
FsRNlzHi/LhkKrL5OPwJ5fLGlmojCtsT/hKFt1yGRNH11lcLLnaQocQuO0PfT4yb
qVnblpXVbLFlYjWWMuXA0BukV6zzKW6OT5HmJF46gbNDHsmgIjIoS1//DT8bJ7+u
3AJOCAO5QVBOEjvNeGeA8EFe/BShQEy4OJW/kIaXNDU90SFYR3v9pvzMntOta9kY
WzGAtMW6pa1anFKHLj72alYOn7hRW1NjscO1dkVB6cTdTiq0E1fTlHgnZamFBUy3
PAkEkWFzCP/Z7zEGyz/6
=lkYs
-----END PGP SIGNATURE-----
Reply to: